Hiding Evidence by
Altering Event Logs
¨
Attackers like to remove evidence from logs
associated with attacker’s gaining access,
elevating privileges,and installing RootKits
and backdoors
–
Login records
–
Stopped and restarted services
–
File access/update times
¨