Abstract: A computerized method involves obfuscating one or more segments of data that is part of a flow prior to analysis of the flow for malware. Each of the one or more obfuscated data corresponds to one or more anonymized data. Thereafter, an identifier is generated for each of the one or more anonymized data, and each identifier is substituted for its corresponding anonymized data. The anonymized data and its corresponding identifiers are separately maintained from the stored flow.