The evolution of technology and business requirements has seen COBIT (Control Objectives for Information Technology) become the standard for IT governance in the corporate and government sectors since the first version was released in 1996. COBIT was originally intended to support an organization or agency's operating requirements, however, so its information security incident control and prevention elements are less comprehensive than ISMS. In that case, are COBIT controls adequate for immediately identifying information security incidents or problems and taking the appropriate measures to minimize the threat to the organization? This study attempts to propose a set of auxiliary computer forensic tools and procedures that can be used to identify the cause of the problem when there is an anomaly or unsolvable information security incident. This procedure will reinforce the post-incident response capability of COBIT controls to shorten the organization's response times to security incidents and reduce their potential risk. At the same time, it will also help realize or improve the target accomplishment rates of each COBIT control while meeting the organization's management needs.