Tag: AntiForensics

Anti-Forensics, Privacy

Disable UserAssist History – Anti-Forensics

To stop Windows (Vista, 7, 8) from tracking the programs you use; > Create a new file and name for ex. disable_userassist.reg > Copy+paste the following lines into it: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackProgs"=dword:00000000Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackProgs"=dword:00000000 > Save the file and > Double click it, to import values into …

Anti-Forensics, Privacy

Delete UserAssist History – Anti-forensics

Windows system maintain a set of keys in the registry database to keep track of programs that executed. The number of executions and last execution date and time are available in these keys. UserAssist is a method used to populate a user’s start menu with frequently used applications. The information within the binary UserAssist values …

Anti-Forensics, Privacy

Disable timestamp for last access to a file – Anti-forensics

fsutil – Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume. If it is used without parameters, fsutil displays a list of supported subcommands. fsutil behavior – queries or sets NTFS volume behavior. > Run cmd as administrator …

Anti-Forensics, Microsoft Windows

Clear All Windows System Logs – AntiForensics

Clear All Windows System Logs using ClearLogs (wevtutil.exe). wevtutil Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. Development: Built on .Net Framework 4.5.1 with Visual Studio 2013. Download Page: http://sourceforge.net/projects/clearlogs/ Source …