There exist a variety of reasons that an entity might wish to determine the actions that individuals have taken with respect to various computing resources. One reason is to improve security. For example, a large corporation may typically use a variety of administrators to configure and maintain network resources such as routers and services. In some cases those administrators are honest, trustworthy individuals. Unfortunately, in other cases, administrators may have a malicious interest in administering the network. The corporation may also use the services of a managed service provider, contractor, or other outside assistance, whose reliability or trustworthiness may be difficult for the corporation to learn or control. Another reason is to make available to auditors and compliance officers more useful information. Unfortunately, existing techniques for capturing user actions are limited in what they are able to capture (e.g., due to storage limitations and other computing constraints) and are also limited in what they are able to make available to interested parties. For example, techniques that make a video recording for later playback of a user's graphical interface typically require a great deal of storage capacity. Attempts to minimize storage consumption typically trade a smaller size-on-disk for a video with a smaller (and less useful) resolution. Other techniques, such as the use of client and server logs are susceptible to deletion and modification by nefarious individuals.