An organization’s IT department noticed that specific entries that should be present in the security logs are missing, and there are sudden gaps in the logs’ regular time intervals. In the absence of any scheduled maintenance or known service disruptions, what is the MOST likely explanation for this disparity?
Log generation was paused due to insufficient storage space.
Logs were deliberately deleted or altered by an attacker.
The log retention policy automatically purged older log entries.
The logging service crashed due to a software error, thus not recording data.
The most likely explanation for missing log entries is that they were deliberately deleted or altered to conceal unauthorized activities or a security breach. Attackers often cover their tracks by manipulating logs after gaining access to a system to avoid detection. This is a tactic used in post-exploitation to maintain stealth and prolong unauthorized access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common methods attackers use to delete or alter logs?
Open an interactive chat with Bash
What are the consequences of not having proper logging mechanisms in place?
Open an interactive chat with Bash
How can organizations improve their logging practices to prevent log tampering?