21Mar
How to make windows forensic harder?
Using Windows without creating forensic information is impossible. But you can make it harder. How to use a regular Windows 10 with least traces of forensics?
There are some important sources of forensic data:
Event logs
- Admin can easily delete all. Can I disable it entirely or create fake entries to appear like they are real?
Jump Lists
- List all the files you accessed. Can I fake the data?
Registry
- Windows registry is a black box. There is a lot of forensic information. What do you need to look for?
File dates
- You can mess with dates, but only one file date information you can't change, only if you change the system clock.
What can you do to make Windows forensics harder?