Incident response strategies identify how an investigation would proceed and what data would need to be collected. Investigations are “less about the technology and more about the process,” Greg Thompson says. Evidence collection and management is a critical step, as well as generating a pre-defined task list and assigning tasks. An effective investigation strategy also relies on the team and senior executives being able to track what steps have been taken since the last update, who is responsible for each activity, how long each task is expected to take and the expected outcomes of each task.”]
Source: https://www.cuinfosecurity.com/tips-on-managing-incident-investigations-a-6082