A security specialist is investigating an incident regarding a recent major breach in the organization. The accounting data from a 24-month period is affected due to a trojan detected in a department's critical server. A security analyst investigates the incident and discovers that an incident response team member who detected a trojan during regular AV scans had made an image of the server for evidence purposes. The security analyst made animage again to compare the hashes of the two images, and they appeared to differ and do not match. Which type of evidence is the security analyst dealing with?