ITM is an open framework - Submit your contributions now.

Anti-Forensics

Account Misuse

Clear Browser Artifacts

Clear Email Artifacts

Decrease Privileges

Delayed Execution Triggers

Delete User Account

Deletion of Volume Shadow Copy

Disk Wiping

File Deletion

File Encryption

Hide Artifacts

Hiding or Destroying Command History

Log Deletion

Log Modification

Modify Windows Registry

Network Obfuscation

Physical Destruction of Storage Media

Physical Removal of Disk Storage

Stalling

Steganography

Image Steganography

System Shutdown

Timestomping

Tripwires

Uninstalling Software

Virtualization

Windows System Time Modification

ID: AF014
Created: 25th May 2024
Updated: 23rd October 2025
Platforms: WindowsLinuxMacOS
MITRE ATT&CK®: T1529
Contributor: The ITM Team

System Shutdown

A subject may shutdown a system to clear volatile memory (RAM), preventing memory acquisition and analysis.

Preventions (1)

Detections (1)

MITRE ATT&CK® Mapping (1)

ATT&CK Enterprise Matrix Version 17.1