Which type of evidence helps incident responders build a timeline of an attack?

Building a timeline of an attack is crucial for understanding the sequence of events during an incident. Social networks can provide invaluable evidence in this regard because they often contain timestamps and location data associated with user activities, posts, and interactions. By analyzing the content shared on social media platforms, incident responders can trace the movements and actions of individuals or entities involved in an attack.

For instance, social network activity may reveal when a suspicious post was made or when certain individuals were last active online, which helps responders create an accurate chronological account of the incident. This timeline can also include interactions that led up to the attack or responses made by various parties after the incident, contributing critical context to the investigation.

The other options do not directly relate to constructing a timeline of an attack. Job services primarily involve employment-related activities, financial services focus on monetization and transactions, while online location tracking deals with GPS and geolocation data but may not provide a comprehensive chronological context for an incident as effectively as social networks.