Does anyone know if it is safe to investigate a PC identified as having malware by connecting to it through RDP?
Not really sure why you would connect it via RDP - I do not recommend that method; you should forensically image the target computer's memory first while the box is live without a reboot (minimize the forensic application's footprint that runs in live memory because the larger the footprint the more it overwrites what is in memory), do a live forensic physical acquisition of the box's hard drive(s), insert a wiped flash drive, check active sessions, items running in memory, connections, etc. any phone home activity, and pipe and/or document box's state and activity to the clean flash drive. Once completed, assume the flash device is infected, as well as the physical acquisition of the box's hard drive. So, be mindful of exports or opening up items in forensics software. Also, take precautions to sandbox the system and/or forensic image appropriately to scan, decompile, and analyze the malware.