This was posted in another thread
[Could] you share how you view Incident Response vs Computer Forensics? From my view I see them as separate….
Computer Forensics can be thought of as a sub-set of Incident Response, which in turn is a sub-set of Business Continuity/Disaster Recovery.
From a corporate viewpoint, it is essential to identify critical processes and to develop (and test and refine) methodologies to handle such things as data exposure, intellectual property issues, redundancy, capacity planning, change management and so forth.
Businesses may be less inclined to perform a digital investigation if it points to someone outside of the organization. The prevaling views tend to be one of the following "If this hits the press, our reputation will be damaged" or "a trial will be lengthy and expensive and we'll lose critical servers/workstations for an extended period" or " a trial will require that we reveal trade secrets" or "if word of this gets out, we may be sued for down-stream liability."
There really is strong disinclination for businesses to conduct digital forensics except to identify and sanction employee malfeasance.
-AWTLPI
My thoughts exactly, please take a listen to the podcasts at http//securitypodcasts.itproportal.com/, which was recorded before the recent major data loss in the UK.
CityPaul
very seperate.
1 is post event
the other is pre event i.e. Pro active rather than reactive