A new tool to help you with the fight against infections... Malware infections.

LOG-MD Professional has more features to further help with discovering malicious behavior.  Basic features to help all users harvest valuable log events, baseline files and the registry, and compare them on suspect systems or your malware lab.  LOG-MD Professional includes the following features:

  1. Audit the system log settings, you can't collect what is not set
  2. Create a report of audit settings
  3. Guide you to enable and configure needed audit log settings required by LOG-MD
  4. Harvest security related log events

a. Pro creates 22 detailed log reports to discover malicious activity

b. Resolve IP addresses with whois information from the Windows Firewall and Sysmon logs to know the owner, network, country of origin and network range

    5. File system hash baseline of all system files

    6. Compare the system files against a baseline and create a report of differences

a. Compare good file system hashes against a suspect system eliminating known good files

    7.  Baseline the registry

    8. Compare the registry against a baseline and create a report of differences

a. Compare a good system registry snapshot against a suspect system eliminating known good keys and values

    9. Summary and detailed reports of large registry keys hiding malicious scripts and payloads (used by so called "Fileless" malware)

    10. Whitelists to filter out known good large registry keys and files or hashes

    11. Additional reports detailing specific changes to the system

a. Supports third party add-ons such as Sysmon

    12. Interesting Artifacts report to point out known exploitation artifacts

a. Keys containing a null byte to hide malicious artifacts

b.  Sticky keys exploit

c.  More interesting artifacts that indicates a system is already compromised

    13. Autoruns - Produce a report of well known Autorun persistence locations and use the Master-Digest to reduce known good hashes of binaries and a specialized whitelist to exclude autoruns with parameters that the Master-Digest cannot, making it really fast to find malicious activity locations when the system starts up.

    14. SRUM netflow by application report (Win 8.1 and Win 10 64 bit only) that lists how many bytes sent and received from a given application.  helps to answer "How much data was lost" and "When was the system first compromised".

    15.  LOG-MD-Pro Slack Channel Community - Join other LOG-MD-Pro users, ask questions, provide, or get tips, share ideas and collaborate!  The idea is to share what works for you and pass it on.

    16.  35 page manual describing all the details about LOG-MD-Professional

To get started and for help with LOG-MD Free Edition type;

  • LOG-MD-Pro -h

Audit Reports:

Audit your system against the following industry standards:

  1. The "Windows Logging Cheat Sheet" (WLCS)
  2. The Center for Internet Security (CIS) Windows Benchmarks
  3. The US GCB
  4. The Australian Cyber Standards

Enhanced reporting:

LOG-MD Professional creates 22 specialized log reports to help speed up analysis and make malicious behavior more obvious.

Special Malicious Discovery features:

LOG-MD provides addition Malicious Discovery features to help discover malicious artififacts such as:

  1. Sticky Keys exploit existing on the system
  2. Null byte used in the registry used to hide malicious artifacts
  3. WhoIs look ups of discovered IP's
  4. New features introduced quarterly!


LOG-MD Professional is licensed by the user.  IMF Security does not restrict the amount of systems LOG-MD Professional may be used on within the company. Users actually managing, executing and working with LOG-MD will need to purchase a licenses for each user.  Read the LOG-MD End User License Agreement for the details of the agreement.

Consultants are prohibited from using LOG-MD Professional and must purchase LOG-MD Professional for Consultants.

Double Opt-in, never sold. Subscribe to get news and updates on LOG-MD and IMF Security.

* indicates required


Here is the latest version updates.

Version 1.2:

  • Added Autoruns
  • Added Locked Files report
  • Updated manual
  • DNS Client events report (if enabled)
  • Slack Channel community