BootAudit

Overview

A C# Windows CLI tool that audits boot artifacts, patch state, and uptime risk on Windows hosts using a read-only, forensics-style approach.

Technical Details

Runs six severity-scored checks against a Windows endpoint — last shutdown, last boot, shutdown reason from event logs (1074, 6008, 41), uptime risk, pending reboot status from CBS and Windows Update, and boot integrity via Secure Boot and BitLocker. Outputs human-readable or JSON reports with Nagios-style exit codes (OK / Advisory / Warning / Critical) for clean SIEM and monitoring integration. Built to surface the same artifacts SOC analysts and patch-compliance teams rely on in real investigations.

Technologies