Log Clearing.md - Juan-bit94/Ops401D10 GitHub Wiki
Log Clearing
Why does this topic matter?
This topic matters because log data is a crucial source of information for detecting and investigating security incidents.
Clearing logs can hinder or even prevent the identification of unauthorized access, malicious activities, and security breaches.
Log clearing from hackers makes it more challenging to respond effectively to security incidents.
Explain some specifics of why a hacker might want to clear log files to a family member. Do not use the example from the article.
Hackers want to clear the log files because they do not want to leave a trail or evidence of a hackers activity. Since everything in the network is logged and timestamped, hackers want to leave the scene of the crime as clean as possible.
If you think about it, hacker want to remain anonymous since they are engaging in illegal activities, and they do not want to leave bread crumbs to investigators or companies that will seek criminal prosecution.
What are three methods by which you can clear logs in a Windows system?
Here are the three methods by which a hacker can clear logs in a Windows OS.
Clearlogs.exe: This file can be installed and then runed to clear security logs.
Meterpreter: This is used with Metasploit, after the system is compromised, Metasploit can used the Meterpreter command to clear security, application, and system logs.
Windows Event Viewer: navigate to the windows logs folder tree and then select clear all events, easy as you please.
What are the four steps in the process of covering your tracks.
The four steps for covering your tracks are as follows
Disable auditing
Clearing logs
Modifying logs
Deleting commands
Things I want to know more about.
I would like to know more about some best practices for log management, strategies for collecting and storing, and analyzing log data effectively.
I would also like to learn more about log monitoring solutions and practices for real-time detection of suspicious activities and security events.