If your budget allows, I recommend purchasing OSForensics from Passmark, which will allow you to forensically image the computer in question, perform a memory dump, and also perform timeline analysis of activities taking place around the time of infection.
↧