1
00:00:00,840 --> 00:00:03,570
Now, let's talk about clearing tracks.

2
00:00:03,880 --> 00:00:12,330
OK, so removing evidences is very important part, right, because if you leave your footprints there,

3
00:00:12,480 --> 00:00:15,910
then it is easy for security experts to track you.

4
00:00:16,290 --> 00:00:22,590
OK, so hackers mainly focus on clearing evidences or clearing footprints.

5
00:00:23,860 --> 00:00:32,020
OK, so we will see how we can do it, first of all, it is very important to know that whenever you

6
00:00:32,020 --> 00:00:38,830
do any activity in your operating system, let's say you log in to the system or you log from there

7
00:00:39,220 --> 00:00:40,600
or you do anything.

8
00:00:41,140 --> 00:00:49,690
Your system creates some events, OK, some logs, and they are stored under different locations, OK?

9
00:00:50,170 --> 00:00:52,870
It depends on the type of log.

10
00:00:53,600 --> 00:00:53,920
Right.

11
00:00:54,310 --> 00:01:02,650
So there are security logs, there are application logs, etc. So we will see how we can find them and

12
00:01:02,650 --> 00:01:03,260
clear them.

13
00:01:04,240 --> 00:01:08,830
So first of all, let's open the command prompt, OK?

14
00:01:09,280 --> 00:01:11,740
And we will use a common goal.

15
00:01:12,250 --> 00:01:17,770
Audit all OK, audit Pearlstein's for audit policy.

16
00:01:18,490 --> 00:01:24,820
And if I ain't done it, we will see different options available here to be used with this command.

17
00:01:25,390 --> 00:01:27,160
OK, so let's see.

18
00:01:28,900 --> 00:01:47,710
Audit all aget slash category star status stands for all select all see here on a list of different

19
00:01:47,710 --> 00:01:48,210
logs.

20
00:01:48,760 --> 00:02:01,340
So and these are divided under types and subtypes like you can of scroll and see all of them here.

21
00:02:03,020 --> 00:02:14,250
OK, now we can also use audit all in order to clear all of these logs and for this simply type of slash

22
00:02:14,710 --> 00:02:26,290
and clear, OK, hit enter it says additional press and to cancel or any other key to continue.

23
00:02:26,710 --> 00:02:29,680
OK, so let's do that.

24
00:02:31,900 --> 00:02:34,360
It says the command was successfully executed.

25
00:02:34,540 --> 00:02:40,800
Now let's check it again and see it says no logs remaining, OK?

26
00:02:40,810 --> 00:02:42,800
No auditing, nor did ignore auditing.

27
00:02:43,420 --> 00:02:50,920
OK, so this way you can detect different kinds of logs and you can clear them as well.

28
00:02:51,340 --> 00:02:51,600
Right.

29
00:02:52,060 --> 00:02:56,620
So Audit Vault is the one V OK as it uses common ground.

30
00:02:56,980 --> 00:03:01,620
Now let's see one other thing, which is called event viewer.

31
00:03:01,900 --> 00:03:02,240
Right.

32
00:03:02,710 --> 00:03:10,390
So within the Windows operating system, the event viewer is an application that presents all application,

33
00:03:10,390 --> 00:03:15,140
security setup and system logs within a single dashboard.

34
00:03:15,140 --> 00:03:15,670
All right.

35
00:03:16,420 --> 00:03:21,520
So two X's event, we were simply hit window key.

36
00:03:21,790 --> 00:03:22,640
Bit odd.

37
00:03:22,930 --> 00:03:26,770
OK, so window R and type event.

38
00:03:28,770 --> 00:03:32,730
VW are dot masc and hit enter.

39
00:03:36,410 --> 00:03:38,430
And let's wait for it to open.

40
00:03:38,870 --> 00:03:49,070
Now go to window, looks like see, now you have all types of logs here.

41
00:03:49,670 --> 00:03:54,170
OK, and it has also mentioned a number of events it recorded.

42
00:03:55,040 --> 00:03:59,870
And these are divided into different categories, like the first one is for application logs.

43
00:03:59,990 --> 00:04:01,630
Second one is for security.

44
00:04:01,640 --> 00:04:04,170
Third is set up, then system and then forwarded.

45
00:04:04,770 --> 00:04:09,080
OK, so to clear this simply right, click on this.

46
00:04:09,680 --> 00:04:10,430
OK, here.

47
00:04:11,990 --> 00:04:12,710
Simply right.

48
00:04:12,710 --> 00:04:14,960
Click and select clear log.

49
00:04:16,280 --> 00:04:22,670
OK, so these two are the easiest way to detect logs and clear them.

50
00:04:23,180 --> 00:04:23,510
Right.

51
00:04:24,050 --> 00:04:31,520
So in this lesson we have learned how we can use audit fall and even we were in order to access different

52
00:04:31,520 --> 00:04:34,160
kind of logs and to remove them.