Tuesday, July 03, 2007

More On 'Do Real "Hackers" Get Logged?'

While I like to state that every activity leaves trace somewhere (and the challenge is to find where) in the logs, many like to propagate the misconception that one can do something and leave no trace whatsoever. E.g. this CSO Online piece on anti-forensics tools says: "Diskless A-F is the state of the art; it avoids logging of activity all together" while in reality it should say "avoids logging of activity ON THAT SYSTEM, while leaving plenty of traces in other places: firewalls, routers, possibly other systems, etc" (at least on a well-managed network)

Dr Anton Chuvakin