Try this first
- 1Take phone photos of what you see: running processes (Task Manager > Details), network connections, unusual prompts.
- 2Open Event Viewer (Windows key + 'Event Viewer'). Under 'Windows Logs' > Security and System: export both to .evtx on an external USB. Not on the device itself.
- 3For network connections: open PowerShell as admin and run 'Get-NetTCPConnection' and 'netstat -ano'. Copy the output.
- 4Got more time? Microsoft has a free tool 'Process Explorer' (Sysinternals) that gives more detail. Do not install if the device is already suspect, run from USB.
- 5Only then, when you have enough: reboot (or better, isolate, reboot is usually not the right first step).
When to bring us in
Forensic investigation is a craft. For a real breach (fraud amount, customer data exfil): we work with digital-forensics specialists. Regular IT people can destroy evidence without knowing it.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.