The term forensic literally means "pertaining to the
court", deriving from the Latin word forensis (the
forum was where the Roman court sat). However, in modern English
usage, it has taken on a more specific meaning, namely the (scientific)
mode of examination of physical evidence (usually for purposes relating to
the courts).
Forensic Analysis with respect to IT is the process of examining
physical (albeit usually electronic) evidence after a security breach (or
other form of disaster) has occurred, in order to answer questions such
as how, why or exactly when the incident came to be, who was responsible
for it and/or what exact damage was done.
The answers to these questions can be key to the disaster recovery (DR)
process: in facilitating the restoration of services; in ensuring that a
similar incident does not occur again; and in identifying and gathering
evidence to be used in legal proceedings where appropriate. For greatest
success, forensic analysis should be regarded as an integral
part of the disaster recovery process, from the moment the incident is
discovered, and should be anticipated by the organisation's DR plan.
saosce specialises in forensic analysis on Unix®
and "Unix-like" platforms.
For urgent response to your forensic analysis or other
disaster recovery needs, email us at
disaster@saosce.com.au or call
the saosce disaster recovery hotline on (04) 3828-7866.
