Which term is the investigation of security incidents to understand breaches?

Forensic analysis focuses on investigating security incidents to understand breaches. It involves collecting and examining digital evidence—such as logs, file artifacts, memory, and network captures—to reconstruct what happened, how it happened, and what data or systems were affected. This disciplined process helps determine the attack vector, the timeline of events, whether data was exfiltrated, and what remediation steps are needed, all while maintaining evidence integrity for potential legal or compliance purposes. Other terms describe related but broader or different aspects: network intelligence is about gathering information on threat actors and infrastructure to anticipate threats, not the post-incident investigation itself; the cybersecurity landscape is a high-level view of security posture and trends; and visibility refers to the ability to observe activity through sensors and logs, enabling detection and monitoring rather than conducting a focused incident reconstruction.