Final answer:
A Qualified Security Assessor (QSA) or Incident Response assessor (IRA) is usually hired for forensic investigations of account data compromises, not payment brands, the PCI SSC, or QIRs.
Step-by-step explanation:
The entity responsible for forensic investigations of account data compromise is typically a Qualified Security Assessor (QSA) or an Incident Response assessor (IRA).
These entities are engaged by the companies that have experienced the data breach to perform the forensic investigation and determine the cause and extent of the compromise. Payment brands may require the investigation, whereas the Payment Card Industry Security Standards Council (PCI SSC) sets the standards and certifications for QSAs and IRAs but does not directly conduct forensic investigations.
A Qualified Integrator and Reseller (QIR) might be responsible for installing and maintaining payment systems, and could potentially be involved if a breach occurs, but they do not conduct forensic investigations.