2 out of 5 based on 3 ratings for Mandiant Redline 1.5
For Mandiant Redline 1.5Publisher's description
Mandiant Redline is a Security software developed by Mandiant. After our trial and test, the software is proved to be official, secure and free. Here is the official description for Mandiant Redline:
BrothersoftEditor: Redline is Mandiant’s free tool for investigating hosts for signs of malicious activity through memory and file Analysis, and subsequently developing a threat assessment profile. It provides several benefits:
Rapid Triage When confronted with a potentially compromised host, responders must first assess whether the system has active malware. Without installing software or disrupting the current state of the host, Redline thoroughly auditsall Currently-running Processes and drivers on the system for a quick analysis; for a detailed analysis, it also collects the entire file structure, network state, and system memory.
Reveals Hidden Malware The Redline Portable Agent can collect and analyze a complete memory image, working below the level at which kernel rootkits and other malware-hiding techniques operate. Many hiding techniques become extremely obvious when examined at the physical memory level, making memory analysis a powerful tool for finding malware. It also reveals “memory only” malware that is not present on disk.
Works with Mandiant Intelligent Response Combined with MIR, Redline is a powerful tool for accelerated live response. Here’s a typical case:
- IDS or other system detects suspicious activity on a host - From MIR, an investigator launches a remote live response script - The MIR Agent running on the host captures and analyzes memory locally, streaming back a small XML audit that downloads in minutes rather than hours - From MIR, the user can open the audit directly in Redline - Using Redline, the investigator quickly identifies a malicious process, and writes an IOC describing the forensic attributes found in Redline - Using MIR and MCIC, the investigator is quickly able to sweep for that IOC and discover all other systems on the network with the same (or Similar) malware running.