As the second stage, organizations work to identify sources of evidence to support the risk scenarios identified as being relevant to their business. With each risk scenario, work needs to be done to determine what sources of potential digital evidence exist, or could be generated, and what happens to the potential evidence in terms of authenticity and integrity.