In my day job, we often discuss security tools and the respective processes that generate the requirements that demand the use of such tools. Lately, we have been debating incident response tools and processes as contrasted with forensic investigation tools and processes. Obviously, both have differing benefits that they bring to the general discipline of security. They also have differing requirements in terms of the tool sets that they require to execute those processes.
To me, the boundaries between forensic investigation and incident response have always been rather clear. Maybe slightly fuzzy at the exact interface between them, but not a huge gaping canyon of a zone of uncertainty. However, lately, I'm starting to believe that out there in the rest of the community it may not be so clear. I could be wrong...it wouldn't be the first time and I'm sure it won't be the last, especially if you ask some of my close friends.