The process include many steps which could be planning and preparation, detection of incident, initial response, Formulation of response strategy, Foresnsics backups, investigation, Implementation of security measures , Network monitoring, Recovery, reporting and final is follow up. Action or an event never happens on a prescribed or convenient time hence a its always to have a checklist in place and be prepared like what time the issue happend,who reported etc. Then to analyse the situation and which might requite forensics software and other environment support which helps in analysis, gathering and understanding of evidence. And the most important part is duplication which is accomplised by creating duplicate bit by bit to a hard drive.And there are basically two approaches of doing so one is software based and another is hardware based.And in this place hardware based approach has upper hand as it provides speed and integrity.Also it provided the confidence of less risk of data gettting corrupted. Solution The process include many steps which could be planning and preparation, detection of incident, initial response, Formulation of response strategy, Foresnsics backups, investigation, Implementation of security measures , Network monitoring, Recovery, reporting and final is follow up. Action or an event never happens on a prescribed or convenient time hence a its always to have a checklist in place and be prepared like what time the issue happend,who reported etc. Then to analyse the situation and which might requite forensics software and other environment support which helps in analysis, gathering and understanding of evidence. And the most important part is duplication which is accomplised by creating duplicate bit by bit to a hard drive.And there are basically two approaches of doing so one is software based and another is hardware based.And in this place hardware based approach has upper hand as it provides speed and integrity.Also it provided the confidence of less risk of data gettting corrupted..