Which of the following best describes the purpose of forensic analysis in the context of incident response?
It focuses primarily on repairing systems and restoring them to a fully operational status after an incident occurs.
Forensic analysis refers to ensuring that all evidence is admissible in a court of law.
It aims to systematically examine the evidence from a security incident to identify what occurred, how it occurred, and potentially who was involved.
Its sole purpose is to recover any lost or compromised data during a security incident.