Excellent thanks Jiri.
We too have extracted manually and I was pushing my IT Governance team to advise their prefered source.
Funny enough their ignorance shined even though I'd shown them NCM.
Think they have been far too worried about application vulnerabilities of late and forgotten about hardware