A new tool to help you with the fight against infections... Malware infections.
LOG-MD Professional has more features to further help with discovering malicious behavior. Basic features to help all users harvest valuable log events, baseline files and registry and compare them on suspect systems or your malware lab. LOG-MD Professional includes the following features:
- Audit the system log settings
- Create a report of audit settings
- Guide you to enable and configure needed audit log settings required by LOG-MD
- Harvest security related log events
a. Creates 24 detailed reports to make malicious activity
b. Resolve IP addresses with whois information from the Windows Firewall and Sysmon logs to know the owner, network, country of origin and network range
5. File system hash baseline of all system files
6. Compare the system files against a baseline and create a report of differences
a. Compare good file system hashes against a suspect system eliminating known good files
7. Baseline the registry
8. Compare the registry against a baseline and create a report of differences
a. Compare a good system registry snapshot against a suspect system eliminating known good keys and values
9. Summary and detailed reports of large registry keys hiding malicious scripts and payloads and create a report
10. Whitelists to filter out known good large registry keys and files or hashes
11. Additional reports detailing specific changes to the system
a. Supports third party add-ons such as Sysmon
12. Interesting Artifacts report to point out known exploitation artifacts
a. Keys containing a null byte to hide malicious artifacts
b. Sticky keys exploit
c. More interesting artifacts
13. SRUM netflow by application report (Win 8.1 and 10 64 bit only) that lists how many bytes sent and received from a given application. helps to answer "How much data was lost" and "When was the system first compromised".
To get started and for help with LOG-MD Free Edition type;
- LOG-MD-Pro -h
Audit your system against the following industry standards:
- The "Windows Logging Cheat Sheet" (WLCS)
- The Center for Internet Security (CIS) Windows Benchmarks
- The US GCB
- The Australian Cyber Standards
LOG-MD Professional creates 24 specialized log reports to help speed up analysis and make malicious behavior more obvious.
Special Malicious Discovery features:
LOG-MD provides addition Malicious Discovery features to help discover malicious artificats such as:
- Null byte used in the registry used to hide malicious artifacts
- WhoIs look ups of discovered IP's
- New features introduced quarterly!
LOG-MD Professional is licensed by the user. IMF Security does not restrict the amount of systems LOG-MD Professional may be used on within the company. Users actually managing, executing and working with LOG-MD will need to purchase a licenses for each user. Read the LOG-MD End User License Agreement for the details of the agreement.
Consultants are prohibited from using LOG-MD Professional and must purchase LOG-MD Professional for Consultants.
Here is the latest version updates.