Originally posted by crazycheese
View Post
Which is exactly what they don't want to happen. It would be easier to just leave the old logs alone and just prevent newer activity from being logged and hope that the admin is clueless enough that they won't notice any evidence of the successful intrusion detection in the logs. (this is usually a fairly safe bet)
Now if the way they attacked you is valuable enough that they are willing to blow the whistle on themselves then deleting the logs could be a advantageous option.
Comment