As a continuation of the âIntroduction to Memory Forensicsâ series, Richard Davis taking a look at Redline â a free analysis tool from FireEye that allows us to analyze a potentially compromised Windows system. Redline can collect memory and disk-based artifacts, including all running processes and drivers from memory, file system metadata, registry data, event logs, network information, services, tasks, and web history. The software provides an easy-to-use GUI interface that can help us analyze the collected data to find evil on a given system. Youâll start with an overview of Redline collectors, and then youâll create a collector and save it to a USB flash drive. Youâll then run that collector on your target Windows 10 VM and bring the results back to the analysis VM where youâll briefly look at each category of collected forensic data.
-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
Analyzing videos with multiple video streams in digital forensics
In this article, we will review a special case of video files: files with multiple video s… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives…
Load More Related Articles
-
-
The Five Most Dangerous New Attack Techniques and How to Counter Them
Which are the most dangerous new attack techniques? How do they work? How can you stop the… -
Visual Analysis with ProcDOT
In the new episode of “Introduction to Malware Analysis” series Richard Davis …
Load More In Videos
Comments are closed.
