While Roger Duronio was the one being charged with four federal crimes in U.S. District Court, security administrators at UBS PaineWebber may have felt like they were on trial, as well.

The defense routinely attacked the company's security practices and policies in open court, saying UBS security was so riddled with holes that absolutely anyone could have planted the malicious code that knocked out its nationwide server network. But while the defense was pointing to what it called security weaknesses, one man who spent more than three years examining the financial services company's network says security administrators there had done a lot of things right.

Keith Jones, the government's forensics expert in the case, said he found that at the time of the attack--March 4, 2002--UBS was more security-conscious than a lot of companies he consulted for back in 2001 and 2002. Was UBS perfect? "No, but who is?" asks Jones, who is the director of computer forensics and incident response at Mandiant, an information security company based in Alexandria, Va.

After wading through UBS backup tapes, logs and countless lines of source code, Jones came up with a list of the top five things that UBS did right, following the attack. What helped the company get back on its feet? What helped forensics investigators do their jobs? Read on:

Five Things UBS Did Right After the Attack