Computer forensics can play a crucial role in restoring an organization from cyberattacks. By carefully tracking forensic processes after an attack, recovery can begin. According to Čisar & Maravić Čisar (2012), according to the methodology of digital forensic analysis, three processes are necessary, which include preparation, identification and analysis. During these processes, post-mortem analysis takes place, including file system, event logs, and deleted file recovery.
Much of the research and work has gone into the discipline of digital forensics over the past decade, shared with the wider community. This has allowed for a better understanding of how to identify and recover digital artifacts that have been deleted or corrupted due to malicious activity. Beeb (2009). As digital forensics evolves, methods and processes are being used to help companies recover from cyber-attacks, which will evolve as attacks become more sophisticated and rigorous.
Beebe, N. (2009). Forensic digital research: the good, the bad and the unaddressed. Advances in Digital Forensics V 17-36. (Http://dl.ifip.org/db/conf/ifip11-9/df2009/Beebe09.pdf)
Čisar, P. & Maravić Čisar, S. (2012). General directions of development in digital forensics. Acta Technica Corvininesis – Technical Bulletin, 5 (2), 87-91.