Forensic tools are emerging to help digital investigators preserve evidence on live, remote systems. These tools are applying the precepts of digital forensics to incident response, enterprise policy enforcement, and electronic data discovery. This paper discusses the strengths and shortcomings of ProDiscover IR and EnCase Enterprise Edition in the context of the overall digital investigation process. In addition, a test scenario of a security breach involving a Windows rootkit is used to evaluate the capabilities of these tools. Based on this review, a comparison table is provided and several enhancements are proposed for tools used to process digital evidence on remote, live systems.