Which item is typically included in an incident response playbook?

Incident response playbooks center on the steps to detect, contain, eradicate, and recover from security incidents, and a core element is how evidence is handled. Proper evidence handling preserves the forensic integrity of data collected from systems, maintains chain of custody, and documents every action for analysis, legal, and regulatory needs. This includes deciding what to collect (logs, disk images, memory captures), how to collect it, verifying hashes, securely storing and transferring evidence, and recording time stamps and custody transfers. Without careful handling, forensic results can be questioned or unusable in investigations or prosecutions. The other options don’t fit as the typical operational focus: public relations strategy belongs more to crisis communications, while hardware procurement policy and onboarding are unrelated to incident response procedures.