Best practice for collecting logs on a possibly infected computer