A recent joint advisory issued by Australia, Canada, New Zealand, the United States and the United Kingdom highlights technical approaches to uncovering malicious activity. The advisorys goal is to help organizations improve incident response. That starts with the collection of relevant data: event logs, browser history files, evidence of listening ports, historical dates of when file folders and files were created, and so on. Back up infected systems as this may taint the evidence on the system. Make a backup of the system to examine the data on the data, rather than doing an investigation on a live system.”]