DeepDig logo

DeepDig – Windows Event Log Analyzer

Windows already records everything that happens on a machine — DeepDig makes sense of it. It reads the event logs your PC already keeps and turns thousands of cryptic entries into clear, plain-English security and stability incidents, each with a readable story and concrete remediation steps. Everything runs on your PC: no cloud, no account, no telemetry.

Download Version 1.0.0

Available on the Microsoft Store — no subscription, no ads.

Get it from Microsoft

Or view the listing at apps.microsoft.com.

From raw logs to real answers

Instead of leaving you to scroll through Event Viewer, DeepDig correlates related alerts into incidents — each with a plain-English narrative, severity, recommended actions and a MITRE ATT&CK mapping. On a local scan it also runs a read-only Registry Security Audit, surfacing persistence, privilege-escalation and defense-evasion risks with evidence and fixes. It reads only Windows’ own logs and registry, processes everything locally, and never uploads your data.

Changelog — what's new in each release

Full release history from 1.0.0 — the detection engine, incident correlation, trends, the registry security audit, live monitoring and export.

View the full changelog

User Guide — every step explained

A plain-English walkthrough of scanning this PC or an offline .evtx file, reading incidents and trends, the registry security audit, live monitoring and exporting your findings.

Read the User Guide

Features

🧩 Plain-English Incidents

Related alerts are correlated into incidents with a readable narrative, severity and recommended fixes — not just a wall of raw event IDs.

🛡️ Built-in Threat Detection

Detection rules covering credential access, persistence, privilege escalation, lateral movement (including RDP logons), defense evasion (Defender tampering, audit-log clearing), execution, stability and performance.

🗂️ Live Scan or Offline .evtx

Scan this PC live, or import an exported .evtx file from another machine — one detection engine handles both. Drag-and-drop a log straight onto the window.

📡 Real-Time Live Monitoring

Flip on Live to stream new alerts as they happen, with continuously updated correlation so incidents stay current.

📊 Trends & Charts

Built-in charts show activity over time, top event types and category breakdowns. Click any bar to drill straight into the underlying events.

🔁 Last-Reboot Card

See your last boot time and reason, and whether it was planned or unexpected — click through for the full startup and shutdown history.

🧬 Registry Security Audit

A read-only audit of startup keys, Winlogon, IFEO debuggers, UAC-bypass artifacts, Defender disabling/exclusions, PowerShell policy, suspicious services, remote-access tools, and USB/RDP history — each with evidence, remediation and a MITRE ATT&CK mapping.

🧹 Noise Control & Export

Recurring detections collapse into a single “seen N×” card, anything you trust can be marked expected to stay hidden, and findings export to CSV or JSON.

System Requirements: Windows 10 / 11 (64-bit). DeepDig runs as a normal app; administrator rights are needed only for the live Security log and a few machine-wide registry checks — or simply analyze an exported .evtx file, which needs no admin.

Latest Release

Version 1.0.0 — June 2026

First release — event-log analysis with plain-English incidents and MITRE ATT&CK mapping, a registry security audit, live monitoring, trends, and CSV/JSON export.

Full changelog →