ABSTRACT
The purpose of this entry is to assist with the understand-
ing and comfort in dealing with digital evidence in the
context of dealing with an incident. We begin by discussing
some of the misperceptions surrounding the collection of
digital evidence during an IR situation and then continue on
by exploring the IR model. We will then look at the digital
evidence management and handling methodology and focus
on the similarities and diff erences between the two models.
The entry concludes with an examination of how to combine
the two process models to accentuate the strengths and
reduce the inherent weaknesses and shortcomings of both.