Redline version 1.20 introduces support for collection from and analysis of Window 10 systems and is already available for downloading here.
Redline® provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.
With Redline, you can:
- Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.
- Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
- Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
- Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.