Information security services and digital forensics services relate to the investigation and prevention of digital intrusions, such as the breach and exploitation of computer systems and networks, and can include intrusion investigation systems. An intrusion investigation system is a tool, such as a device or software application, that can monitor a network or system for malicious activity or policy violations and gathers evidence that indicates the security of the system or network of interest has been breached. In some examples, intrusion investigation systems can attempt to reconstruct the intrusion or attack from the evidence gathered. The scope of intrusion investigation systems can vary greatly, from simple tools and libraries to hierarchical systems that scrutinize an entire network. In some examples, intrusion investigation systems can further include intrusion prevention mechanisms.