Threat intelligence can also be utilized with Redline. Redline allows for searching for IOCs through a collector or IOCs can be loaded and searched in an existing memory capture. For example, if analysts would like to search for matching IOCs in a memory image, they would first open the memory image. In the lower left-hand corner, click on the tab IOC Reports. This will create a new button titled Create a New IOC Report.

The following window will appear:

Redline has the ability to ingest IOCs within the OpenIOC format. Analysts should create a folder on their system where the IOC files can be placed, as Redline will not read a single ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.