When forensics data collection is enabled on the Settings > Reporting > Dashboard page in the Web Security manager, transaction details related to attempts to send data out of your network, as well as the actual data files involved, are recorded in a forensics repository.