While assessing a target server, a security team notices a script that modifies log files. The client requests the assessment team to retain the information for later analysis. Which approach best ensures the integrity of these logs and related data for future review?
Terminate the script and remove it to eradicate the threat
Archive the records in a controlled repository along with cryptographic checks
Roll back the system to a pristine snapshot from a previous date
Rewrite the altered logs so they are easier to interpret
Archiving the logs on a designated server and applying cryptographic methods helps authenticate the data later. Halting the script can be useful for stopping additional changes, but it may not secure the existing logs. Simply rewriting would invalidate the original data for forensic study. Reverting to an older backup erases the evidence entirely.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are cryptographic checks essential for log integrity?
Open an interactive chat with Bash
What is the difference between archiving logs and rolling back to a snapshot?
Open an interactive chat with Bash
How does halting a malicious script affect log analysis?