Forensics is a highly specialized field and hiring a forensic expert doesn’t always fit into budgets for smaller organizations or noncritical events. When these investigations and incidents occur, it often falls to the current security or IT staff to undertake the forensic role. Learning the basics of forensic methodology, learning about free and open source or low cost tools and training, and examining triage decision points will allow IT staff to provide limited forensic assistance while safely preserving data and evidence for further analysis or later use in legal proceedings.