Computer forensic capabilities have become a critical skill of security practitioners as part of their arsenal to combat cyber security incidents. To be an effective investigator, we need to look beyond what is obvious and hence the necessity to dig deeper into the "crime scene" to uncover hidden evidence. This presentation endeavors to share with you the process, techniques and tools that are employed by computer forensic investigators in their continuing tussle with cyber security incidents. What is an Incident response toolkit? Setting up a forensic analysis workbench Forensic process Tools of the trade Case study Forensic failure