After being hacked, certain files DoD wiped I think, I then went to logs for date and time of programs run, logon, logout, usb device in/out etc.. and found nothing. So, is there a way to protect log files from being tampered with ?
Asked
Active
Viewed 64 times
0
-
1Log it off your machine to a remote location. And at the remote location, move the log file to a new location that your PC does not have access? - So for example you dump your log file to \\server\share (that you have full read/write access), and then that server will move the log.txt from share into mylog folder that your PC can't access (only your server have access) - so even if whoever get access to your PC can see the \\server\share, but they can't delete / alter the log files as it has been copied / moved away from that location. – Darius Oct 28 '16 at 04:40
-
Thank you for your help. Sorry for the delay. Doing something like that now, but I like your idea and will set up. Thanks again. – user657491 Nov 17 '16 at 00:40