Here is an exerpt from an article on Security Focus I found today. I thought that it looked quite informative and ideal for someone new to forensics since it gives good insight into what forensics analysts do and how.

Forensic analysts and incident response engineers are armed with a slew of open source and commercial forensic toolsets to attempt to understand and analyze break-ins they did not witness. The most critical component of forensic analysis is system log files. In particular, the analyst must be able to understand and recognize footprints that exploits leave on system logfiles. Identifying these signatures, and their impact on the application within the log files, is the key to understanding what took place during a security incident.

The article is pretty lengthy, but you can find it here .