The answers you get will vary, to an extent. It depends upon what tools you / the tester uses. Many tools (such as Core Impact) setup a separate project with it's own mini database and logs, for each project you are doing. GFI Languard behaves similarly, for record-keeping, for an individual test scenario. But when using BackTrack or other tools, you often use other means and data folders for record-keeping, where you may file screen captures, logs, files you extracted from a customer machine, etc. It's sort of based upon the tester, as to how you want to keep record, but you're absolutely correct, in that ALL records should be kept, both for clarification of what steps and tests were performed, as well as for your own safety, after the testing is performed, to cover your backside. And as for how any / all of this data is collected to begin with, each tester has their own preferences, but in the end, it could be keyloggers, packet captures, screen captures, or any one of MANY other methods of capturing your activities for record.
Once my tests have been completed and the customer has signed off on the deliverables, I securely archive all of the data (won't go into how, as again, this changes per tester, and I prefer to keep my methods to myself, ;) ) and file it away, for future reference, if absolutely necessary. (Otherwise I never open it again.)
Hope that helps, at least a little bit...
~ hayabusa ~
"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'
OSCE, OSCP , GPEN, C|EH