Hi all hopefully this is not too off topic. As a new member to the forum and someone who is interested in computer forensics, I am a little unclear as to the difference between Incident Response and Forensics. Would anyone be able to shed some light.
IMHO, computer forensics is a subset of incident response.
IR covers the activities you perform when you suspect that an incident has occurred. This can entail live response (ie, the collection and analysis of volatile data), live acquisition (acquiring an image from a live machine), or the more traditional imaging a system after power has been removed from the system.
HTH
Not off topic at all, it's an understandable question given that the two are often confused.
I would define computer forensics as
"the use of specialized techniques for recovery, authentication, and analysis of electronic data with a view to presenting evidence in a court of law"
and a quick search for a
"an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs"
Both definitions are probably open to debate but I think are about as accurate as you can get in a couple of lines. The crucial point to remember is that, strictly speaking, forensics is always related to the law (although in computing circles, when talking about "computer forensics" or "doing forensics", this is not always appreciated).
Jamie