Definition: Forensics is a process that concentrates on gathering evidence in a systematic manner and establishing the attribution of a security incident. When applied to information technology the process is deliberate, well-ordered and precise.
The take-down of Osama bin Laden's lair involved the extensives analysis of digital artifacts. The same would apply to any crime scene in which electric devices, media and information is stored.
Log-files pertaining to data packets that have traveled into and through computers and networks are examined, IP addresses are studied and data integrity is checked. The evidence that is gathered and stabilized can be used to prosecute individuals who attacked the system. Establishing a profile of the damage or breach that has occurred is essential.
It's Relevance: Attacks and nefarious intrusions will occur against your computer or computer network. Intruders will be able to get away with their acts unless the information asset owner is prepared to establish attribution. A systematic method of investigating the intrusion must be followed. Law enforcement, otherwise, would fail to prosecute.
Retrun from "Forensics" to Words [D - F]