How To Cover One’s Tracks
After an attacker has gained access and accomplished what he wanted to do, one of the last steps he performs is covering his tracks. This involves going back into the system and hiding evidence that he was ever there. To do this, there are four main areas an attacker is concerned with:
Log files— Most systems contain log files or audit trails that list who gained access, and for how long. Depending on the level of logging, it could also indicate what they did and what files they accessed.
File information— To gain access or to put a backdoor on a system to preserve access, attackers usually have to modify or re-compile key system files. When an attacker does this, key file information, such as date and file size, tends ...
Get Hackers Beware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.