Computer Forensics according to Microsoft

  • Article

As an IT Professional, have you ever been tasked with setting up a new process or technology at your company?  Didn't have a clue where to start?  Sure... you may have read a book on the topic a year ago, and have a general idea as to how it works, but unless you have already been involved in a setup or migration or implementation at a previous company, you have a lot of research ahead of you.  Unless you are working at a Fortune 100 company, it is highly likely that you are an IT Generalist, which makes it impossible to know everything about every technology that you support.  That doesn't stop management from expecting you to be an expert in Exchange, SQL Server, SharePoint, Content Management, Risk Management, Deployment...

With that in mind, Microsoft has an incredible (and free!) resource available from the TechNet Solution Accelerators team: https://www.microsoft.com/technet/solutionaccelerators/default.mspx

The Solution Accelerators contain end-to-end guidance on processes, tools, team composition, and best practices for nearly every rollout or IT project that you may be tasked with.  Some of the better known Solution accelerators include the Business Desktop Deployment Solution Accelerator and the Microsoft Shared Computer Toolkit for Windows XP, but there are some real gems that address nearly every project you face.

I just came across one of the guides that was published in January that piqued my interest:  Fundamental Computer Investigation Guide for Windows. You'll find industry best practices and tools to help you conduct a computer investigation—using methods that will stand up in a court of law.  Using many of the tools that we acquired from SysInternals, you will learn how to analyze a computer (both remotely and locally) to complete an internal investigation on malfeasance that may have been carried out within your company.  It's actually a very interesting read (covering everything from acquiring the data, to analyzing it, to reporting on your findings to management).  It finishes up with an applied example at Woodgrove Bank that turns the conceptual theory into actionable practice.  Head on over!: https://www.microsoft.com/technet/security/guidance/disasterrecovery/computer_investigation/default.mspx