Removing Windows Login Traces
The Hack Dissected
Pavel took Stepan’s laptop from Vlad and blanked the three Windows event log files. Next, he changed the “last logged in user” registry key so that it would appear that Stepan’s account was the last one used. (p. 8)
Early in our story, Pavel and Vlad hack into Stepan’s computer to gather details on their employer and the job that he has for them. Pavel used a Linux bootable operating system on a Universal Serial Bus (USB) drive to change the password of the Administrator account and gain control of the system. However, when he was done siphoning off the information from the laptop, he went the extra step of cleaning up after himself and removing traces that he was on the computer ...