4. Clear Logs to hide the Evidence of Compromise
1. View, Edit and clear Audit Policies using Auditpol
Auditpol.exe is the command-line utility tool to change the Audit Security settings at the category and sub-category levels. You can use Auditpol to enable or disable security auditing on local or remote systems and to adjust the audit criteria for different categories of security events. In real-time, the moment intruders gain administrative privileges, they disable auditing with the help of auditpol.exe. Once they complete their mission, they turn auditing back on by using the same tool (audit.exe).
See all audit policies
To set an auditing policy
To clear all audit policies
2. Clear windows logs using different utilities
Bat Script
Download the script and run as administrator.
wevtutil el
list event logs
To clear a single log
To clear all logs
Cipher (Overwrite deleted files)
3. Clear Linux logs using bash shell
Disable history keeping
To clear bash history
clear history of existing shell only
shred the history without clearing
to view history file
First shred history file and then clear it.
4. Hiding Artifacts in Windows and Linux
Windows
create a dir
Hide a folder in windows
To unhide a folder in windows
Hide user accounts in windows
Linux
Create a file with . to hide a file. Ti view the hidden files
5. Clear window logs using CCleaner
We need the pro trial version. You can go to custom clean and clean everything as you desire.
Last updated