A log file can record events that occur in a computing environment. An attacker who attacks an aspect of a computing environment may leave evidence of that attack in associated log files. Because forensic examination of an attack may involve reviewing log file(s), an attacker may attempt to “cover their tracks” by modifying those log file(s).