cleaning up traces of activities in various log files NOT usually done during a pen test

log files are just text, can use timestomp to modify access time of file, change file ownership to original user NOT usually done during a pen test

touch (linux, unix, OS X) - updates time to the current time ctime (linux, unix, OSX) - change time to a given date/time meterpreter has a built in tool

Covering Your Tracks Flashcards by Grayden Odum

Erase, Modify, Disable Evidence

removing unneeded files or tools that were added to the victims machine, hiding resources in uncommon locations

How well did you know this?

Not at all

Perfectly

Clearing Log Files

cleaning up traces of activities in various log files

* NOT usually done during a pen test

How well did you know this?

Not at all

Perfectly

Modifying Log Files

log files are just text, can use timestomp to modify access time of file, change file ownership to original user
NOT usually done during a pen test

How well did you know this?

Not at all

Perfectly

TimeStomp

touch (linux, unix, OS X) - updates time to the current time
ctime (linux, unix, OSX) - change time to a given date/time
meterpreter has a built in tool

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

Covering Your Tracks Flashcards

Brainscape's Knowledge Genome^TM