How do you ensure the chain of custody is maintained when acquiring forensic evidence from a compromised server?