The whitepaper below explains how to gather data and what tools to use, and also provides a link to a zip file that contains all of the tools mentioned in the whitepaper. So if you're looking for a guide in collecting forensic evidence then check it out.
http://www.shebeen.com/win32-forensics/index.html
http://www.shebeen.com/win32-forensics/win32forensic.zip
Checking Microsoft Windows Systems for Signs of Compromise