When dealing with a small network, it is easy to underestimate the time and effort it can take to clean up your compromised hosts. This task is critical in both avoiding detection and leaving the network in pristine condition once your testing has been completed. The last thing anyone wants is to overlook a compromised host that has a meterpreter backdoor installed and waiting for the next person to come along and take advantage of it! The key is to take meticulous notes and keep accurate records not only of what was done while testing, but also if the things that were done could possibly persist after testing.
If you have not scripted the full exploitation and post-exploitation process, then make sure you are keeping a checklist for all actions that must be undone. This is above and beyond creating notes and logging commands for your final report. We are talking about the guide that will be used to ensure that nothing is left to chance and all...