Whenever someone comes in contact with another person, place, or thing, something of that person is left behind. This means that the attacker must disable logging, clear log files, eliminate evidence, plant additional tools, and cover his tracks.
Here are some of the techniques that an attacker can use to cover his tracks:-
(1) Disabling logging – Auditpol was originally included in the NT Resource kit for administrators. It works well for hackers too, as long as they have administrative access.
Just point it at the victim’s system as follows:
C:\>auditpol \\192.168.10 /disable
Auditing Disabled
(2) Clear the log file – The attacker will also attempt to clear the log. Tools, such as Winzapper, evidence Eliminator, or Elsave, can be used. Elsave will remove all entries from the logs, except one entry that shows the logs were cleared.
It is used as follows:
Elsave -s \\192.168.13.10 -1 “Security” -C
(3) Cover their tracks – One way for attackers to cover their tracks is with rootkits. Rootkits are malicious codes designed to allow an attacker to get expanded access and hide his presence. While rootkits were traditionally a Linux tool, they are now starting to make their way into the Windows environment. Tools, such as NTrootkit and AFX Windows rootkits, are available for Windows systems. If you suspect that a computer has been rootkitted, you need to use an MD5 checksum utility or a program, such as Tripwire, to determine the viability of your programs. The only other alternative is to rebuild the computer from known good media.
1 comment:
Are you willing to know who your spouse really is, if your spouse is cheating just contact cybergoldenhacker he is good at hacking into cell phones,changing school grades and many more this great hacker has also worked for me and i got results of spouse whats-app messages,call logs, text messages, viber,kik, Facebook, emails. deleted text messages and many more this hacker is very fast cheap and affordable he has never disappointed me for once contact him if you have any form of hacking problem am sure he will help you THANK YOU.
contact: cybergoldenhacker at gmail dot com
Post a Comment