As malware becomes more sophisticated, it has become increasingly difficult to identify the impact of a security compromise, even after an event is detected. There remains a need for improved techniques for forensic analysis to assist an investigator investigating security events.