Redline is a nice tool to investigate a particular host for signs of compromises. It works on Windows and is freely available on the FireEye site .

At a glance, we have options to collect data from the host or Analyse an existing data collected file. In our case , I am going to create a Standard Collector for the sake of this demo.

It is clear that the script will run the Collector and save it to a folder named ‘Sessions\AnalysisSession2´ in our case because we run the script twice as in the figure below

As said in the Readme.txt file, AnalysisSession2.mans has to be openend in Redline to continue with the investigation. We can go through the System Information,Processes,…
The tool is worth a try.
Happy investigations

Leave a Reply