Home Videos What Event Logs? Part 1: Attacker Tricks to Remove Event Logs

What Event Logs? Part 1: Attacker Tricks to Remove Event Logs

0
0
1,344

Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as the correlative glue between additional artifacts. But what happens when the attackers find ways to remove the logs, or worse, stop the logs from writing? We must find a way to adapt.

In part 1 of this series, SANS instructor and incident responder Matt Bromiley focuses on techniques, old and new, that attackers are using to neutralize event logs as a recording mechanism. Ranging from clearing of logs to surgical, specific event removal, in this webcast we will discuss how the attackers are doing what they’re doing, and the forensic techniques we can use to detect their methods. There has been a lot of discussions lately about attackers’ ability to fool the system into not writing event logs – but are our attackers truly staying hidden when they do this? Let’s find out!

Load More Related Articles
  • RDP Event Log Forensics

    As a continuation of the “Introduction to Windows Forensics” series, this epis…
  • Windows Process Genealogy

    As an incident responder, one of the things you need to be able to quickly do when looking…
  • Event Log Forensics with Log Parser

    As a continuation of the “Introduction to Windows Forensics” series, this vide…
Load More In Videos

Leave a Reply

Your email address will not be published. Required fields are marked *