Gathering and analyzing evidence from computer equipment, reconstructing data, and detecting and finding out who is responsible for attacks.