Define the business scenarios that require digital evidence.
Identify data sources & different types of potential evidence.
Determine the evidence collection requirement.
Establish capability for securely gathering legally admissible evidence.
Establish a policy for secure storage and handling of potential evidence.
Ensure monitoring is targeted to detect & deter major incidents.
Establish escalation circumstances (full formal investigation requiring digital evidence).
Documentation & Sign-Off.
Personnel Training.
Ensure legal review to facilitate action in response to the incident.