¨opening or editing event log files cannot be done with a standard file editing tool ¨Deleting event log files possible but may cause suspicion ¨WinZapper tool allows attacker to selectively delete security events