How would they get root access to delete the logs? They wouldn’t be able to without it right?

The real question is about whether someone got into the computer at all, or if it wasn’t even touched. Because during the time span the logging has no records.

So either it was a sophisticated actor with merging I’m not aware of, or they could get root access. But then the question is how they could get root access to delete logs, and then also are there separate logs for deleting things from the file system? 🤔