I was reading a Microsoft employee's blog where that person mentions a "Windows Online Forensics" incident response toolkit. I thought maybe Microsoft had released some new tools that I wasn't aware of yet. So I did an Internet search on the phrase and found a very useful whitepaper and set of tools, which I think is what he was referring to.
The whitepaper, "Online Forensics of Win/32 System," explains how to gather data and what tools to use, and also provides a link to a zip file that contains all of the tools mentioned in the whitepaper. So if you're looking for a guide in collecting forensic evidence then check it out.