Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Code Contribution Obfuscation and Misrepresentation
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disable Logging
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Message Deletion
Message Modification
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
System Time Modification
Timestomping
Tripwires
Uninstalling Software
Virtualization
- ID: AF034
- Created: 07th July 2026
- Updated: 07th July 2026
- MITRE ATT&CK®: T1685T1685.001T1685.002T1685.004
- Contributor: The ITM Team
Disable Logging
A subject disables, suppresses, or materially weakens logging to prevent activity from being recorded. This behavior targets the systems, services, configurations, agents, or pipelines responsible for generating, collecting, forwarding, or retaining event data. By preventing telemetry from being created or preserved, the subject reduces the evidentiary record available to investigators and may create a deliberate visibility gap around unauthorized activity.
Disable Logging may involve stopping audit services, changing audit policy, disabling log forwarding, modifying retention settings, suppressing application logs, impairing endpoint telemetry, or preventing specific categories of events from being written. It may occur on endpoints, servers, cloud workloads, identity platforms, administrative systems, or security tooling where the subject has sufficient access to influence logging behavior.
Preventions (3)
Detections (5)
MITRE ATT&CK® Mapping (4)
ATT&CK Enterprise Matrix Version 19.1