All the services needed to control IT security incidents
Computers involved in an incident need to be fully analyzed: memory, disks and logs. Those assets are precious as they give a clear and complete view on what happened on analyzed systems.
As computer communicate, being able to handle network traces allows to build a picture of attacker activities and eventually identified all the systems involved in the incident.
Forensics often lead to finding unknown binaries which are harmfull. Being able to handle, analyse and fight them is then a key resource to control an incident.
An IT security incidents involved processing a huge amount of data: logs, timelines, indicators of compromise (IOC)... Correlation, data mining are activities required.