At the recent SecTor event I had a chance to sit down with Kai Axford, who is part of Microsoft's Trustworthy Computing team, and Warren Bulmer from the Toronto Police Service after their session on Computer Forensics (PPT and WMV available). What do you do when you think a machine has been exploited or you find inappropriate or illegal materials on your network? How do you investigate it? Who do you call? (No it is not Ghostbusters). Take a listen as Kai and Warren talk about what to do, who to call and when to call them while they also discuss some of the tools (even free ones) you can use to gather evidence for internal investigations.