When a forensic investigation is carried out in the enterprise environment, most of the important data is stored in database servers, and data stored in them are very important elements for a forensic investigation. As for database servers with such data stored, there are over 10 various kinds, such as SQL Server, Mysql and Oracle. All the methods of investigating a database system are important, but this study suggests a single methodology likely to investigate all the database systems while considering the common characteristics of database system. A method of detecting a server, data acquiring and investigating data in the server can be usefully used for such an investigation in the enterprise environment. Therefore, such a methodology will be explained through a way of carrying out a forensic investigation on SQL Server Database of Microsoft Corporation.