In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines of Windows operating systems. It adds Integrity Levels(IL)-based isolation to running processes and objects. The IL represents the level of trustworthiness of an object, and it may be set to files, folders, etc. Believe it or not, there is no graphical interface for dealing with MIC in Windows. MicEnum has been created to solve this, and as a tool for forensics.
MicEnum is a simple graphical tool that:
- Enumerates the Integrity Levels of the objects (files and folders) in the hard disks.
- Enumerates the Integrity Levels in the registry.
- Helps to detect anomalies in them by spotting different integrity levels.
- Allows to store and restore this information in an XML file so it may be used for forensic purposes.