Detective controls are designed to identify and respond to incidents that have occurred, allowing an organization to understand how the attack happened. By analyzing the incident, the organization can take measures to prevent similar attacks in the future. Preventive controls aim to stop incidents before they occur, which is not suitable for analysis after an attack. Corrective controls are focused on limiting damage after an incident and may not provide insight into the attack method. Compensating controls can provide alternative security measures but are not focused on incident analysis.