Below are some relevant files that should be considered for deletion after conducting an Ethical Hacking exercise on Linux or Windows.

Files to Delete in Windows

Poster Forensics SANS

Files to Delete in Linux

• /var/log/messages: global operating system messages.

• /var/log/secure: authentication and authorization information.

• /var/log/mail.log: system mail server information.

• /var/log/cron: information about when the cron daemon starts a task.

• /var/log/boot.log: information from when the system boots up.

• /var/log/btmp: failed logins (lastb).

• /var/log/wtmp: logins and logouts (last).

• /var/log/lastlog: logins to the system (lastlog).

• /var/run/utmp: users on the system (who/w).

• /var/log/dmesg: kernel logs (dmesg).

Shell Commands:

• ~/.bash_history

• ~/.sh_history

• ~/.history

Less Command:

• ~/.lesshst

FTP Clients:

• ~/.lftp/rl_history and cwd_history

• ~/.ncftp/history

Systems connected via SSH:

• ~/.ssh/known_hosts

• Application Server Logs:

• apache/logs/

• etc/httpd/logs/

• var/www/logs/

• var/log/

• usr/local/apache/logs/

• var/log/apache/

• var/log/apache2/