v2.4 Live: Enhanced Anti-Forensics Detection
See everything your
system is hiding.
ForensicGuard scans 114 areas across 19 modules — drivers, registry, event logs, execution history, anti-forensics, and more. Know exactly what's been left behind.
DashboardDeep ScanReports
System Status Exposed
Latest Findings
Last scan: 2 mins ago
14 Anomalies
Suspicious Driver Unsigned
C:\Windows\System32\drivers\hack.sys
Cleared Event Log
Security-Auditing: 1102 detected
Persistence Registry Key
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Deep system introspection.
Watch ForensicGuard dissect the OS layers in real-time. No trace goes unnoticed.
forensicguard-scan.exe
ForensicGuard Engine v2.4.12026-04-07
Awaiting scan command...
○Drivers & Kernel
pending
○Registry
pending
○File System
pending
○Event Logs
pending
○Boot & Security
pending
○Hardware Artifacts
pending
[░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░] 0%
Module Telemetry
What ForensicGuard Finds
46
E2F5109
7
C186252B
29E
26
C42
4
8A
2B
7A2255BD27FC87E78D4
53A
F
11A555
A2D1
E
7
9C209
B8E3
58CFD7FA7E
1
0F611
C9
FCDC7ED
A5F
D03
06F
4
A1D9
A05DE306A
985
9A17CCE6847D7E
1
65ABB
0
82CBC
544BF
5072E3F
869
93F
7FE
F6BF19B3
EE4D
E52B89DA
18
C69
67A5
2
B5
D63D
E
3E9
B22E3
6938F1E3BE
9
7F872C010
5F
1C112AC
738
C0A
C4474B
B
DA7
5295
49A88
5
6CADB
9DFD0
ECCE9D33
7843E3
A1139B
611
9A237016
A8
C03417
609BF3
F13
7CDB
13DF44
F5379
22110D718644B
346D
F
0
5EBD
F0
36
CC91F136
7E
C1C7F
3
12FB36
91
B
A4F
F2450EC5
B9DE
AA73D2
911
9
EBF
E1B835349
B24
1A
C28FF7D4
7
D449
C672DA
92
2
4
8DA7AC991E3E9639591F998AD
ABB
5FDC
AADE6B34
2150
34
71B174
4
B2E24
82
A13B
97
F
6FF5AE
5
464E37B
56
7DA8F3
3A8B4F32AB
A7FB
C
6D1E8FE2BFB30A927F498949A572B9120CBF577D5D
C0B6356C
C8B1537278155
50E8
9
9F2
63EB47C05536AE4A47
29885
FBE9CF957B1171CC36
1C5CA
B7D315F9
A95CE1B4BFF85
A8B1E89
90
D
37153D7FBC7B505
2F19E87731
0
CCF3BB68B2E07
1CE9F21
3
C9C
867CE71B
3204AB4F
3A16D7091
D
4F5
A
C8
497
>
Analyzes loaded drivers, matches against known LOLDrivers, and detects hidden or forcefully loaded unsigned code.
553F219110
D638833B
D11C
DEC5D595D
B
CFE
9D001
04A
0A3315448D
B5D56DC2F3A
B
8E
22F316688F7
D6ACE9B43
930E93182
9
98
2CF
069003
2ACE043FAF
3
7
5F7478140752B83
3
86BE35406
1E721A
94D4CDDAF95
2
532
5D5
86E1D250A
B7
14AA586D
C
7
F
AA8F
E17AC340
5907F1B98
56
1A5FC40CDFDB
340C04
CA
7A01
E1
3AB6C
8D71FA
3FA5A4ECA70
CA0D
1C6015C
1B
0
C
5D527
8
55BD4
6
D
10D
AF64
2067F
62
BE
7015FAEC
632
4
32
0
CFEF04
DE573
F88
80
7
7
0
6BD9B5AAA
83733AE0D
DB
54B82E5AD5A
7579
70FA5
3B23EE64662F2029607F3CC8
C5391FAA
FAB8A417003AB32109FDC83E545
55872
0
985E6522
E5BB7
CD
7
3E9
88C
5EB0
0
D
073
E
3
B
5868
D4C501E2FC00
5
DC
DC
E894D9
E8
02A5CDC5ECC
876
4
F8
9E
5BEFE0B92D
F6722
B
9
CA1C5
64
E004F3
3
3
2
F28
F27
8539E53F8CC7ED8
BF
01966B7
945FA5C5
8
34
A
CF93F
EB51D
E
7
6235
D59F9AA67378B11
C7F8DBB
B7
57AFD3
73
81
1E
784
81
7D1F
87
8
14
8
64
05EB
EEA
663E3
2
446F815656B
6
F
7
A9
60
65A0E
DB
3B
6
047D88CDD1AD
88E91
6556F168
FA18F5CD8
543E539
B816
1
AC3
16BD0
846D52574
301C9
870D
3
5
108
4B5DB2
B1003
>
Uncovers hidden keys, obscure run entries, and advanced persistence mechanisms missed by standard AV.
ADA0BE643D70D
E
37A0
00C27
3A47
7710C000A2E3
4
6D229C758FB4D0F
30DBEBE826
1A457A7
E4
B9
E7BDEBCE6A063B7
0
3
D2D3
83
2D
CE
50B1F
3C
E5F5385D65743DCE4
A4468B
C
2
64099
D2FAE6EA6
8AE4D2
BD60
A976897E
16AA6A1260DB
5
C
8E
6E3E3
0A
38
6
6
40E979FD4C3B0
3E
B
49DB6FB4
75CC4F04F1
7
7
533EDFE7BC
79E3608
6D
05F59A1A
FC6DD
F8
1781
57304
765
0A7D28
24E
1
7612098DC
F7
7F
6F50B8D68F
B
1A6
4
02816A5D9243
D3D9E74
1
C86896
73C
7B6
A7
1271
2A
29F
5
284003
4948BE4FC
38
4CF20
FB156C773
D
E
217
B379E08C
6
9
8BC5
2D003CCB09
968E3
1985
994DD83
038
3A
7BAC8458EF
3D13C6BEE
E41E59
26
923374FEC8C3132A
73
95EC8
42
5AE8F3C9141
B4CC1F6
4
6
E3A37
C9C7ED81A70
365
254FB9
B
CED2
3E187F
0334E9
1D96
806
72
CD2
F
3
2
7B1D
2A
FF91AF2AB50FE26A157
B
DFCBAA
DBB101E952C
69F92
C90C06
F
B
202417
B6
7
FD69
66
9348198B4FFB1F
03E1
C45FDFA9A577
B599B
4044
3
B114B
B48AB
C7166F
135462711
66
A0
9
A170D04D
18C
C3BD2404
4
C687B
B6
A7ADF1D63D6
27F8
9E40B80914DB58EA3
E0
B03
C7
58252ABE
B243
B
FEF
62
482AE
7C
>
Reconstructs timelines using Prefetch, Amcache, and ShimCache to reveal exactly what ran and when.
019DBA46B142783
BE4A
C856C
8C
18670D8122E7280EB317B7
304A5DBC
47773
5
1DA97A5B2E8
58C45AB579645E
946918
870436DD7
9E60
AC6A796C
01C
477B
37B5
AF
B4CC3
7CA
0E077
C80F8
A1CECDA
31DCE9D2
544F
A
2F
68F
3
B20D
7D76DAF6140F3D9
AACD0644
14D738
6B
976AC16
746014C
F
E
2432
57
0F25B2F
2
218450AED1F4989
15B3A
0
44A3975
41F737
91EEBCC1
55
AF
D535
AD
E4EEDE05C2CE
9CFB74F
90
711
F3BB3EF1C0
82C7
D820F9
3B3FFB
F8A3
1B
C5E1
8
315
2
5166BBF07
E72
C2
0520B0
C40
38
0B0
87864DB25130
884E7539F7
988BD174
CF09A4D5580717DA7AE
CD585B5B
0
E0D43BF128F
D13A97D
C
06831
E4
3
E54
9352B21
FE4
2804C4E
0A87
0721BE4
1
F
7F56CCF
3D01
5B9E
C0
7672C258F81B6
DC2DB3
4D2
424AA6
7B
96F
83E59
2B399D
A9C
CFFB76
37AF1
A1EFF55A5
AE6
C8BBBC6
D
7992BD9
F8ADC
4D45DA7
77
4FC
01
A2AB7CB0814
57
6
1
52996F4
6F561B36
EE2DBC
83005900BA75C5
ADF
311C7
6D16B613
A
188D
402
7
4388
BF9
F9
BD66AA2D
F51D75EF
93
4
3F1A33C95
D70E
10A6DB7A4F40A80C
1C06D5726
B0921
93
B8EA5602FFC28F
C0C7B
8BD
54C30D3C
56
>
Identifies timestamp manipulation (timestomping), log clearing, and artifact wiping techniques.
3
2B911F
29
8
A56
7C2A
4
4
BC364
81953CF32F71D228FA4AA1DB
C6
B7C
93EB
F6D4A9D98C2E
A1E2
F32
3
EBC18E40
B40A9A8
E2E
3
EC76D93600B532D7C1257
E
FD39E3AF1A4F1B8
E68AD3B6D88
1683
7A
CB1431
401
1D
E
3A
929E328
DB56A5
50AF
78
C31
5E
BC1026085
80D8471
896F5C4ADC5B
10E5
BB
F8C
E1
9B64CC007E2
8E
02
1288D
861E
B
4
89
1FA6812
6
86C1B5319
6
C
943AF4FD
94
3F4E
7FC
1B9ACC239418
4
2C44A3DDF3
2B
2
1C3
0847
EF
936
F95FB414E6B2
07AEBD749CCA6567C3F4D
5914C
2926
3A11765
A
F
A
F5AE1BF05
2
4DE974D464279D06FE39
3
A9C
2B9CEAB3FA
4D
3919F2F929
DA0
E
721C9D
E710065A00BDD3
052
28679372
031DCB1EC0B05B5691F713CDF
A28EFD7657CBC884A
73ACD
527
3
EB
D
D
2
62BA20AC4832109DD
559
663F7C4
168F
04
2
7
1460E60679C
31
B
C
18AC89
433BE588
BF7C579
E2
0171
554DC70C7
CB01DF011E774CE92
A437
7AE
EB5E07E1
8E1D6C
6
23715E
DAC63EB4
48A56400D909D56
E
3A7D1B03
CEA
48B906F
11A6
E78F59
140B75
9
59225
FE15205F
7
0D
1
53
F0B13E6A36C31D5
27
070D4D5F2C0
2455E
E
36503021D
4
9CA0A57
D
7C1C789F288
>
Correlates data across 118 event sources to detect suspicious behavioral patterns and lateral movement.
2
7DCF6A
A
EE0
5CE9106
D9
73B
49
4
9
1216
A
68
4F1
FA4
5
7BA
D
E4
5D692F
67733179
84
455
68
C613EEC
66
0B96
3730B
7DD
A3A47
6F0AE8F
F7049ED3E47D464
7A28
B02050191F0B3AF346CBE48D91A8E6DD59C17F09C
970DFF
75F1A42EC2
DFC0598CF6
7
AF
132C
7
172B0082
4
04D8
44B6EA1F392550AB
824
05AC879BAB
DD2285
8
29BE7D890A2F6
F79
297318C9
25
3
4D
522
C2
3
4
4A5
87EA677
BF8E
F674
B
1BFC7AADF
0DD
332A741E57AC6BDF6C89CC5
5
EEB4660
A0
68
33
28
A5
99284FF
B
0E
D47
D4EE1FC1
4
4BB5E7466B
8DC
481BF40FBE3D
FEBAAE11DA
8EF
BA
C6F9B6A
805CEA
B290BB28D176BCCB9132E88
4
7D
E1
44
DD
2AC
1A6B0F7D1
DB0
0A
A51F1D
7
7B99B
E
A30
E0
77F
AF
81A5B239A4FC6017
C8D
9
E1
DA9
735D
DF13
85B6A4
4B812485
622
B
26197
0
038B3588C
06
96FC
F89799
AE
100
4
29C1
74C7
5
104F7BB57691DB0
A792BB
325
B9BA
4
36
D
40A52ED9728FD
2
7640DB9F
2C2
F3
51
5
F41575B8A23AB5A10083B
4A
2BAEFEF8C2D3
6B
1
A26
190631D9
A5E1A589
C
2ADB6984
2
6D71C
57131570AB1040D4A6530CA
0
4E204B
2DC
1
0B
D8C18B9
3B
8BAAF3
FA
9E9
DF8AA
76F
BDC5
8D1BC9
>
Verifies Secure Boot state, BCD modifications, and Code Integrity policy status to ensure platform trust.
0
Unique Checks
0
Core Modules
0+
Known Artifacts
0.0
Avg Scan Time (s)
Zero friction. Full visibility.
1. Download
A single, portable executable. No installation required. Runs entirely from memory.
2. Scan
Analyzes kernel structures, memory, and disk artifacts in under 30 seconds.
3. Remediate
Select identified threats and clean them with a single click.
Choose your clearance level.
Powerful enough for free, built for professionals.
Community
Free
- ✓114 core security checks
- ✓Full system scan
- ✓Export reports to CSV/JSON
- ✓Community support
RECOMMENDED
Professional
$49/mo
For incident response teams.
- ✓Everything in Community
- ✓Automated remediation
- ✓Real-time registry monitoring
- ✓Custom YARA rules
- ✓Priority support
Ready to see what's hiding?
Join thousands of security professionals using ForensicGuard to secure their environments.
Windows 10/11No installation required100% Free