This study developed a framework for starting a Forensic Investigation Unit in an organisation. Overall, the study responded to the following  questions: First, what elements form a comprehensive framework for introducing and establishing a new Forensic Unit to an organisation? Secondly, how are the elements structured to form such a framework? The literature is more enshrined with information on how to conduct forensic investigation, but provides limited information on how to start a new Forensic Unit. The study followed the qualitative approach. The study brought together the following methods: literature review and systematic focus group discussion. There were two series of the focus group discussion. First, three groups were formed out of 6 professionals who were attending a cyber-security training at ESAMI, Tanzania. Findings from these groups were presented and the researcher (who was the facilitator of the training at ESAMI) engaged all participants in a common discussion. The consensus among participants was the main tool for making key decisions on this study. The results of this study suggested the following stages to form the framework for establishing a Forensic Investigation Unit to an organisation: need assessment, establishing a technical requirement, establishing  procedures to follow during the Computer Forensic Investigation, establishing procedures for evidence validation, establishing conditions for linking with externals, receiving organisational approval, and establishing a forensic unit.

Key Words: Forensic, Investigation, Forensic , Computer, Digital , Cyber, Security