Detections
- Home
- - Detections
- -DT014
- ID: DT014
- Created: 30th May 2024
- Updated: 14th June 2024
- Platforms: Windows, Linux, MacOS
- Contributor: The ITM Team
Utilize Cold Storage for Logs
By autonomously collecting log files from a system and transporting them to another system, such as a SIEM collector, they are typically no longer accessible by the subject, preventing them from being able to delete them. These can aid in investigations where a subject has deleted local logs.
Sections
ID | Name | Description |
---|---|---|
AF002 | Clear Operating System Logs | A subject clears operating system logs to hide evidence of their activities. |
AF002.001 | Clear Windows Event Logs | A subject clears Windows Event logs to conceal evidence of their activities. Windows Event Logs store various types of information, such as system errors, application events, security auditing messages, and other operational events. The logs are stored in Windows Event Logs can be cleared using the Event Viewer utility, provided the user account has administrative privileges. |