Which statement about log files is true?

• A. Log files are always immune to tampering
• B. Log files are never created on servers
• C. Log files have no value in investigations
• D. Log files can be deleted

Answer: (D)

Logs capture events and activity, and they’re essential for understanding what happened, when, and by whom. Yet they’re not inherently protected. A user with sufficient privileges can delete or alter log files, so the idea that log files can be deleted is true. This is why security practice emphasizes safeguarding logs: use append-only or write-once storage, forward logs to centralized or remote servers, apply tamper-evident controls such as hash chains or digital signatures, and maintain backups to preserve evidence even if local copies are removed. Because of these realities, the other statements don’t hold up in real-world environments—logs aren’t immune to tampering, they are created on servers, and they do have significant value in investigations.