Anti-Forensic

Technique Name	Technique ID's	Snippet(s)	Rules(s)	OS
Indicator Removal: Clear Windows Event Logs	T1070.001 U0302
FuncIn	U0132 U0221 U0308
Wiping or Encrypting	U0301
Indicator Removal: Timestomp	U0303 T1070.006
Killing Windows Event Log	U0304
Volume Shadow Copy Service (VSC,VSS) Deletion	U0305 T1070.004
Disabling Event Tracing for Windows (ETW)	U0306
Windows Event Log Evasion via Native APIs	U0307
Clearing Kernel Message	U0309
Manipulating Debug Logs	U0310
Deleting Troubleshoot Information and Core Dumps	U0311
Removing Commands from SELinux Audit Logs	U0312