While assessing a target server, a security team notices a script that modifies log files. The client requests the assessment team to retain the information for later analysis. Which approach best ensures the integrity of these logs and related data for future review?
Roll back the system to a pristine snapshot from a previous date
Rewrite the altered logs so they are easier to interpret
Archive the records in a controlled repository along with cryptographic checks
Terminate the script and remove it to eradicate the threat
Archiving the logs on a designated server and applying cryptographic methods helps authenticate the data later. Halting the script can be useful for stopping additional changes, but it may not secure the existing logs. Simply rewriting would invalidate the original data for forensic study. Reverting to an older backup erases the evidence entirely.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are cryptographic checks and how do they help ensure data integrity?
Open an interactive chat with Bash
Why is it important to preserve logs in a controlled repository?
Open an interactive chat with Bash
Why is rewriting or rolling back logs not suitable for forensic analysis?