Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.