Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that have previously occurred. It seeks to answer such questions as how an intrusion occurred, what an attacker did during an intrusion, and what the effects of an attack were.Forensic analysis answers what and how; intrusion detection answers if. ... and are inherently ambiguous.4 A solution to this might be to implement 3See As24.3, a Designing an Audit System, a in Computer Security: Art and Science [Bis03].
|Title||:||A Model of Forensic Analysis Using Goal-oriented Logging|
|Author||:||Sean Philip Peisert|
|Publisher||:||ProQuest - 2007|