During a recent incident response engagement, researchers at the FortiGuard IR services (FGIR) responded to a ransomware attack where the threat actor heavily used anti forensic techniques to cover their tracks and to avoid their malware getting into the hands of researchers. They attempted to achieve this by deleting files and folders they had created, clearing logs and obfuscating malware.
Link to full report: IR-25-344-001_AutoLogger.pdf
