The Fundamental Computer Investigation Guide for Windows Is Now Available

This content provides prescriptive guidance in terms of best practices and tools for computer investigations.

Many organisations are facing a rising tide of illegal or improper activity on their computers and networks. Unfortunately, most IT departments in these organisations don’t have the expertise to respond successfully to this growing problem. They’re unsure about when to turn the case over to police/law enforcement organisations if evidence indicates that a crime has taken place. In cases in which company policy appears to have been violated, many organisations don’t have the right methods or tools at hand to uncover key evidence while protecting their company should the case end up in civil or criminal court.

The Fundamental Computer Investigation Guide for Windows provides IT Professionals with information about the best practices and tools they need to investigate suspicious use of their organisations' computers and networks. The guide helps customers determine when to turn an investigation over to external agencies and provides guidance on how to collect, preserve, analyse, and report on key data they uncover in their investigations—using methods that will stand up in a court of law.

Developed by Microsoft security experts, partners, and customers, the guide presents a reliable, 4 step investigative process based on best practices and proven tools used by the computer investigation community. Key issues covered include:

• Should I contact law enforcement?
• How do I look for evidence on a hard disk image that has hundreds of thousands of files?
• How can I collect data remotely without the user being made suspicious?
• What investigative methods and tools should I use to protect my company, if I expect this case to end up in court?

The guide is available at this link.