ABSTRACT

The purpose of this entry is to assist with the understand-

ing and comfort in dealing with digital evidence in the

context of dealing with an incident. We begin by discussing

some of the misperceptions surrounding the collection of

digital evidence during an IR situation and then continue on

by exploring the IR model. We will then look at the digital

evidence management and handling methodology and focus

on the similarities and diff erences between the two models.

The entry concludes with an examination of how to combine

the two process models to accentuate the strengths and

reduce the inherent weaknesses and shortcomings of both.