Self-protecting systems require the ability to instantaneously detect malicious activity at run-time and prevent execution. We argue that it is impossible to perfectly self-protect systems without false positives due to the limited amount of information one might have at run-time and that eventually some undesirable activity will occur that will need to be rolled back. As a consequence of this, it is important that self-protecting systems have the ability to completely and automatically roll back malicious activity which has occurred. As the cost of human resources currently dominates the cost of CPU, network, and storage resources, we contend that computing systems should be built with automated analysis and recovery as a primary goal. Towards this end, we describe the design, implementation, and evaluation of Forensix: a robust, high-precision analysis and recovery system for supporting self-healing. The Forensix system records all activity of a target computer and allows for effic...