Tag: delete

Microsoft Windows

How to delete a folder in use

1. Start Process Explorer from SysInternals suite. 2. Press Ctrl+F to open Search window. 3. Search for the folder name that you want to delete but it’s in use. 4. Kill all the processes that use this folder. 5. Delete the folder. https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx https://technet.microsoft.com/en-us/sysinternals/bb842062

Anti-Forensics

Clear All Windows Logs

1) Create a .bat file 2) Append the following: @echo off FOR /F "tokens=1,2*" %%V IN (’bcdedit’) DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=*" %%G in (’wevtutil.exe el’) DO (call :do_clear "%%G") echo. echo Event Logs have been cleared! ^<press any key^> goto theEnd :do_clear echo clearing %1 wevtutil.exe cl %1 goto …

Windows 7

Delete all event logs at once in Windows 7

@echo off FOR /F "tokens=1,2*" %%V IN (’bcdedit’) DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=*" %%G in (’wevtutil.exe el’) DO (call :do_clear "%%G") echo. echo Event Logs have been cleared! ^<press any key^> goto theEnd :do_clear echo clearing %1 wevtutil.exe cl %1 goto :eof :noAdmin echo You must run this script as …

Anti-Forensics

Anti-Forensics – Delete UserAssist History

Windows Explorer maintains a list of frequently programs executed and shortcuts opened on a Windows machine in the UserAssist registry entries. This is achieved by maintaining a count of application use and last execution date and time in each users NTUSER.DAT registry file. UserAssist registry key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist Under UserAssist key there are two subkeys named, …

Microsoft Windows, Windows 7

Delete System Service in Windows 7

Before you delete any service you have to know its real name, not the displayed one. 1. Open services by executing: services.msc 2. Locate your desired service for deletion 3. Right click on it and select Properties 4. On Tab General, there is a field called Service Name. That’s the name that you will provide …