Within cyber security, however, the practice of 'network forensics' is becoming increasingly important as organisations try to respond to and prevent breaches.
Simon Crosby, CTO and co-founder at Bromium says that without understanding how a breach took place, companies cannot work out to address the flaws in their defences.
The next step is planning, Cassell says, which includes prioritising the areas where the organisation can get the most evidence.
His company Savvius taps network traffic and creates forensic information around the alerts, building a detailed bank of information that can be deployed during a breach investigation.
Stuart Clarke, CTO, Cyber Solutions at Nuix says that a lack of knowledge of what and where an organisation's critical data is can be another obstacle.
He cites a recent survey of security executives, sponsored by Nuix, which found that 31 percent of organisations could not say where critical value data was on the enterprise network, who had access to it or what people did with it after they accessed it.