Dozens of hackers are dedicated to silently invading computer system. They are making efforts directed toward destroying computer privacy and data. The auditing log is the initial source of tracing information security. To explore the fact, verifying reliability of related auditing record becomes an essential part of judging right from wrong. This paper proposes an iterative Plan-Do-Check-Act (PDCA) management process against external data intrusion incidents. A Social Engineering drill of 5-phase testing analysis is exhibited to strengthen computer defense system: Passive Data Security Protection, Proactive Penetration Testing, Reverse Record Tracking, Target Verification and User Habits. It not only summarizes some active follow-up guidelines to trace offenders but also demonstrates an accurate fact finding to prevent from erroneous conclusions. In response to the study in Social Engineering, the incident responders can have effective strategies of analyzing auditing record and reduce the possibilities of judicial misconduct in the forensic analysis of cybercrime event.