Definition: Forensics is a process that concentrates on gathering evidence in a systematic manner and establishing the attribution of a security incident. When applied to information technology the process is deliberate, well-ordered and precise.

The take-down of Osama bin Laden's lair involved the extensives analysis of digital artifacts. The same would apply to any crime scene in which electric devices, media and information is stored.

Computer log-files pertaining to data packets that have traveled into and through computers and networks are examined, IP addresses are studied and data integrity is checked. The evidence that is gathered and stabilized can be used to prosecute individuals who attacked the system. Establishing a profile of the damage or breach that has occurred is essential.  Without such information "lessons learned" are hard to discern and punishing cybercriminals is next to impossible.

It's Relevance: Attacks and nefarious intrusions will occur against your computer or computer network. Intruders will be able to get away with their acts unless the information asset owner is prepared to establish attribution. A systematic method of investigating the intrusion must be followed. Law enforcement, otherwise, would fail to prosecute and the victim would find it difficult to make specific changes to avoid system breaches in the future.

Retrun from "Forensics" to Words [D - F]