Identifying a security threat or attack.
Collecting and preserving the evidence.
Examining the data that has been gathered.
Analyzing collected data and creating conclusions from that data.
Presenting the conclusions made.
Responding to the incident to initiate a clean-up.