The author of this chapter notes that recovering and reconstructing electronic data can be a daunting task for even very experienced computer administrators, especially in the Unix environment. This chapter seeks to aid the computer forensic examiner with their analysis in the Unix environment. The author explains the successive stages involved in the recovery and analysis of such data, including the imaging of original data, the extraction of the data from the media, and how to copy this data into a more accessible form. Included in this chapter is a discussion by a different author, Mark E. Luque, on the logical level analysis of Unix Systems. Similarly, author Sigurd E. Murphy offers a discussion of relational reconstruction. Tables, figures