Many organizations are in a position to benefit more if they have the ability to gather and preserve digital evidence before an incident occurs and not after the incident has occurred(Robert, 2004). The digital investigation for law enforcement yields digital evidence, the evidence however may involve the use of enhanced system and staff monitoring, physical and procedural ways of securing data to a standard to be accepted as evidence and considered admissible. It also involves technical and appropriate legal advice to staff and employees(Peter, 2003). The law enforcement perspective of the digital forensic investigation tends to disregard what happens to the object or the device before the decision is made whether to be accepted as evidence or not. In this context the evidence required is presented by the digital forensic investigation or not presented and therefore the suspect can neither be charged nor prosecuted. This investigation begins when a crime is committed and the investigator avails himself to the crime scene(Robert, 2004). However in the business context the investigation is done on a continuous basis in the form of emails, portable computers, logfiles, and telephone and network traffics among others. Since it is a continuous process, the evidence may be collected before a crime and the evidence used to the benefit of the organization(Robert, 2004). In the recent technological environment the digital investigations are mainly done by the computer forensics analyst.