ITM is an open framework - Submit your contributions now.

Anti-Forensics

Account Misuse

Clear Browser Artifacts

Clear Email Artifacts

Decrease Privileges

Delayed Execution Triggers

Delete User Account

Deletion of Volume Shadow Copy

Disk Wiping

File Deletion

File Encryption

Hide Artifacts

Hiding or Destroying Command History

Log Deletion

Log Modification

Modify Windows Registry

Network Obfuscation

Physical Destruction of Storage Media

Physical Removal of Disk Storage

Stalling

Steganography

Image Steganography

System Shutdown

Timestomping

Tripwires

Uninstalling Software

Virtualization

Windows System Time Modification

ID: AF021
Created: 07th April 2025
Updated: 07th April 2025
Platform: Windows
Contributor: David Larsen

Windows System Time Modification

The subject modifies the Windows system time in an attempt to obscure the timestamps of any system artifacts that may provide value to investigators.

Preventions (2)

Detections (1)

References

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4616