DeepDig logo

DeepDig

Changelog

Full release history and version notes for DeepDig — the Windows event log analyzer and registry security audit tool.

Version 1.0.0

Latest June 2026

First release. 100% local — no cloud, no account, no third-party telemetry; Windows built-in logs only.

Analysis

  • Event-log analysis — live local scan (“Scan This PC”) and offline .evtx import through a single engine.
  • Built-in detection rules across credential access, persistence, privilege escalation, lateral movement, defense evasion, execution, stability and performance.
  • Correlation & plain-English narratives — related alerts grouped into incidents with a readable story, severity, recommended actions and a MITRE ATT&CK mapping.
  • De-duplication (“seen N×”) and suppression (“Mark as expected”), remembered across runs.
  • Live real-time monitoring — a Live toggle streams new alerts with continuously updated correlation.
  • Export incidents to CSV or JSON.

Trends & insights

  • Trends view — charts of detections and events over time, top event types, and a by-category breakdown. A Detections | All events toggle switches each chart between active detections and the whole scanned log; click any bar to open a time-ordered, human-readable event list.
  • Last-reboot card — last boot time, reason and kind (planned / unexpected); click for the full startup and shutdown history.

Registry Security Audit

  • A read-only state inspection that runs after a local “Scan This PC”, in its own Registry findings tab. Checks Run/RunOnce keys, Winlogon tampering, IFEO debugger hijacks, UAC-bypass artifacts, Defender disable/exclusions, PowerShell policy and logging, suspicious-path services, installed remote-access tools, and USB / outbound-RDP history.
  • Every finding carries a registry path, the evidence, an explanation, remediation, and a MITRE ATT&CK mapping — and can be marked as expected.
  • USB findings show each device’s exact last-connected date and time.

App & reliability

  • Branded splash and About window ((i) button) with the version and build number and a clickable backendside.com link; the product logo appears in the title bar and sidebar.
  • Runs as the normal user (no forced prompt). When not elevated, a dismissible hint offers Restart as administrator for full coverage (live Security log + admin-only registry checks); the Microsoft Store build uses .evtx import for full coverage instead.
  • Local rolling logs kept on your PC for the last few days (no telemetry), plus graceful error handling so a failure is reported rather than crashing the app.

Notes

  • The Registry findings tab appears only after a local scan, not for imported .evtx files.
  • Administrator rights unlock the live Security log and a few machine-wide registry checks; everything else works without admin.

Versions

Documentation

User Guide →