One of the first things that you should do is create an offline copy of the target site. This will allow you to analyze the contents of information such as how forms are submitted, the directory structure of the application, and where files are located. Aside from the technical details of the site's structure, comments, and inactive code can also give you an insight into additional areas of interest. This information can be used to craft site-specific attacks in subsequent portions of this chapter. By creating an offline copy of the site in question, you also limit the number of times that you are touching the site, minimizing the number of records generated in logs, and so on.