LOG-MD Professional version 1.2 released

Version 1.2 of LOG-MD-Professional has been released adding the following features:

  • AutoRuns Report - Take an Autoruns report and apply a Master-Digest that you create with LOG-MD-Pro to eliminate known good files and then apply an Autoruns Whitelist to further exclude Autoruns that have parameters that the Master-Digest cannot exclude.  
  • Locked Files Report - As a part of the Hash Compare a Locked Files report is generated to help discover malicious locked binaries.
  • DNS Client Event logs are now an option to be collected.  Gather that DNS info for potential blocking or further investigation of suspect domains.
  • Minor bug fixes
  • Updated Manual with lots of details

Watch our videos to help you learn about LOG-MD, what it can do, and actual Malware Discovery hunting using LOG-MD, including so called "Fileless or non-malware malware" 

LOG-MD Free Edition version 1.2 released

Version 1.2 of LOG-MD-Free Edition has been released adding the following features:

  • AutoRuns Report - Compare a baseline autoruns to a suspect autoruns report using tools like WinMerge or Notepad++ to find new and potentially malicious AutoRuns.
  • Locked Files Report - Look for locked binaries trying to hide from other security tools and the process locking them so you can unhook the handle and clean the system!  Compare a baseline locked file report to a suspect system using tools like WinMerge or NotePad++, or just parse the file for .EXE, DLL, .BAT, .CMD, .PS1, .VBS, etc.
  • DNS Client Event logs are now an option to be collected.  Gather that DNS info for potential blocking or further investigation of suspect domains.
  • Minor bug fixes
  • Updated Quick Start Guides

Watch our videos to help you learn about LOG-MD, what it can do, and actual Malware Discovery hunting using LOG-MD, including so called "Fileless or non-malware malware" 

LOG-MD-Professional 1.1 released - Harvest SRUM data for Windows 8.1 and 10

Version 1.1 of LOG-MD-Professional has been released adding the ability to harvest "System Resource Utilization Monitor" (SRUM) data for Windows 8.1 and 10.  SRUM provides the ability to see how many bytes an application sent or received in hourly slices up to the last 60 days.  This data can help you determine how much data you might have lost per application as well as when a system might have first been compromised, within the last 60 days.  The data is updated hourly or on shutdown so you may have to run LOG-MD-Pro again after the cache is purged to the SRUM database.

LOG-MD RC-1 Released

We have released LOG-MD RC-1 for public consumption.  You may try our Free Edition or Profession versions.  Just visit the LOG-MD pages and browse our features and capabilities.

Sign up for our Newsletter to keep up to date on updates, releases, training and conferences!

Welcome to IMF Security, home of LOG-MD, the Log and Malicious Discovery tool for IT, Information Security, Active Defenders, Incident Responders and Auditors.

Double Opt-in, never sold. Subscribe to get news and updates on LOG-MD and IMF Security.

* indicates required