At crime scenes detective search for evidence like fingerprints or DNA.
For [UNKNOWN] the hunt for clues starts with the weapon.
Melita software or viruses that can steal people's passwords, their personal information, drain their bank accounts.
At the Microsoft Digital Crimes Unit in Washington State, a team of engineers, lawyers, investigators and analysts use computer forensic techniques to deconstruct and understand how the malware works.
That means that we inject the malware in a clean computer to see the behaviors.
Every malware leaves a digital footprint on the computer.
They look for changes in the infected computer security settings, update options, and even additional screens asking users for banking and financial information in addition to username and password.
Deciphering the malware can take hours or months.
Some of them could be automated, however others we had to look at manually, review them code by code, line by line.
Microsoft then works with financial institutions and law enforcement in a case known as Citadel.
Microsoft helped pinpoint the Eastern European cyber criminals who robbed more than five million people world wide of $500 million.
This map shows the infected computers.
As you look at this map you will see a clear differential between Western Europe and Eastern Europe.>> Absolutely.
And that stops really at the border.
It's almost like a map with a GPS built into it.
The software giant also investigates software piracy and not only because it hurts their bottom line.
What we're seeing is one of the main ways that, the criminals are transmitting their malicious software is through, pirated software.
To help fight the spread of child pornography online, Microsoft at Dartmouth Researchers developed photo DNA.
The technology, establishes a, a digital hash, a unique signature for each.
Photograph.
Let's say that this photo of me is a known illegal image that's about to be uploaded to the internet again.
The PhotoDNA software scans for matches to see if it can find the original photo and match it up against the one that has just been uploaded.
And a match has been found.
Crime lab technology trying to stay one click ahead of the criminals.
In Redmond, Washington I'm Kara Tsuboi cnet.com for CBS News.
