5. Clear Logs to hide the Evidence of Compromise

1. View, Edit and clear Audit Policies using Auditpol

Auditpol.exe is the command-line utility tool to change the Audit Security settings at the category and sub-category levels. You can use Auditpol to enable or disable security auditing on local or remote systems and to adjust the audit criteria for different categories of security events. In real-time, the moment intruders gain administrative privileges, they disable auditing with the help of auditpol.exe. Once they complete their mission, they turn auditing back on by using the same tool (audit.exe).

See all audit policies

auditpol /get /category:*

To set an auditing policy

To clear all audit policies

2. Clear windows logs using different utilities

1. Bat Script

Clear All Event Logs in Event Viewer in Windowstenforums

Download the script and run as administrator.

1. wevtutil el

list event logs

To clear a single log

To clear all logs

1. Cipher (Overwrite deleted files)

3. Clear Linux logs using bash shell

Disable history keeping

To clear bash history

clear history of existing shell only

shred the history without clearing

to view history file

First shred history file and then clear it.

4. Hiding Artifacts in Windows and Linux

Windows

create a dir

Hide a folder in windows

To unhide a folder in windows

Hide user accounts in windows

Linux

Create a file with . to hide a file. Ti view the hidden files

5. Clear window logs using CCleaner

Download CCleaner | Clean, optimize & tune up your PC, free!ccleaner

We need the pro trial version. You can go to custom clean and clean everything as you desire.