Version 2.2.1 is out! It took us a while because we converted LOG-MD to Unicode to better support foreign language and other Windows API and Unicode characters. This introduced a lot of bugs that had to be fixed to the Unicode format.

With version 2.2 and later the 32bit version of LOG-MD Free Edition is no longer supported. Microsoft has announced it has End-of-Lifed Windows 32bit, so it is now only available to LOG-MD-Professional users on request.

We are proud to announce that LOG-MD Free Edition and LOG-MD Professional version 2.0 has been released.  Updates include:

1.  Added a 'no enforcement' option for audit log compliance requirements so you can collect whatever logs are enabled and collecting.

2.  Added PowerShell version and audit log settings information

3.  Fixed a bug that caused harvesting of logs to stop if a variable in the message could not resolve

4.  Command line summary and detailed WhoIs lookup of IPv4 addresses

5.  Pro only - Added VirusTotal lookup of hashes and/or files for 5 reports, which can create 10 more reports, including support for Sysmon

Version 1.2 of LOG-MD-Professional has been released adding the following features:

• AutoRuns Report - Take an Autoruns report and apply a Master-Digest that you create with LOG-MD-Pro to eliminate known good files and then apply an Autoruns Whitelist to further exclude Autoruns that have parameters that the Master-Digest cannot exclude.  
• Locked Files Report - As a part of the Hash Compare a Locked Files report is generated to help discover malicious locked binaries.
• DNS Client Event logs are now an option to be collected.  Gather that DNS info for potential blocking or further investigation of suspect domains.
• Minor bug fixes
• Updated Manual with lots of details

Watch our videos to help you learn about LOG-MD, what it can do, and actual Malware Discovery hunting using LOG-MD, including so called "Fileless or non-malware malware" 

Version 1.2 of LOG-MD-Free Edition has been released adding the following features:

• AutoRuns Report - Compare a baseline autoruns to a suspect autoruns report using tools like WinMerge or Notepad++ to find new and potentially malicious AutoRuns.
• Locked Files Report - Look for locked binaries trying to hide from other security tools and the process locking them so you can unhook the handle and clean the system!  Compare a baseline locked file report to a suspect system using tools like WinMerge or NotePad++, or just parse the file for .EXE, DLL, .BAT, .CMD, .PS1, .VBS, etc.
• DNS Client Event logs are now an option to be collected.  Gather that DNS info for potential blocking or further investigation of suspect domains.
• Minor bug fixes
• Updated Quick Start Guides

Watch our videos to help you learn about LOG-MD, what it can do, and actual Malware Discovery hunting using LOG-MD, including so called "Fileless or non-malware malware" 

Version 1.1 of LOG-MD-Professional has been released adding the ability to harvest "System Resource Utilization Monitor" (SRUM) data for Windows 8.1 and 10.  SRUM provides the ability to see how many bytes an application sent or received in hourly slices up to the last 60 days.  This data can help you determine how much data you might have lost per application as well as when a system might have first been compromised, within the last 60 days.  The data is updated hourly or on shutdown so you may have to run LOG-MD-Pro again after the cache is purged to the SRUM database.

We have released LOG-MD RC-1 for public consumption.  You may try our Free Edition or Profession versions.  Just visit the LOG-MD pages and browse our features and capabilities.

Sign up for our Newsletter to keep up to date on updates, releases, training and conferences!