This document provides an overview of computer forensics investigation methodology. It discusses determining if a computer crime has occurred, finding and interpreting clues, conducting a preliminary assessment to search for evidence, and searching and seizing computer equipment to collect evidence that can be presented in court. It emphasizes the importance of having workstations, building an investigating team, acquiring authorization, and assessing risks before an investigation. The core methodology includes identification, collection, analysis, and presentation of evidence, with preservation also being important. Key areas that are evaluated and secured include the scene itself as well as volatile and non-volatile data sources that could contain evidence. Principles for electronic evidence include relevance, reliability, sufficiency, and admissibility.