# Windows Covering Tracks Commands
Commands to run to clean up a system after you have exploited it and to reduce a target's ability to discover what you did while on their system and are usually executed from the context of the `cmd.exe` or `command.exe` prompt.
## del
### Delete Logs
* **Command with arguments**: `del %WINDIR%\*.log /a /s /q /f`
* **Description**: **MUST be run as an administrator**. Deletes all *.log files from the %WINDIR% directory.
* **Output**:
* NA
----
## wevtutil
### List Logs
* **Command with arguments**: `wevutil el`
* **Description**: Lists the different log files the system is keeping. More information can be found http://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx
* **Output**:
* **Windows 2008:** Show/Hide
C:\Users\johndoe>wevtutil el
Application
DFS Replication
Directory Service
DNS Server
File Replication Service
HardwareEvents
Internet Explorer
Key Management Service
Security
System
ThinPrint Diagnostics
EndpointMapper
ForwardedEvents
Microsoft-Windows-ADSI/Debug
Microsoft-Windows-Bits-Client/Analytic
Microsoft-Windows-Bits-Client/Operational
Microsoft-Windows-CAPI2/Operational
Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
Microsoft-Windows-CodeIntegrity/Operational
Microsoft-Windows-CodeIntegrity/Verbose
Microsoft-Windows-COM/Analytic
Microsoft-Windows-CorruptedFileRecovery-Client/Operational
Microsoft-Windows-CorruptedFileRecovery-Server/Operational
Microsoft-Windows-CredUI/Diagnostic
Microsoft-Windows-DateTimeControlPanel/Analytic
Microsoft-Windows-DateTimeControlPanel/Debug
Microsoft-Windows-DateTimeControlPanel/Operational
Microsoft-Windows-DCLocator/Debug
Microsoft-Windows-Diagnosis-DPS/Analytic
Microsoft-Windows-Diagnosis-DPS/Debug
Microsoft-Windows-Diagnosis-DPS/Operational
Microsoft-Windows-Diagnosis-MSDT/Debug
Microsoft-Windows-Diagnosis-MSDT/Operational
Microsoft-Windows-Diagnosis-PLA/Debug
Microsoft-Windows-Diagnosis-PLA/Operational
Microsoft-Windows-Diagnosis-WDI/Debug
Microsoft-Windows-Diagnostics-Networking/Debug
[...snip...]
### Clear Logs
* **Command with arguments**: `wevtutil cl [LOGNAME]`
* **Description**: **MUST be run as an administrator**. Clears the contents of a specific log.
* **Output**:
* **Windows 2008:** Show/Hide
c:\temp>wevtutil cl Microsoft-Windows-EventLog/Debug