Browsing by Author Rajagopalan, Sundaram
Showing results [1 - 1] / 1
Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that have previously occurred. It seeks to answer such questions as how an intrusion occurred, what an attacker did during an intrusion, and what the effects of an attack were. Currently the field of computer forensics is largely ad hoc. Data is generally collected because applications log it for debugging purposes or because someone thought it to be important. Practical forensic analysis has traditionally traded off analyzability against the amount of data recorded. Recording less data puts a smaller burden both on computer systems and on the humans that analyze them. Not recording enough ...