ðģ Evidence Collection And Preservation
Network Traffic
Most of the devices keep some sort of logs. As for the network related issues these are switches, routers, firewalls, IDS and IPS, web proxies, DC and authentication servers, DCHP server and application servers.
VM Acquisition
[…]they all need to be backed by a disk image, which is a file that represents an entire raw physical disk.