What action should be taken to preserve artifacts after a penetration test?

Preserving artifacts is about keeping a verifiable, auditable record of what happened during the penetration test. Archiving network traffic capture files and tool output logs is the best approach because it preserves the raw data and detailed results needed for future analysis, validation of findings, and evidence-based remediation without needing to repeat intrusive tests on production systems. Properly archived artifacts support reporting, accountability, and compliance with engagement terms and legal considerations. Make sure to protect and manage these artifacts with clear metadata, timestamps, chain-of-custody, access controls, backups, and documented redaction where needed. Deleting artifacts eliminates a valuable record and hinders validation; publishing them publicly risks exposing sensitive data; ignoring them and relying on memory is unreliable for accurate audit and remediation.