Like Steve mention post the relevant entries from the System, Security and Application Event logs.