The term forensic literally means "pertaining to the court", deriving from the Latin word
forensis (the forum was where the Roman court sat). However, in modern English usage, it
has taken on a more specific meaning, namely the (scientific) mode of examination of physical evidence (usually
for purposes relating to the courts).
Forensic Analysis with respect to IT is the process of examining physical (albeit usually electronic)
evidence after a security breach (or other form of disaster) has occurred, in order to answer questions such
as how, why or exactly when the incident came to be, who was responsible for it and/or what exact damage was done.
The answers to these questions can be key to the disaster recovery (DR) process: in facilitating the restoration of
services; in ensuring that a similar incident does not occur again; and in identifying and gathering evidence
to be used in legal proceedings where appropriate. For greatest success, Forensic Analysis should be
regarded as an integral part of the disaster recovery process, from the moment the incident is discovered, and
should be anticipated by the organisation's DR plan.
saosce specialises in forensic analysis on Unix® and "Unix-like" platforms.
For urgent response to your forensic analysis or other disaster recovery needs, email us at
disaster@saosce.com.au or call the saosce
disaster recovery hotline on (04) 3828-7866.
