Best Practices and Tools for Computer Investigations
Microsoft customers are facing a rising tide of illegal or improper activity on their computers and networks. Unfortunately, most IT Professionals in these organizations don’t have the expertise to respond successfully to this growing problem. They’re unsure about when to turn the case over to law enforcement if evidence indicates a crime has taken place. In cases in which company policy appears to have been violated, many organizations don’t have the right methods or tools at hand to uncover key evidence while protecting their organization should the case end up in civil court.
The Fundamental Computer Investigation Guide for Windows provides U.S.–based IT Professionals with information about the best practices and tools they need to investigate suspicious use of their organizations' computers and networks. The guide helps customers determine when to turn an investigation over to law enforcement. It provides guidance on how to collect, preserve, analyze, and report on key data they uncover in their investigations—using methods that will stand up in a court of law.
Developed by Microsoft security experts, partners, and customers, the guide presents a reliable, 4‑step investigative process based on best practices and proven tools used by the computer investigation community.
Key Customer Questions Answered by the Guide:
-How do I look for evidence on a hard disk image that has hundreds of thousands of files?
–Should I contact law enforcement? If so, which agency?
– How can I collect data remotely without tipping my hand?
-What investigative methods and tools should I use to protect my organization, if I expect this case to end up in court?