During an incident response, a cybersecurity analyst needs to ensure the preservation of volatile data on a suspect's workstation for later forensic analysis. Which tool is most appropriate to accomplish this task without significantly altering the state of the system?
Live response utility
Network sniffer
Disk imaging software
File integrity monitoring system