LastAudit is a free portable tool which scans your PC for security vulnerabilities, as well as identifying recent user actions.
You could use the program to assess the security of your own system, but it's also useful as a quick way to find out what someone else has been doing on a computer.
The interface is very basic, and offers few controls. You can choose to check "Configuration, passwords, vulnerabilities" or not, but there's no way to choose individual tests. The "File system" options allow you to decide which drives to scan, but there's no way to specify a particular folder tree.
This does at least keep the program easy to use, though. Launch it, and in a few clicks it's scanning your system, before eventually saving the results to an HTML report.
Some of these items detailed potential vulnerabilities: we were running as an administrator, Office macros were allowed with permission, AppLocker wasn't available, PowerShell had execution permissions, it was possible to grab a webcam image, these were our Registry startup programs, these processes were listening to localhost, and so on.
Other items were more about forensics: recent browsing history (IE/ Firefox/ Chrome), recent wifi connections, recent IE searches, file opened in Explorer in the past 30 days, recently connected USB keys, and the text contents of the clipboard.
Some elements of the report were useful, others less so. "Sensitive files" just listed files containing words like "admin" or "password"; "Registry Autostart" warned us that OneDrive was an "uncommon program"; "Encrypted files" listed three Chrome cache files; "WIFI Geolocation" showed an "approximate" location that was about 140 miles away.
– Added new CLI options
– Updated vulnerability database
– Improved geolocation module
– Bug fixes
LastAudit's tests are of varying usefulness, but the report does contain a few useful items. Overall, it's a simple way to take a quick look at your security configuration and what the current user has been doing on a PC.