The Disk activity/tranfer rate can be easily monitored a multitude of ways - Opensource Munin, Nagios, Zabbix, etc.
Most systems on my measly network of 200 nodes have this data logged 365/24/7. I can go back through any point in time there is an anomaly (and I can get notified when a system is doing something outside of breakpoints). A sudden burst of I/O activity could have set a trigger to alert of this I/O activity and the duration.
That trigger could notify people that there has been a breach, alert to a system health issue and can notify systems to more verbosely monitor other related systems, shut services down, etc. They can all correlate their activity to a very high degree/point in time.
I.E.
-
Someone swipes a card to get access to an area. Check-In time, identification and video surveillance correlate.
-
I/O on ServerXYZ peaks to 22MB/s for 87 seconds. This triggers some breakpoint for spurious I/O activity. Someone got a notification that this was high, then another notification that this returned to normal.
-
Card Swipe out, Surveillance video correlates.
-
IT/Security Analyst either ignores the notifications, or if it's AWAN - investigates thoroughly to see who did what on those boxes for 87 seconds. Since, possibly he has a great interest in those systems and the stack it is running and no one should be messin' with those boxes.
-
AWAN correlates SR going into the server room, popping a USB stick into the server, running some commands and copying files.
-
Notifies DWS that they have a problem. Asks how should this be handled.
Err: MS13
-
Fortunately, WE Have it All too…
I don't think this data would have been logged at the network level via router/switches because that's not the route the data it went. It went straight from the server to a USB 2.0/3.0 interface.
"what is called the transfer rate—the time a remote hack would require. The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNC’s server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second."