RedLine is a free Microsoft Windows based memory and file analysis tool offered by FireEye. This slide will help you to understand RedLine IT security tool and its three types of collectors.
3. FireEye - RedLine
Free Security Analysis Utility
Windows Based
Only Supports Microsoft Windows
Platforms
Requires Microsoft.NET 4 or later for
Installation
4. FireEye - RedLine
Consists of two components
RedLine Software
Redline Collectors
5. FireEye – RedLine - Software
Available to download from
http://www.fireeye.com/services/freeware
.html
Can be installed on Windows XP SP2 or
later versions or Windows Server 2003
R2 and later versions
Should be installed on potentially
uncompromised computer
6. FireEye – RedLine - Collectors
A Redline Collector package contains an
executable script to collect data from a
potentially compromised Windows
operating system.
7. FireEye – RedLine - Collectors
Three Types of Redline Collectors
Standard Collector
Comprehensive Collector
IOC (Indicators of Compromise) Search
Collector
8. RedLine Standard Collector
Predefined script to collect minimum
data for analysis
Can be used to acquire a memory image
Should be stored on removable media to
run on desired compromised Windows
based computer
Can be created through Redline Utility
itself.
9. RedLine Comprehensive
Collector
Predefined script to collect maximum
data for analysis
Can be used to acquire a memory image
Should be stored on removable media to
run on desired compromised Windows
based computer
Can be created through Redline Utility
itself
10. RedLine IOC Search Collector
Predefined script to collect filtered IOC
data for analysis
Can be used to acquire a memory image
Should be stored on removable media to
run on desired compromised Windows
based computer
Can be created through Redline Utility
itself