Removing Windows Login Traces

The Hack Dissected

Pavel took Stepan’s laptop from Vlad and blanked the three Windows event log files. Next, he changed the “last logged in user” registry key so that it would appear that Stepan’s account was the last one used. (p. 8)

Early in our story, Pavel and Vlad hack into Stepan’s computer to gather details on their employer and the job that he has for them. Pavel used a Linux bootable operating system on a Universal Serial Bus (USB) drive to change the password of the Administrator account and gain control of the system. However, when he was done siphoning off the information from the laptop, he went the extra step of cleaning up after himself and removing traces that he was on the computer ...

Get Dissecting the Hack: The F0rb1dd3n Network, Revised Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.