The occurrences can be triggered by internal and external factors and can cause considerable damage or loss to an organization directly or indirectly. For instance A contingency plan should be devised to mitigate such incidences. A framework formulated will prepare for both low frequency/high impact as well as high frequency/low impact events in the organization. This paper details investigation procedure at Salford university school of computing science and Engineering. Our case study will focus on server intrusion in the university school department. An incident of server intrusion to the university system occurred, and a contingency plan formulated to authenticate the suspicion, respond and analyze the incident. Due to the delicate nature of digital evidence improper handling may lead to damaged or compromised data. The idea of having to start an investigation in this department can lead to a crisis. Proper procedures need to be laid down to manage the crisis. There are general questions, which the CFA will need to address in order to carry out the investigation successfully. A digital investigation divided into different stages according to the model adopted. Researchers at the U. S. Air Force studied various models and came up with common characteristics that characterize these models. They then incorporated them in a single model known as Abstract Process Model. It contains different phases. this model has 17 phases classified into 5 major groups. (Gilbert Peterson, 2009).