From where do passive traces start in Uplink?
Solution 1:
They start on the server you broke into, when the owner company discovers what you did. A passive trace is just a company looking at their logs, and the logs of all your bounce nodes in reverse order, to figure out whodunit. They might also hire a colleague of yours to track you down.
You can delete logs on the target system, but, consider this: You can't completely hide your tracks.
If you delete all the logs, you will leave behind a single disconnection log when you leave, with no matching connection log. This is suspicious.
Even when you leave your initial connection log and only remove suspicious activity, the company will still be aware of the general time when your attack occurred, and may put 2 and 2 together.
The exception is of course when you delete everything, including the OS, and then crash the system so no logs are left behind. But even then, there's the lingering risk that the company has started following the log trail while you were connected.
Removing the logs from a bounce node (typically the first one so you can take your time) is just so much safer. If the bounce logs are missing from a single node in the chain, they won't have enough evidence to incriminate you.