This document provides an outline of the computer forensics investigation process, including securing evidence, acquiring and analyzing data, assessing evidence and preparing a final report. It discusses maintaining a chain of custody for evidence, duplicating data without modifying originals, using hashing and data recovery tools as needed. Analysis includes examining file contents, metadata and locations. Common forensic tools like FTK and EnCase are listed. The role of an expert witness in testifying about digital evidence in court is also outlined.