in this lesson, I'm going to simply walk you through removing and map from the Windows operating system.
I'm pretty sure that all of you know how to remove a program from Windows, but I thought I'd throw in a cool, built in Windows Command line tool that helps a pen tester cover tracks.
The obvious benefit of such a tool is that you don't have to install 1/3 party tool like Eraser or C cleaner on a compromise machine during a penetration test.
Let's get started.
Here are the learning objectives For this lesson,
this lesson will almost entirely focus on the lab.
First, I'm going to show you howto uninstall and map ends in map from a 64 bit Windows 10 installation.
Then I'm going to show you how to use a couple of built in Windows commands to make the work you did in and map completely your recoverable
in the lab. I'll walk you through removing NP cap and maps packet capture library.
Then we'll remove and map
Zen map in all of its dependencies and features.
Finally, I'll show you how to run the cipher command to make it so that all the work you did, and map will be irrecoverable.
When you delete files or folders. The data is not actually removed from the hard disk right away. Instead, the space on the disk that was occupied by that deleted data is considered de allocated.
That basically means that it has stuff on it that can't be seen by browsing the operating system in the space it used to occupy can be overwritten
until that space is overwritten.
A low level disk editor or piece of data recovery software like those used by digital forensic analysts can still actually fairly easily recover it.
However, the cipher utility is designed to prevent unauthorized recovery of such data. So using cipher will make it so that all deleted files like the ones removed by uninstalling and map
will be impossible to get back.
Welcome to the lab on removing and map
All right, First of all, we're gonna open a command prompt
Click on the start button,
then just start type in C M. D.
Once you see, command prompted the top. Just right. Click and run his administrator.
All right, I'm gonna show you where in the file system.
And Matt stores all its files. So do a CD space
on a 64 bit operating system.
to a seedy space
program. Files Space
We'll do a D I R
That'll show us all directories that start with and map.
So we see a directory right here called and MT.
That's where in map stores all its files
for now, we'll just minimize. This screen will come back to this later.
All right, now we'll go through the actual removal process.
I have control panel on my desktop, but
the best way to navigate to it is just simply click the start button
and start typing control panel,
and you can see that it's up there at the top. Just click on it.
Now we want to scroll down and find programs and features.
Click on that.
We'll maximise this screen to make it bigger.
Now simply just scroll down until you see and pea cap.
Click on it
and click Uninstall.
The wizard will just walk us through. The process,
once completed, just clicked close.
Then I'll open back up my control panel
and we'll look for and map.
then just walk through the wizard
and I want to open back up my command, prompt
click the up arrow just to run the same
command that I did last time. That is D I. R Space and map star dot in the program file's directory
the folder is still there.
So I'm gonna go into that folder and see what's there.
Seedy space and matter.
D I r.
So there's still some files there.
So if we want to clear our tracks
then we want to remove all of that stuff,
not just from the file system, but remove it permanently.
So the cd
I'll do it.
Our m D I. R space
says the directory is not empty.
in order to remove the directory
with files in it were to do a r m d i R. Slash s.
So do ah
r m die Our space
Are you sure? Why?
Now I'll do a d i r.
and map. Start out again.
Found not found.
Okay, so now we removed it from the foul system. But unfortunately, as many of you know, just deleting stuff from the file system doesn't permanently remove it.
the command to permanently remove it
not very well known, but it's very effective
that is cipher.
So the command we want to execute is cipher,
Okay, so it's done
s. So if you have been following along with me and are extremely patient,
you can be reasonably certain that the end map folder
has been completely deleted and is irrecoverable.
A lot of you probably know that any reasonably good digital forensic
will be ableto
look into your operating system and know that,
and map was installed at some point.
what you can be certain of after doing this is that
any of the maps, scans or files created by N map
or vulnerability tests or penetration tests that you've run
will be completely removed from the system and therefore undetectable
in this lesson. I showed you how to remove and map from Windows.
Thank you so much for walking through that with me, and I'll see you in the next lesson.