Digital forensics refers to the processes involved in examining data from harddrives, volatility memory (RAM), network captures, and a wide range of digital devices for artifacts that remain after specific actions occurred on a system.
When faced with insider threats like employee misconduct or other forms of security breaches such as those committed by an external threat, organizations rely on digital forensics experts to determine the extent of the damage and losses.
Similarly, after being targeted by advanced attackers looking to steal intellectual property, classified information, and other highly sensitive materials, the digital forensics and incident response processes are necessary to determine how attackers gained initial access, what systems and resources were compromised during the attack, and what data was moved outside of the company’s control.
SOURCE: tripwire.com
