If you need to move files, logs, or any kind of program output off a compromised system without disrupting evidentiary data on the disk, use netcat.

On your trusted system:

$ nc -v -l -p 2222 > victim.dump

On the victim's system:

$ <program> | nc <trusted_system> 2222

Where program is the discovery application you're running (e.g. netstat -an).

Netcat is handy little utility for scripting all manners of network functionality. Here we're making sure a web server is responding as we'd expect:

$ (echo "GET / HTTP/1.1"; echo "Host: www.xinu.org"; echo) | nc www.xinu.org 80