This specification relates to network communications.
In a conventional enterprise environment, digital investigations are often associated with incident response. Incident response includes the detection and investigation of system compromises and targeted attacks. Within a corporate setting, for example, investigations typically focus on timely response and damage assessment in addition to maintaining evidentiary standards. The typical enterprise owns and deploys many machines, or assets, serving a multitude of roles, for example, workstations, laptops, and servers. All these machines can be used as launch points for internal attacks and may become involved in forensic investigations. Traditional forensic acquisition of machine data includes shutting the target machine down, removing its disk and acquiring a bit for bit copy of the drive, followed by a manual analysis of the drive image.