The incident response team should be alert to any electronic devices as they begin gathering evidence from different sources. For example, they see a gaming system. They should not discount any electronic device because it seems like it would not have data. Sources that should be responded to are any electronic devices that contains data such as desktop computers, gaming systems, laptops, e-mail, any information system, financial information system, human resources information system, learning management system, Internet service, network, television, chat logs, images, etc. Preserving evidence should be in the forefront of the investigators.
If the incident is from a Federal