Which process involves analyzing and reviewing data gathered from computer systems?

Forensic analysis is the process that specifically involves analyzing and reviewing data gathered from computer systems. This practice is essential in the context of incident handling because it focuses on the meticulous examination of digital evidence, such as data files, system logs, and network traffic, to understand what occurred during a security incident.

The primary objective of forensic analysis is to reconstruct events based on the data available, ensuring that any findings can stand up in a legal setting if necessary. This includes identifying how a breach occurred, determining the extent of the compromise, and collecting evidence that can be useful for further action or legal proceedings.

Other processes, such as incident investigation, also involve reviewing data; however, they encompass a broader scope that includes identifying the incident type, assessing the impact, and coordinating response efforts. Asset identification focuses on determining what resources are valuable to the organization but does not specifically deal with data analysis. Evidence protection is critical as well, as it ensures that any evidence collected during the incident is preserved and remains intact for future analysis but does not involve the analytical process itself.