A structured approach to managing and investigating cybersecurity events. In a law enforcement context, IR concepts (containment, eradication, recovery, logging) can overlap with criminal investigation steps when evidence collection and chain of custody are required.
