What's the process for confirming a suspected DDoS attack once initial signs are observed on a Windows server?

Confirming a suspected DDoS attack involves correlating data from multiple sources. First, verify high network/resource usage through Task Manager and Performance Monitor. Then, examine active connections with `netstat` or Resource Monitor to identify suspicious source IPs, connection counts, and states. Review web server logs or application-specific logs for unusual request patterns, high error rates, or targeted URLs. Check firewall logs for blocked malicious traffic. Finally, compare current metrics against established baselines. If multiple indicators align, especially with an overwhelming volume of traffic or requests from diverse sources, it strongly confirms a DDoS attack.