How to track deleted log files in a compromised Linux system

0 votes

After a suspected security incident, I discovered that certain log files were deleted. I want to determine if there’s a way to recover or track what was deleted. My concerns are:

  • How to check for signs of log file deletion using system metadata (e.g., lsof, auditd logs)?
  • How to recover deleted log files from disk (e.g., extundelete, foremost)?
  • What are the best practices for securing logs against tampering, such as forwarding logs to a remote server?

Any insights into forensic techniques for detecting log tampering would be appreciated.

2 hours ago in Cyber Security & Ethical Hacking by Anupam
• 10,250 points 6 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

How do you detect log tampering in a compromised system?

Ensuring the integrity of system logs is ...READ MORE

answered 4 days ago in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 49 views
0 votes
1 answer

How to close a port in Linux?

Closing ports in Linux is essential for ...READ MORE

answered Nov 13, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 100 views
0 votes
1 answer

How to script a privilege escalation attack simulation in Linux?

Simulating a privilege escalation attack in Linux ...READ MORE

answered 5 days ago in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 44 views
0 votes
1 answer

How to identify Entry points for user input in a web application?

Following are the key entry points for ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Raman
 2,214 views
0 votes
1 answer

How to modify hidden content in a web page?

You can save the source code as ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Emilia
 905 views
0 votes
1 answer

how to start a career in cyber security?

Many of us are familiar with the ...READ MORE

answered Dec 14, 2021 in Cyber Security & Ethical Hacking by Edureka
 • 12,690 points 772 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 346 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 391 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 242 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 18,160 points 222 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.