The Audit Log Was Cleared - SANS Digital Forensics and Incident Response Summit 2017
HTML-код
- Опубликовано: 30 июл 2024
- “The Audit Log was cleared.” The event that is sure to generate a loud groan from any forensicator. Annoying, but reassuring, you know for sure someone was here doing things they shouldn’t have. However, some attackers are a little more subtle when it comes to
the event logs they leave behind. In this talk, we will highlight some of the techniques real attackers have used to manipulate and remove event logs without leaving a “BAD GUY WUZ HERE” sign. In addition to discussing some Windows-native and custom tools to
accomplish this goal, we discuss the challenges of identifying these activities and what DFIR professionals can apply, if any, to crack their case.
Austin Baker, Consultant, Mandiant
&
Jacob Christie, Incident Responder, Mandiant 
Наука
Fantastic Guys! Thanks.
exceptionally good content! Please keep up with this excellent work!
Very good content!! Thank you!
Very enlightening. Thank you