Hiding Evidence by
Altering Event Logs
¨Attackers like to remove evidence from logs associated with attacker’s gaining access, elevating privileges,and installing RootKits and backdoors
–Login records
–Stopped and restarted services
–File access/update times
¨