Last Audit PC audit software

TechExpert

Last Audit is a PC audit software that you can run to generate security reports that reveal potentially problematic system settings, file leaks, and other security or privacy related issues.

The program is offered as a portable version that you can run from any location. Last Audit displays a scan configuration screen on start that you use to select what you want it to scan.

The main areas are files on drives you select, network locations in the local area network, configuration of the operating system, passwords, known vulnerabilities, and active directory.

The scan time depends largely on the selection on that initial screen. A click on the start button starts the scan and a progress bar is displayed on the screen that helps you understand how far it has progressed.

Last Audit

last audit

Last Audit launches the scan report as a HTML file in the default web browser once the scan finishes. It lists the report location in the program interface as well which can be useful if you closed the browser window accidentally or blocked it from opening in first place.

To make matters even easier, it is always saved under the same path that you run Last Audit from.

The report uses a color coded system to highlight the following threat categories:

  • Red: critical vulnerabilities, misconfigurations and sensitive information.
  • Orange: important vulnerabilities and sensitive information.
  • Blue: valuable information that may be exploited.
  • Green: information of potential value to attackers.

The program lists the following areas using the color coded system. Suggestions are sometimes displayed (you should not use administrator account for every day activities) to point you in the right direction.

  • User account level.
  • Passwords found in browsers such as Firefox or Internet Explorer.
  • Credential and password files found on the local system.
  • Office macros.
  • Virtual machine disks on the local system.
  • Sensitive files based on parsing for keywords such as confidential, password, admin or secret.
  • Whether Applocker is running.
  • Powershell execute permissions.
  • Autostart programs in the Windows Registry.
  • Torrent / P2P software detection.
  • Files and folders outside the user profile with write access.
  • Email, calendar and contact files.
  • Database files.
  • Macros found in documents.
  • Firefox browsing history and search history (30 days)
  • Firefox cookies (3 days)
  • Chrome browsing history (30 days)
  • Internet Explorer history (30 days)
  • Explorer files (30 days)
  • Scripts found on the local system, e.g. .vbs files.
  • Unsigned executable files outside standard locations.
  • USB disks.
  • Pictures found.
  • Apps malware may exploit.
  • Screenshots found.
  • Clipboard data at the time of scan.
  • Uncommon processes listening on localhost.
  • Antivirus Software installed.

The information are graded from most severe (red) to least (green) so that you find the most important areas that you need to look through right at the top of the report.

You will notice that not everything that is listed by the program is an issue. It may be easy enough to explain why a program is listening on localhost, or to confirm that the sensitive documents are not all that important and are not possible information leaks.

Others may require some research before you can assess the risk or block a potential information leak.

Last Audit is quite different from the audit software Belar Advisor. In fact, it complements it nicely. Belarc covers areas that Last Audit does not and the other way round. It makes sense to run both, compare results and go through them both afterwards to harden the system if necessary.

Closing Words

Last Audit is a handy security audit software for PCs that points you at potential security, privacy or information leak issues on the system.