This chapter describes various tools available to document online evidence and the procedures for validating and verifying that evidence. Many of the tools described are free or inexpensive or built right into an operating system. Additionally, some of the tools examined include functions that are great for authentication and chain of custody issues, such as incorporating the system date/time, into a file name capturing online ESI. All of the utilities are very user friendly. Details are provided on how to create a portable field investigative thumb drive. Finally, pointers are provided for capturing data where the investigator’s tools are not available or accessible.