Log Clearing

Ethical hacking: Log tampering 101

Logs are designed to record nearly everything that occurs in a system, including hacking attempts, and can be the determinative factor in catching hackers after their crime has been committed.

Logs

In terms of analogies, hacking is sort of like stealing cookies from the cookie jar. Every cookie thief, or hacker, wants to be able to get in there and do what their dirty deeds before getting caught.

Now imagine that this cookie jar is surrounded by fresh snow that covers everything around it. It would be impossible to even get to the cookie jar without leaving tracks — just as it would be impossible to gain entry to a system without being detected. Tampering with logs is the equivalent of covering these obvious tracks that administrators use to catch hackers.

Four-step process to covering your tracks by tamping with logs

1. Disable auditing
2. Clearing logs
3. Modifying logs
4. Erasing command history

Questions

Explain some specifics of why a hacker might want to clear log files to a family member. Do not use the example from the article.

The concept is easy. Imagine you are a very competitive student and you were doing a very hard math problem given by the teacher, he only needed the answer and who got it would skip the next test. After many demonstrations and calculations written you finally got the solution. As you are competitive and selfish you erase your calcs for no one copy you and hand the solutions to the teacher. This is the same as clearing logs, you erase your steps in order to preserve your anonymity and find out how you did it.

What are three methods by which you can clear logs in a Windows system?

Clearlogs.exe; Meterpreter; Windows Event Viewer.

What are the four steps in the process of covering your tracks.

Disable auditing; Clearing logs; Modifying logs; Erasing command history.