A look at Redline from Mandiant

Post author By Guy Ngongang on information security
Post date December 28, 2017
No Comments on A look at Redline from Mandiant

Redline is a nice tool to investigate a particular host for signs of compromises. It works on Windows and is freely available on the FireEye site .

Redline Interface

At a glance, we have options to collect data from the host or Analyse an existing data collected file. In our case , I am going to create a Standard Collector for the sake of this demo.

Redline Review Script Configuration

It is clear that the script will run the Collector and save it to a folder named ‘Sessions\AnalysisSession2´ in our case because we run the script twice as in the figure below

AnalysisSession2.mans file to import in Redline

As said in the Readme.txt file, AnalysisSession2.mans has to be openend in Redline to continue with the investigation. We can go through the System Information,Processes,…

The tool is worth a try.

Happy investigations

Investigative options after opening the AnalysisSession2.mans file

By Guy Ngongang on information security

I am an Information security Engineer with a strong background in network and Cloud computing.

I have done work With FTK imager and enjoy improving my know-how in my spare time. My aim is to fight cybercriminal and help end users to enjoy the Internet freely

View Archive

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

By Guy Ngongang on information security

Leave a Reply Cancel reply