EvilZone
Community => General discussion => Topic started by: Axon on January 26, 2012, 03:32:46 PM
-
I have question .
What is the difference between Forensic and security? Are they the same. Is there a solid definition to differentiate between them.
The reason why am asking this is because I've seen in many forums and sites people regarding some of the famous security tools as forensic tools (e.g Wireshark). Can we consider forensic a branch of security or vise versa
-
I think forensic is a branch of security, yes.
-
in most cases forensics is the process after there has been an compromise or searching for specific data who can lead to evidence of a case.
The president got security, so he will not get shot by some random guy, when he gets shot, a forensics team will find out how this could happen and who did it and then passing it back to the security world so they can take measurements so it will not happen again.
Tools like wireshark can be used to do research on for example .pcap file who are files who contain very detailed network logs (the packets), and you can extract everything from them, when you capture data with wireshark it will be saved to the same file type for later research.
-
security is priori of an attack event and forensic comes after so its posteriori
-
Thank you all for the explanation. Security the immune system and forensic is the antibiotic :P