The term forensic literally means "pertaining to the court", deriving from the Latin word forensis (the forum was where the Roman court sat). However, in modern English usage, it has taken on a more specific meaning, namely the (scientific) mode of examination of physical evidence (usually for purposes relating to the courts).
Forensic analysis with respect to computing is the process of examining physical (albeit usually electronic) evidence after a security breach (or other form of disaster) has occurred, in order to answer questions such as how, why or exactly when the incident came to be, who was responsible for it and/or what exact damage was done.
The answers to these questions can be key to the disaster recovery (DR) process: in facilitating the restoration of services; in ensuring that a similar incident does not occur again; and in identifying and gathering evidence to be used in legal proceedings where appropriate. For greatest success, forensic analysis should be regarded as an integral part of the disaster recovery process, from the moment the incident is discovered, and should be anticipated by the organisation's DR plan.
saosce specialises in forensic analysis on Unix® and "Unix-like" platforms.
For urgent response to your forensic analysis or other disaster recovery needs, email us at info@saosce.com.au or for an emergency attendance, call the saosce disaster recovery hotline on (04) 3828-7866.