The availability of the personal computer or PC at every home and every office desktop, and the dawn of the Internet brought to focus not only the benefits derived from these technologies but abuse and to a greater extent, crimes as well. Suddenly, cybercrime is at an all time high and ways and means of detecting and making these criminal hackers pay became a forefront competence in information technology and law enforcement. One of the best deterrents to computer crime is to catch those who commit the dastardly acts (Solomon & Prosise, 2001)!.

             Of all the types of criminal hackers, the worse is the "insider" - a current employee or a former "disgruntled employee" - since they are or were in a "trust relationship" with their employer, and they demeaned that trust by attacking the information systems of the company. When this type of crime, or cybercrime, occurs, the recourse is to call in computer forensics and incident response professionals to remedy the situation. Solomon et al. (2005) describes computer forensics as, "Computer investigation and analysis techniques that involve the identification, preservation, extraction, documentation, and interpretation of computer data to determine potential legal evidence.".

             Once there is a probable determination that a cybercrime was committed, the computer forensics and incident response experts follow a well-choreograph methodology to successfully document evidence and prosecute a cybercrime. Robbins (2002) lists down the basic but critical procedures to computer forensics:.

             1.Protect the subject computer system during the forensic examination from any possible alteration, damage, data corruption, or virus introduction; .

             2.Discover all files on the subject system including existing normal files, deleted yet remaining files, hidden files, password-protected files, and encrypted files; .

             3.Recover as much as possible all of discovered deleted files; .