Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
Timestomping
Tripwires
Uninstalling Software
Virtualization
Windows System Time Modification
- ID: AF002.001
- Created: 25th May 2024
- Updated: 23rd October 2025
- Platform: Windows
- MITRE ATT&CK®: T1070.001T1070
- Contributor: The ITM Team
Clear Windows Event Logs
A subject clears Windows Event logs to conceal evidence of their activities.
Windows Event Logs store various types of information, such as system errors, application events, security auditing messages, and other operational events.
The logs are stored in C:/WINDOWS/system32/config.
Windows Event Logs can be cleared using the Event Viewer utility, provided the user account has administrative privileges.
Preventions (1)
Detections (4)
MITRE ATT&CK® Mapping (2)
ATT&CK Enterprise Matrix Version 17.1