Which of the following is a common tactic attackers use to cover their tracks on a system?

Covering tracks is about making attacker activity hard to observe and trace. The most common techniques involve manipulating evidence directly: editing log files to remove or hide events, concealing or moving artifacts so they aren’t easily found, and using covert channels to communicate or exfiltrate data without triggering standard monitoring. Clearing logs and tampering with timestamps steps investigators away from what actually happened, while hiding files or using stealthy storage makes artifacts harder to link to the attacker. Covert channels allow data to leave or commands to come in without showing up in normal network monitoring, which keeps the attacker’s presence less detectable. Scattering reconnaissance like scanning for open ports is about discovering targets, not erasing evidence. Using anti-virus software to detect themselves would undermine the attacker’s goals and isn’t a tactic for concealment. Backing up data to cloud storage can be legitimate recovery or exfiltration, but it isn’t a direct method for erasing traces or hiding activity on the system.