Metasploit does provide a good number of features to cover tracks. However, from a forensics standpoint, they still might lack some core areas which may reveal activities and useful information about the attack. There are many modules on the internet that tend to provide custom functionalities. Some of them do make it to the core Metasploit repos while some go unnoticed. The module we are about to discuss is an anti-forensics module offering a ton of features such as clearing event logs, clearing log files, and manipulating registries, .lnk files, .tmp, .log, browser history, Prefetch Files (.pf), RecentDocs, ShellBags, Temp/Recent folders, and also restore points. Pedro Nobrega, the author of this ...
Covering tracks with anti-forensics modules
Get Mastering Metasploit - Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.