“The Fundamental Computer Investigation Guide for Windows is comprised of five chapters and an appendix, which are briefly described in the following list. The first four chapters provide information about the four phases of the internal investigation process:
- Chapter 1: Assess the Situation explains how to conduct a thorough assessment of the situation and prepare for the internal investigation.
- Chapter 2: Acquire the Data provides guidance about how to gather digital evidence.
- Chapter 3: Analyze the Data examines standard techniques of evidence analysis.
- Chapter 4: Report the Investigation explains how to write the investigation outcome report.
- Chapter 5: Applied Scenario Example describes a fictional scenario that depicts unauthorized access to confidential information.
- Appendix: Resources includes information about how to prepare for a computer investigation, contact information for reporting computer-related crimes and obtaining computer investigation training, worksheets that can be used in computer investigations, and lists of certain computer investigation tools…”
Get the guide at http://technet.microsoft.com/en-us/library/cc162846.aspx
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer