A tester has identified unusual server logs that suggest unauthorized activity. Which approach best keeps the information unaltered for detailed examination?
Leave them in the existing directory on the compromised host and restrict permissions
Move the files to a shared folder that staff members can openly modify
Create a single paper copy of the logs and discard the digital records
Transfer the files to a safeguarded storage area and use hash values to verify their condition
Storing the logs in a secure location and using cryptographic hash values helps confirm their accuracy and prevents unintended changes. Retaining them in the same folder or using a shared space with many users can increase the chance of accidental or deliberate modification. Printing logs may disregard metadata that is needed for thorough analysis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are cryptographic hash values?
Open an interactive chat with Bash
Why is secure storage important for server logs?
Open an interactive chat with Bash
What metadata might be lost by printing digital logs?