The information security manager must help the management in risk management for the enterprise. Therefore, an apparatus for the prevention and the contrast must be associated to an organization able to manage the possibility of a computer security incident, both from a technological point of view (identification, recognition and mitigation) and from a possible follow-up of a legal nature, according to the dictates of the computer-forensics. The learning unit aims to show the current techniques for digital forensic, not only in the enterprise environment, but also considering mobile and cloud. The learners will be involved in the discussion of real situations and case studies in order to apply the acquired knowledge.