Digital forensics has been forced to change. In the past, when someone was suspected of a crime or behavior that was in violation of corporate policy, the typical process would be to seize the hard drive after hours, take a bit stream image, analyze the drive and compile a report. Of course this is becoming an increasingly difficult task. More and more companies now have a global presence with offices spread around the world. What’s more, these distributed networks have thousands, if not tens of thousands of PCs attached to them. Thus the new trend in digital forensics is to to use the corporate network to immediately respond to incidents…