What I would do, is not touch the computer at all, but have the drive taken out, give it to her lawyer to then take and give to a professional who can write up some report that can be used during the proceedings.
I would also suggest she get a restraining order based on what's been said. Put up some surveillance cameras, and if she can catch the guy breaking into the house, then she can go to the cops who will put him in jail. A restraining order is really only going to do so much obviously, but it's about all our legal system affords.
This isn't the sort of situation where you want to play detective yourself. Get the drive to a professional retained by her lawyer so that they understand that they are collecting evidence for a legal proceeding. Try and do it any other way, and it's all but guaranteed that his lawyer will get the judge to exclude it from the proceedings. And if her lawyer doesn't have any idea how to do this, then it might be time to find another lawyer.
Also, if you suspect that the husband is monitoring emails, do not email her about this. Have her come over to your place, explain what needs to be done in person only after she arrives, then go back and grab the entire computer if you don't know how to remove a HDD. Just take the whole thing to her lawyer's office, and then her lawyer can arrange to have someone inspect it for the purposes of the divorce proceedings. And while you're there, you can have her lawyer file a petition for a restraining order if that hasn't been done already. You can swear out an affidavit if you were ever personally a witness to any of the things you described.
Just let me stress this one more time. DO NOT ATTEMPT ANY KIND OF FORENSICS YOURSELF! Take the computer directly to her lawyer, do not pass go, do not collect $200, do not make any unnecessary stops between the time you collect the computer and the time you drop it off with her lawyer.
New to this forum, hoping we can find help for a close friend.
She's in the middle of a vicious divorce, and the soon-to-be ex got into her home to "fix" her computer (WinXP). She's not very computer savvy. The ex is scary, brags he can break into her house anytime he wants. He's gotten in and started selling her personal possessions as well as the kids'. (Jewelry, bikes, toys). He's also shown some threatening obsessive behavior - actually pretty scary.
Since he messed with her machine, her screen blinks a lot, runs very slow, and she found that he's been monitoring her email, even though she changed passwords.
The suspicion is that he installed keyloggers and/or other spyware, as he's talked about info that he was never told (multiple times), stuff that was only present on her computer.
What we're wondering:
1. Is there a way to prove that keyloggers and/or other spyware is installed, but without wiping it out automatically?
2. If the spyware is discovered, is it possible to discover where the info is being sent (i.e. an IP address). This is needed to help build a police case.
3. Any recommendations for apps that can help trap this info
Thanks in advance for any help!!!