
Altering Event
Logs in
Windows NT/2000
¨opening or editing event log files
cannot be done with a standard file editing tool
¨Deleting
event log files possible but may cause suspicion
¨WinZapper
tool allows attacker to selectively delete security events
¨
¨