During an incident response, a cybersecurity analyst needs to ensure the preservation of volatile data on a suspect's workstation for later forensic analysis. Which tool is most appropriate to accomplish this task without significantly altering the state of the system?
Disk imaging software
Network sniffer
Live response utility
File integrity monitoring system