Readings: Log Clearing

Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.

Review the Submission Instructions for guidance on completing and submitting this assignment.

Reading

Log Tampering 101

Explain some specifics of why a hacker might want to clear log files to a family member. Do not use the example from the article.

• Hackers want to avoid detection when committing crimes like using ransomware. For example, a hacker would want to delete log files to hide where they went on your system and what methods they used to lock up your files, like the exact commands used to perform these tasks.

What are three methods by which you can clear logs in a Windows system?

1. Clearlogs.exe
2. Meterpreter
3. Windows Even Viewer

What are the four steps in the process of covering your tracks?

1. Disable auditing
2. Clearing logs
3. Modifying logs
4. Erasing command history

Bookmark and Review

NIST SP800-154 Guide to Data-Centric Threat Modeling

Things I Want to Know More About

The process of how hackers cover their tracks and what commands are commonly used by bad actors.