That is what I mean, yes.
For somebody in such a situation, who for example had an NSA firmware-backdoor, it is best to assume that this information has been accessed already by the NSA. If they had logs I would recommend they check them.
Sometimes attacks cannot be prevented (because nobody has unlimited time to secure their computers). So, this is why I would always recommend a non-networked, passive logging system. That way you can try and discover when and how the attacker gained entry, thus identifying what exploit they used/how you are vulnerable - such that it cannot happen again.
Is this more helpful to you? @newbie