Once evidence is identified, it is important to safeguard it from any type of modification or deletion. For evidence such as log files, it may become necessary to enable controls that protect log files from removal or modification. In terms of host systems such as desktops, it may become necessary to isolate the system from the rest of the network, through either physical or logical controls, network access controls, or perimeter controls. It is also critical that any users are not allowed to access a suspect system. This ensures that users do not deliberately or inadvertently taint the evidence. Another facet of preservation measures has been increased reliance on virtual platforms. Preservation of these systems can be achieved through snapshotting systems, and by saving virtual machines on non-volatile storage.