Compare Features

LOG-MD Versions.

Feature Free Professional Consulting
Audit Check
Bypass Audit Check
PowerShell version and audit log checks
WLCS & CIS Compliance
USGCB & AU ACSC Compliance
Create Audit Report
Specify Output Directory
Harvest Windows Log Events
Process Tree of Parent-Child Processes
Custom PowerShell report with configurable settings file to hunt for suspicious PowerShell commands
Harvest Sysmon Service Events
Whitelist Processes, Command Line and IP's
Whitelist Files, Paths & Reg Keys
Detailed Log Data Reports 16 30 30
Specify Output Directory
File Hash Baseline
File Hash Compare to Baseline
Whitelist by File, Location or Hash
Locked Files Report
Locked Files Compare to Baseline
Specify Output Directory
Registry Baseline
Registry Compare to Baseline
Evaluate Imported Hives
Whitelist Keys & Values
Specify Output Directory
Large Reg Keys Details
Load Hives from other systems
Large Reg Key Summary
Specify Output Directory
WhoIs data for IP's in the IP Connections reports
Command line WhoIs lookups of IPv4 addresses
Harvest SRUM data - Netflow data by Application (Win 8.1 and 10 only )
List of AutoRuns Report
AutoRuns exclude results using Master Digest and Whitelist
AutoRuns of all WMI namespaces
List of Running Processes and Modules Report
Running Process and Modules exclude results using Master Digest and Whitelist
Query only WMI namespaces
VirusTotal lookups of hashes and/or files from reports
Automatic VirusTotal lookups when running Autoruns
Automatic VirusTotal lookups when checking Running Processes and their modules
10 VirusTotal reports can be generated from log reports and Sysmon
For Consultants
Transferrable 90 Day License
Special Artifact Hunting Features
Sticky Key Exploit Interesting Artifact Report
null byte in a registry value Interesting Artifact Report
Unicode character in filename Interesting Artifact Report
Manual pages 23 70 70
LOG-MD-Pro Slack Channel Community
  • Multiple whitelists allow for excluding known good items

  • Master-Digest is a sorted unique list of hashes used to exclude large amounts of files from the results