Last Audit PC audit software

Martin Brinkmann
May 14, 2016

Last Audit is a PC audit software that you can run to generate security reports that reveal potentially problematic system settings, file leaks, and other security or privacy related issues.

The program is offered as a portable version that you can run from any location. Last Audit displays a scan configuration screen on start that you use to select what you want it to scan.

The main areas are files on drives you select, network locations in the local area network, configuration of the operating system, passwords, known vulnerabilities, and active directory.

The scan time depends largely on the selection on that initial screen. A click on the start button starts the scan and a progress bar is displayed on the screen that helps you understand how far it has progressed.

Last Audit

Last Audit launches the scan report as a HTML file in the default web browser once the scan finishes. It lists the report location in the program interface as well which can be useful if you closed the browser window accidentally or blocked it from opening in first place.

To make matters even easier, it is always saved under the same path that you run Last Audit from.

The report uses a color coded system to highlight the following threat categories:

  • Red: critical vulnerabilities, misconfigurations and sensitive information.
  • Orange: important vulnerabilities and sensitive information.
  • Blue: valuable information that may be exploited.
  • Green: information of potential value to attackers.

The program lists the following areas using the color coded system. Suggestions are sometimes displayed (you should not use administrator account for every day activities) to point you in the right direction.

  • User account level.
  • Passwords found in browsers such as Firefox or Internet Explorer.
  • Credential and password files found on the local system.
  • Office macros.
  • Virtual machine disks on the local system.
  • Sensitive files based on parsing for keywords such as confidential, password, admin or secret.
  • Whether Applocker is running.
  • Powershell execute permissions.
  • Autostart programs in the Windows Registry.
  • Torrent / P2P software detection.
  • Files and folders outside the user profile with write access.
  • Email, calendar and contact files.
  • Database files.
  • Macros found in documents.
  • Firefox browsing history and search history (30 days)
  • Firefox cookies (3 days)
  • Chrome browsing history (30 days)
  • Internet Explorer history (30 days)
  • Explorer files (30 days)
  • Scripts found on the local system, e.g. .vbs files.
  • Unsigned executable files outside standard locations.
  • USB disks.
  • Pictures found.
  • Apps malware may exploit.
  • Screenshots found.
  • Clipboard data at the time of scan.
  • Uncommon processes listening on localhost.
  • Antivirus Software installed.

The information are graded from most severe (red) to least (green) so that you find the most important areas that you need to look through right at the top of the report.

You will notice that not everything that is listed by the program is an issue. It may be easy enough to explain why a program is listening on localhost, or to confirm that the sensitive documents are not all that important and are not possible information leaks.

Others may require some research before you can assess the risk or block a potential information leak.

Last Audit is quite different from the audit software Belar Advisor. In fact, it complements it nicely. Belarc covers areas that Last Audit does not and the other way round. It makes sense to run both, compare results and go through them both afterwards to harden the system if necessary.

Closing Words

Last Audit is a handy security audit software for PCs that points you at potential security, privacy or information leak issues on the system.

software image
Author Rating
1.5 based on 3 votes
Software Name
Last Audit
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. wanring said on November 18, 2017 at 2:02 pm

    this tools webpage says it no loger exist !

  2. jasray said on May 14, 2016 at 11:41 pm

    I cnduo’t bvleiee taht I culod aulaclty uesdtannrd waht I was rdnaieg. Unisg the icndeblire pweor of the hmuan mnid, aocdcrnig to rseecrah at Cmabrigde Uinervtisy, it dseno’t mttaer in waht oderr the lterets in a wrod are, the olny irpoamtnt tihng is taht the frsit and lsat ltteer be in the rhgit pclae. The rset can be a taotl mses and you can sitll raed it whoutit a pboerlm. Tihs is bucseae the huamn mnid deos not raed ervey ltteer by istlef, but the wrod as a wlohe. Aaznmig, huh? Yaeh and I awlyas tghhuot slelinpg was ipmorantt! See if yuor fdreins can raed tihs too.

    Yes, when I teach English to Chinese speakers, it’s amazing how much they understand when I attempt to speak/write Chinese. They think it laudable, risible, and definitely American.

    Anyway, in theory, the tool shouldn’t even run if one’s computer is secure. Some tool running in the background should immediately send a flag to stop the entire process.

  3. lance said on May 14, 2016 at 10:05 pm

    When there’s the simplest of spelling mistakes on the Contact page it puts me right off,really off.In fact,totally off.

  4. CHEF-KOCH said on May 14, 2016 at 3:44 pm

    I’m a bit skeptical about this, it scans your entire hdd and requires internet connection. We already have MS own solution which even works without internet connection. Maybe the GUI and the homepage should explain this a little bit more.

    The thing is also just because it found something makes you no automatically vulnerable, e.g. I store my encrypted KeePass file on my HDD but it’s secure, even if someone steal it ‘somehow’ it’s not in plain text. I doubt that there exist one all-in-one tool which really respect all of the factors.

    I also not understand why pictures, p2p torrent and other listed stuff is problematically, it’s why you have your hdd. There is a huge difference between storing files and storing your private information on it. I think if someone follows Ghacks he/she knows how to use xyz tools to ‘secure’ certain things, like your private passwords and such.

    Sr, but Windows own Safty Scanner makes a lot of more sense to me.

    1. Bhck said on May 15, 2016 at 8:10 am

      MS Safety Scanner is a malware removal tool.

      LastAudit is for pentesters, forensics and to raise the awareness of home users.

      Your Keepass database may be very valuable for hackers. When your system is infected it is not a big problem to get password for any keepass file. Malware authors use keyloggers for this purpose.

      Pictures and p2p software are of “blue” category which means this information is valuable for hackers.

    2. Tony said on May 14, 2016 at 9:42 pm

      CHEF-KOCH has good points. Chef, are you referring to ?

      1. ilev said on May 15, 2016 at 8:10 am

        Safty Scanner is a poor’s man anti-virus, no better then MRT or defender, which are the worse ever anti-virus apps.

      2. CHEF-KOCH said on May 15, 2016 at 7:59 am

        Yep, there exist also an ‘Enterprise’ tool but sadly I forgot the name. Maybe it was “Microsoft IT Environment Health Scanner” (

        But this one is good enough to test especially network related issue. Of course there even exist free and open source tools like nmap on the wild which really scans stuff if it comes to network related things. It’s fantastic.

        Overall I think if beginners or even Pro’s want to analyze most of the stuff the own MS Systinternals Suite are far better. It offers several tools for special cases, shows also Passwords in plain text (if some found) and a lot of more.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.