What are the purposes for leaving an audit trail?

I understand that penetration testers should leave audit trails. I am confused as to the purpose. I have heard that it is so the organization can see what changed in their applications and websites to make them exploitable? Is this correct? Could you please explain with a little bit of detail?
David GeerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
An "audit trail" in the general sense lets you see what has happened.  Required for banking and financial transactions as well.  If you don't have a record of what happened, you really don't have any information.  This is basic to any kind of quality control.  If you didn't 'write it down', it didn't really happen in the sense that you have no information that you can use to fix anything.
JohnBusiness Consultant (Owner)Commented:
I agree with the above and the term is common in business (ledger) as well as banking and financial.

In a firewall setup at the edge of your business, the log is an audit trail and should be enabled (all the logs on the device).

You can turn auditing ON at your server to see who logged in and did what. Default for this and firewall logs is OFF so make sure you have them turned on and your server has enough disk space to log a month of entries.
Penetration tester maintain a record to provide information for the developers, engineers to fix this issue.
A audit as was pointed out depending on the industry is a required record tracking of activity on and in the system, environment.

An audit deals with detecting a modification by a user who shoukd not have been able to make that change.
Well, there are two reasons in the context that you're explaining to have an audit trail:
1) If for some reason the penetration test modified anything (intentional or not), then you're going to want to have visibility into that.
2) There should also be audit records to be sure that any actions that take place were authorized. Also helps you with investigations for unauthorized events.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
I thought there were other good answers besides only the last answer given.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
penetration test

From novice to tech pro — start learning today.