The incident investigation is likely to include such actions as:
* Establishing exactly what has gone wrong or what is being sought by the user
* Understanding the chronological order of events
* Confirming the full impact of the incident, including the number and range of users affected
* Identifying any events that could have triggered the incident
* Knowledge searches looking for previous occurrences by searching previous Incident/Problem Records and/or Known/Error databases etc.
* Seeking knowledge from system developers as to possible guidance for resolution.