Define the business
scenarios that require digital evidence.
Identify data sources & different types of potential evidence.
Determine the evidence collection requirement.
Establish capability for securely gathering legally admissible evidence.
Establish a policy for secure storage and handling of potential evidence.
Ensure monitoring is targeted to detect & deter major incidents.
Establish escalation circumstances (full formal investigation requiring digital
Documentation & Sign-Off.
Ensure legal review to
facilitate action in response to the incident.