ITM is an open framework - Submit your contributions now.

Anti-Forensics

Deletion of Volume Shadow Copy

Hiding or Destroying Command History

Physical Destruction of Storage Media

Physical Removal of Disk Storage

Windows System Time Modification

ID: AF019
Created: 02nd December 2024
Updated: 02nd December 2024
Contributor: The ITM Team

Decrease Privileges

A subject uses a mechanism to decrease or remove the privileges assigned to a user account under their control. This may represent an anti-forensics technique where the subject attempts to obscure previously held privileges that could associate them with activity relating to an infringement.

Anti-Forensics

Account Misuse

Clear Browser Artifacts

Clear Email Artifacts

Decrease Privileges

Delayed Execution Triggers

Delete User Account

Deletion of Volume Shadow Copy

Disk Wiping

File Deletion

File Encryption

Hide Artifacts

Hiding or Destroying Command History

Log Deletion

Log Modification

Modify Windows Registry

Network Obfuscation

Physical Destruction of Storage Media

Physical Removal of Disk Storage

Stalling

Steganography

System Shutdown

Timestomping

Tripwires

Uninstalling Software

Virtualization

Windows System Time Modification

Decrease Privileges

Preventions (2)

Detections (2)