Managers seem to expect forensic evidence to appear as if by magic when an employee is caught committing fraud or circulating porn on company IT equipment. The reality is that, while system, network and firewall logs usually record some information, it is unlikely to be sufficient or suitable for forensic purposes unless the logs and controls have been designed and maintained with that potential use in mind. Aristotle has an unusual network usage/content monitoring product that claims to address this kind of controls gap. It is targeted at schools and offices, for example identifying children contemplating suicide or employees stealing corporate data. It retains forensic evidence and provides the reporting tools to use of it.
More incident management links