The objective of this whitepaper is to help IT organizations build a forensic capability. The objective of forensics is to enable an organization to identify the root cause of a problem. The problem can be ineffective processes, or it can be identifying individuals who circumvented IT security processes.
Many IT organizations have grown up fixing the results of a problem rather than the root cause of a problem. For example, if computer code is wrong in a program, it needs to be identified and corrected. However, correcting computer code will not remedy the cause of the problem, which most believe is a process problem. Thus, the primary use for forensics by IT quality professionals will be investigating process problems.
Forensics can also be used to identify individuals whose actions caused a loss. The actions by the individual may be intentional, which could be criminal or unintentional on the part of the individual because that individual did not understand or follow the appropriate process.