Log Clearing

From: Log Tampering 101 (Accessed by Benjamin Hobbs on 8/15/2023)

Question for Understanding

1. Explain some specifics of why a hacker might want to clear log files to a family member. Do not use the example from the article.

• Why would a hacker want to clear log files? Considering hacking is a crime (think either B&E at least...with theft, vandalism, or blackmail, also likely)
• Given that fact, hacking into a system nowadays is like trying to sneak around a crowded train station. SOMEONE saw you. SOMETHING can point to what you did. To not get caught, you'll want to erase the viability of those "records"...you could corrupt the logs maybe or modify them (pay people off/threaten them to say something different). You can make them wrong (wear a disguise and then change after so their report isn't what is accurate) or you could delete them (knock them out). This way although you may have been seen, you won't be caught.

2. What are three methods by which you can clear logs in a Windows system?
   1. Clearlogs.exe
   2. Meterpreter
   3. Windows Event Viewer (Clear All Events)
3. What are the four steps in the process of covering your tracks.
   1. Disable auditing
   2. Clearing logs
   3. Modifying logs
   4. Erasing command history

Additional Resources

Bookmark and Review

NIST SP800-154 Guide to Data-Centric Threat Modeling

What more do I want to know about?