Home / Blog / Guide to evidence gathering in Windows

Guide to evidence gathering in Windows

Posted on 11/13/2014, by Asier Martínez (INCIBE)
Guide to evidence gathering in Windows

Some of the more frequent incidents would be the following:

Hence, INCIBE is publishing a guide to evidence gathering in Windows environments. Its aim is to offer practical advice on the steps to be taken when an incident occurs. This should allow performing the evidence gathering process needed for later analysis that can lead to a solution for the incident in question. The document does not cover this later analysis stage.

The guide offers an overview of the process, explaining what it involves, what its purpose is, what stages it consists of, and the methods for carrying it out, among other subjects. It also gives a more detailed account as to getting specific evidence. It should be kept in mind that although the guide does give an initial account of the process of digital forensic analysis, it concentrates principally on the evidence gathering stage, as this is its chief aim.

The “Guide to Evidence Gathering in Windows Environments” may be downloaded from: