Introduction to Redline
As a continuation of the “Introduction to Memory Forensics” series, we’re going to take a look at Redline – a free analysis tool from FireEye that allows us to analyze a potentially compromised Windows system. Redline can collect memory and disk-based artifacts, including all running processes and drivers from memory, file system metadata, registry data, event logs, network information, services, tasks, and web history. The software provides an easy-to-use GUI interface that can help us analyze the collected data to find evil on a given system. We’ll start with an overview of Redline collectors, and then we’ll create a collector and save it to a USB flash drive. We’ll then run that collector on our target Windows 10 VM and bring the results back to the analysis VM where we’ll briefly look at each category of collected forensic data. Introduction to Memory Forensics: • Introduction to Memory Forensics Redline: https://www.fireeye.com/services/free... Redline User Guide: https://www.fireeye.com/content/dam/f... #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics #MemoryForensics #MalwareAnalysis #Malware
Introduction to Redline - Update
Threat Hunting: Memory Analysis with Volatility
Windows Memory Forensics
Triage Image Creation
Introduction to Plaso Heimdall
Let's Talk About Shimcache - The Most Misunderstood Artifact
Introduction to Windows Forensics
Investigating Malware Using Memory Forensics - A Practical Approach
LNK Files and Jump Lists
Triage Collection and Timeline Analysis with KAPE
Introduction to Kansa - PowerShell-based Incident Response
Getting Started With The Windows Registry
SANS DFIR WebCast - Introduction to Windows Memory Analysis
Windows Memory Analysis
Something is jamming GPS over Europe. Here's what we found
Introduction to Memory Forensics
Learn Docker in 1 Hour | Full Docker Course for Beginners
SANS DFIR Webcast - Detecting Evil on Windows Systems - An In Depth Look at the DFIR Poster
SANS DFIR Webcast - Memory Forensics for Incident Response
