Alibi - Tools

Here’s an interesting write-up on — a lesser-known but historically and psychologically fascinating category of artifacts.

Windows Event Logs have sequential Event Record IDs. If an attacker clears the Security log (Event ID 1102) and then injects fake logs, the sequence numbers will be discontinuous. A jump from Log #10,000 to Log #10,001 after an hours-long gap is a mathematical impossibility in a live system, revealing the hand of an alibi tool. alibi tools

: In management, these can be tools implemented to superficially satisfy reporting obligations, such as specific components of a Balanced Scorecard eParticipation Here’s an interesting write-up on — a lesser-known

An is any technology that allows a user to manipulate digital evidence to suggest an alternative timeline, location, identity, or activity pattern that does not reflect reality. A jump from Log #10,000 to Log #10,001