Solved

What tools are out there to modify security and event logs on Windows 2003 and Windows 2008

Posted on 2014-11-03
3
93 Views
Last Modified: 2014-12-04
Hi ,

Is it possible for someone to modify the security logs on Windows 2003 and 2008 ?
What are the tools he could use ?

thanks
0
Comment
Question by:c_hockland
  • 2
3 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 40420577
Your question needs to be clarified. Are you seeking info about possible attack vectors? Some attacker trying to delete traces?

You cannot modify log files while the eventlog service is running - it won't let you. And offline attacks are quite complicated, too.

But first clarify.
0
 

Author Comment

by:c_hockland
ID: 40420971
yes , is it possible for someone to turn off the service and modify entries on the event logs ?   for example edit a user name that accessed the server ?  ( referring to possible attack vectors)
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 40421137
I must confess, I have not worried about this too much.
But I found out: If you try to edit the eventlog file offline, the system declares it as corrupted (I just changed one single letter of a username) and creates a new, empty file. The old one remains with extension .corrupted.evtx
If, when online, you try to stop that service, it immediately restarts and there is no chance to exchange the file, at least not on my test machine with win8.1
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question