Altering Event Logs in Windows


  • Opening or editing event log files cannot be done with a standard file editing tool 
  • Deleting event log files possible but may cause suspicion 
  • WinZapper tool allows attacker to selectively delete security events 
http://ntsecurity.nu/toolbox/winzapper

WinZapper – Windows XP/NT/2000/2003