You’re worried that a system has been hacked into, or perhaps you suspect that an employee has been leaking corporate information. So where do you start an investigation and how can you analyze the data you have?
The field of computer forensics may seem highly specialized, but there are tools and techniques available for mainstream system administrators to perform basic investigations. The December 2007 issue of TechNet Magazine offers a “A Guide to Basic Computer Forensics“. This article relies primarily on two solution accelerators that are available for free: The Fundamental Computer Investigation Guide for Windows and The Malware Removal Starter Kit.
And for more information on all things security-related, check out the TechNet Security Center.