Developing profiles to describe user or system behaviour is a useful technique employed in Computer Forensic investigations. Information found in data obtained by investigators can often be used to establish a view of regular usage patterns which can then be examined for unusual occurrences. This paper describes one such method based on details provided by events found within computer forensic evidence. Events compiled from potentially numerous sources are grouped according to some criteria and frequently occurring event sequences are established. The methodology and techniques to extract and contrast these sequences are then described and discussed along with similar prior work in the same domain.