Redline – malware memory forensics

Redline from Mandiant is a one-stop shop and a poor man's malware forensic utility, all-in-one useable interface. If you compare Redline with other forensic software such as Encase, FTK, or Oxygen Forensics, which are used heavily in law enforcement circles, you will notice that the priorities are somewhat different. Malware is the only agenda for Redline! Redline analyzes Windows OS from the memory capture and the filesystem, identifies Indicators of Compromise (IOC), builds a timeline of events, and computes a Malware Risk Index (MRI) score. It can also use a whitelist of MD5 hashes to identify known and valid files and further aid in reducing noise in the collected data. However, beyond memory analysis and ...

Get Windows Malware Analysis Essentials now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.