Wiping Event Logs

As a precautionary measure, if the system does not forward any logs to a remote server and there is an attempt at anlysis of an infected machine, erasing the event logs removes a major source of information which may be used in a forensic investigation. Clearing the event logs can be done using the EvtClearLog as aforementioned.

Code Snippets

Thomas Roccia

Description

Common commands found in malware.

wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:

Additional Resources

Subscribe to our Newsletter and don't miss important updates