Fisch, White, and Pooch [353] define four levels of log sanitization.
a. Simple sanitization, in which all information except the commands issued by an intruder are deleted
b. Information-tracking sanitization, in which sensitive information is entered into a symbol table as it is encountered, a unique identifier is assigned, and whenever that information is encountered it is replaced with the associated identifier
c. Format sanitization, in which compressed or encoded data is transformed into its original form, the original form is sanitized using information-tracking sanitization, and the resulting data is returned to its transformed format
d. Comprehensive sanitization, in which all data is analyzed and sanitized as in information-tracking and format sanitization
Discuss the level of anonymity of each level of sanitization. Which level could be automated, and to what degree would human oversight be required?