This lecture looks at examples of network-based and host-based intrusion detection systems. It considers the role of honeypots in detecting intrusion and learning about attacker behaviour. It also examines the forensic analysis aspects of incident response, with a particular focus on how suspicious executables are identified and analysed.