Microsoft Forensics
Apr 4th, 2007 by Jesper Kråkhede
Today I hade the great opportunity to have a very long talk with one of Microsofts malware investigators regarding how they work and what kind of routines they have. Sadly I am not allowed to say anything about the details but what I can say is that they have a very, very deep knowledge of security threats, malware and trends in malware business. One interesting point is that many of their cases has their origin in blue screens of death on servers, clients etc. So if you ever have an unexplained BSOD it could very well be some malicious code running on your server. Just remember that Microsoft do NOT conduct legal investigations. If you have that need do contact a company that do this kind of work.
Keep up the great work, guys and girls!