1

Define the business scenarios that require digital evidence.

2

Identify data sources & different types of potential evidence.

3

Determine the evidence collection requirement.

4

Establish capability for securely gathering legally admissible evidence.

5

Establish a policy for secure storage and handling of potential evidence.

6

Ensure monitoring is targeted to detect & deter major incidents.

7

Establish escalation circumstances (full formal investigation requiring digital evidence).

8

Documentation & Sign-Off.

9

Personnel Training.

10

Ensure legal review to facilitate action in response to the incident.