I told the AZ GOP there were only three possibilities.
1) The firewall records show only authorized access and superuser account is intact.
(numbers are valid)
2) Access was granted by superuser to other remote users.
(We now have the names and contact info of everyone involved)
3) All contact info including superuser is gone.
(This is clearly Obstruction of Justice and is NEVER done on ANY secure network.
“This is clearly Obstruction of Justice and is NEVER done on ANY secure network.”
You hit the nail here. Records of access are a CENTERAL PILLAR to securing any network. If you aren’t logging who has been getting in then you aren’t secure. There CAN NOT be a legitimate reason for them to wipe that information. Not with out backups.