Which term is the process of examining past security incidents to determine root causes?

Root-cause analysis of security incidents is forensic analysis. It involves collecting and preserving evidence from systems, logs, and other artifacts, then reconstructing the incident timeline to understand how the breach occurred, what vulnerabilities were exploited, and what controls failed. The goal is to identify the underlying causes so you can remediate and strengthen defenses for the future. The other terms describe different things: the cybersecurity landscape is the overall threat environment, not an after-incident investigation; monitoring threats is about real-time detection and alerts; network intelligence deals with data about network activity and patterns. None of these centers on post-incident investigation and root-cause determination the way forensic analysis does.