Users typically use simple passwords. This is what computer attackers use. They calculate the password necessary for penetrating the network by selection.
This article laconically describes cutting utmp records for intrusion analysis. These files are not text files, but sometimes the files have empty data. That’s why an attacker can delete these files if he has administrative privileges.
Alison Chaiken has shared an article ‘Analyzing the Linux boot process’.
The article can help you understand how to the systems work and it is great preparation for dealing with the inevitable failures.