33

You are examining an internal web server and discover there are two hours missing from the log files.


No users complained of downtime or accessibility issues.


Which of the following is most likely true?


The  server was compromissed by an attacker.


it´s a web server used by employees all day during normal business hours and there´s "nothing" in  the log?

Despite this, none of the users complained about it being down at all?

No, we think this one os going to require some forensics work.

Call the IR team.

The log file being corrupted would´ve been throughout.


A crisp two-hour window doesn´t match up with that.


If the system were rebooted, that in and of itself would´ve shown in the log.


It defines common sense and probability that absolutely nothing occurred to the web server during normal business hours.