We are on a roll with our freeware. The latest version of Redline
is now available! For those who are not familiar with Redline – you
may be asking, what is it? Simply put, Redline brings together
analysis tools which help you perform a guided investigation of a
potentially compromised system. And did we mention that it is
free?
This latest and greatest version of Redline includes some
awesome new features, courtesy of recommendations from our strong
and growing user base and input from internal users here at
Mandiant. For those who have been loyal Redline users, you will find
that it is no longer just a memory forensics tool! It has grown into
a multi-purpose product for creating Indicators of Compromise (IOC)
and matching them across all types of host data, while maintaining
all the traditional memory forensics capabilities that you’re used
to.
Get the data that matters, and do it faster
- With
Redline, you can now include and search for Indicators of
Compromise and create a searchable report detailing any suspicious
activity found matching those IOCs. Need more on what IOCs are? Click here for more
information. - Specify a set of IOCsbefore collection and
Redline will now help tailor the configuration to provide
meaningful search resultsand ensure that all the data required by
the chosen IOCs is collected, speeding up your time to
completion. - Not sure if the IOCs you have chosen are the
ones you want? Not to worry! When choosing indicators to search
for, there is now a handy preview window to see the detailed
information of each indicator. - You are no longer limited
to just memory data. Redline now enables you to configure and
collect a much broader range of data about the target host, such
as event logs and file listings. This data will in turn be
searchable using the new Indicator of Compromise search options,
providing you with better overall search results.
Multi-task with the best
- With Redline you can
now perform investigations while searching for indicators – at the
same time! For example, while the session is still matching IOCs,
you can start diving into the Malware Risk Indicator (MRI) Scores
and start anew investigation or even continue an existing
investigation. - Now there’s no guessing where you are in the
process. You can check the progress of your investigation at any
time via "Background Tasks" in the main menu. You will
also receive a notification when one of your background tasks has
been scheduled.
For our current users, be sure to upgrade
to this latest version of Redline to take advantage of the new
features. For new users, don’t wait another minute to download Redline
and get your hands on this great set of analysis tools.
