Let's say I want to copy files off a computer without anyone knowing.
1. First I unplug the DSL cable from the computer to disconnect it from any network/server
2. I boot from Ohpcrack xp live disk and find the admin pass
3. I login as admin
4. I go to msconfig, I turn off the windows event collector and windows event viewer services, along with windows defender, firewall, and any other security measures
5. I restart the computer to register the msconfig changes
6. I plug in my USB drive
7. I run this BAT file off my USB stick to purge the event viewer contents
"@echo
SET VEVLOGCLR=wevtutil cl
%VEVLOGCLR% "Microsoft-Windows-ADSI/Debug"
%VEVLOGCLR% "Microsoft-Windows-AltTab/Diagnostic"
%VEVLOGCLR% "Microsoft-Windows-Backup"
%VEVLOGCLR% "Microsoft-Windows-Bits-Client/Analytic"
%VEVLOGCLR% "Microsoft-Windows-Bits-Client/Operational"
%VEVLOGCLR% "Microsoft-Windows-CAPI2/Operational"
%VEVLOGCLR% "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
%VEVLOGCLR% "Microsoft-Windows-CodeIntegrity/Operational""
(goes on for 2 pages)
8. I copy the files to my USB stick
9. I run the above BAT file again just to be safe
10. I run file shredder off my USB stick, and wipe the free disk space on the computer (is this necessary? it takes a while so if I don't need to this then I won't).
10a. I run track eraser off my USB stick to purge the registry files (again is this necessary)?
11. I unplug my USB stick
12. I system restore if i have time
13. I revert the msconfig changes and shutdown
14. I replug in the DSL cable
Anything that could possibly go wrong here? I want to do this in 20 minutes
1. First I unplug the DSL cable from the computer to disconnect it from any network/server
2. I boot from Ohpcrack xp live disk and find the admin pass
3. I login as admin
4. I go to msconfig, I turn off the windows event collector and windows event viewer services, along with windows defender, firewall, and any other security measures
5. I restart the computer to register the msconfig changes
6. I plug in my USB drive
7. I run this BAT file off my USB stick to purge the event viewer contents
"@echo
SET VEVLOGCLR=wevtutil cl
%VEVLOGCLR% "Microsoft-Windows-ADSI/Debug"
%VEVLOGCLR% "Microsoft-Windows-AltTab/Diagnostic"
%VEVLOGCLR% "Microsoft-Windows-Backup"
%VEVLOGCLR% "Microsoft-Windows-Bits-Client/Analytic"
%VEVLOGCLR% "Microsoft-Windows-Bits-Client/Operational"
%VEVLOGCLR% "Microsoft-Windows-CAPI2/Operational"
%VEVLOGCLR% "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
%VEVLOGCLR% "Microsoft-Windows-CodeIntegrity/Operational""
(goes on for 2 pages)
8. I copy the files to my USB stick
9. I run the above BAT file again just to be safe
10. I run file shredder off my USB stick, and wipe the free disk space on the computer (is this necessary? it takes a while so if I don't need to this then I won't).
10a. I run track eraser off my USB stick to purge the registry files (again is this necessary)?
11. I unplug my USB stick
12. I system restore if i have time
13. I revert the msconfig changes and shutdown
14. I replug in the DSL cable
Anything that could possibly go wrong here? I want to do this in 20 minutes
Facebook
Twitter
Instagram