The discipline of assessing and examining an information system for relevant clues particularly after it has been compromised by an exploit.