The identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

→ Used to investigate intrusions, to up your security, prevent future intrusion and maybe find the criminals. Can also be used for data recovery.

Phases: