UNIT V CASE STUDY
Linux System – Design Principles, Kernel Modules, Process Management, Scheduling, Memory Management, Input-Output Management, File System, Inter-process Communication; Mobile OS – iOS and Android – Architecture and SDK Framework, Media Layer, Services Layer, Core OS Layer, File System.
Workshop - Linux Memory Analysis with VolatilityAndrew Case
Slides from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals.
"DTracing the Cloud", Brendan Gregg, illumosday 2012
Cloud computing facilitates rapid deployment and scaling, often pushing high load at applications under continual development. DTrace allows immediate analysis of issues on live production systems even in these demanding environments – no need to restart or run a special debug kernel.
For the illumos kernel, DTrace has been enhanced to support cloud computing, providing more observation capabilities to zones as used by Joyent SmartMachine customers. DTrace is also frequently used by the cloud operators to analyze systems and verify performance isolation of tenants.
This talk covers DTrace in the illumos-based cloud, showing examples of real-world performance wins.
UNIT V CASE STUDY
Linux System – Design Principles, Kernel Modules, Process Management, Scheduling, Memory Management, Input-Output Management, File System, Inter-process Communication; Mobile OS – iOS and Android – Architecture and SDK Framework, Media Layer, Services Layer, Core OS Layer, File System.
Workshop - Linux Memory Analysis with VolatilityAndrew Case
Slides from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals.
"DTracing the Cloud", Brendan Gregg, illumosday 2012
Cloud computing facilitates rapid deployment and scaling, often pushing high load at applications under continual development. DTrace allows immediate analysis of issues on live production systems even in these demanding environments – no need to restart or run a special debug kernel.
For the illumos kernel, DTrace has been enhanced to support cloud computing, providing more observation capabilities to zones as used by Joyent SmartMachine customers. DTrace is also frequently used by the cloud operators to analyze systems and verify performance isolation of tenants.
This talk covers DTrace in the illumos-based cloud, showing examples of real-world performance wins.
Live Memory Forensics on Android devicesNikos Gkogkos
This presentation deals with some RAM forensics on the Android OS using the LiME tool for getting a RAM dump and the Volatility framework for the analysis part!
Overview - Functions of an Operating System – Design Approaches – Types of Advanced
Operating System - Synchronization Mechanisms – Concept of a Process, Concurrent
Processes – The Critical Section Problem, Other Synchronization Problems – Language
Mechanisms for Synchronization – Axiomatic Verification of Parallel Programs - Process
Deadlocks - Preliminaries – Models of Deadlocks, Resources, System State – Necessary and
Sufficient conditions for a Deadlock – Systems with Single-Unit Requests, Consumable
Resources, Reusable Resources.
This presentation covers the general concepts about real-time systems, how Linux kernel works for preemption, the latency in Linux, rt-preempt, and Xenomai, the real-time extension as the dual kernel approach.
Course Objectives:
• Help the student to achieve a broad understanding of the
main types of memory forensic data gathering and analysis
• Serve as an introduction to low level concepts necessary for
a proper understanding of the task of performing memory
forensics on Windows, MacOSX and Linux (incl. Android).
• Put the student in contact with different memory forensics
tools and provide him information on how to use the
gathered forensic data to perform a wide range of
investigations
In this Lab, we go through the steps to prepare the Raspberry Pi board for the projects in the course. this includes selecting the OS and setting it up on the SD card, connecting the Pi, and booting it.
The Lab also goes through setting up the network interfaces (both wired and wireless) and remote connecting into the Pi
Video: http://joyent.com/blog/linux-performance-analysis-and-tools-brendan-gregg-s-talk-at-scale-11x ; This talk for SCaLE11x covers system performance analysis methodologies and the Linux tools to support them, so that you can get the most out of your systems and solve performance issues quickly. This includes a wide variety of tools, including basics like top(1), advanced tools like perf, and new tools like the DTrace for Linux prototypes.
Live Memory Forensics on Android devicesNikos Gkogkos
This presentation deals with some RAM forensics on the Android OS using the LiME tool for getting a RAM dump and the Volatility framework for the analysis part!
Overview - Functions of an Operating System – Design Approaches – Types of Advanced
Operating System - Synchronization Mechanisms – Concept of a Process, Concurrent
Processes – The Critical Section Problem, Other Synchronization Problems – Language
Mechanisms for Synchronization – Axiomatic Verification of Parallel Programs - Process
Deadlocks - Preliminaries – Models of Deadlocks, Resources, System State – Necessary and
Sufficient conditions for a Deadlock – Systems with Single-Unit Requests, Consumable
Resources, Reusable Resources.
This presentation covers the general concepts about real-time systems, how Linux kernel works for preemption, the latency in Linux, rt-preempt, and Xenomai, the real-time extension as the dual kernel approach.
Course Objectives:
• Help the student to achieve a broad understanding of the
main types of memory forensic data gathering and analysis
• Serve as an introduction to low level concepts necessary for
a proper understanding of the task of performing memory
forensics on Windows, MacOSX and Linux (incl. Android).
• Put the student in contact with different memory forensics
tools and provide him information on how to use the
gathered forensic data to perform a wide range of
investigations
In this Lab, we go through the steps to prepare the Raspberry Pi board for the projects in the course. this includes selecting the OS and setting it up on the SD card, connecting the Pi, and booting it.
The Lab also goes through setting up the network interfaces (both wired and wireless) and remote connecting into the Pi
Video: http://joyent.com/blog/linux-performance-analysis-and-tools-brendan-gregg-s-talk-at-scale-11x ; This talk for SCaLE11x covers system performance analysis methodologies and the Linux tools to support them, so that you can get the most out of your systems and solve performance issues quickly. This includes a wide variety of tools, including basics like top(1), advanced tools like perf, and new tools like the DTrace for Linux prototypes.
AdminCamp 2018 - IBM Notes V10 Performance BoostChristoph Adler
IBM Notes mit einer besseren Performance auszustatten, muss nicht kompliziert sein. In einer bereits für IBM Notes V10 (Beta-2) aktualisierten Version, zeigt Christoph Adler Ihnen, was eingestellt werden muss, um die bestmögliche Performance zu erreichen. In diesem Zuge werden Themen wie ClientClocking, ODS, Netzwerk-Latenzen und gesteigerte Applikations-Performance behandelt. BestPractices bzgl. Arbeitsumgebungs- und Verbindungsdokumente und warum die catalog.nsf so wichtig ist. Verbessern Sie Ihre IBM Notes 10 (Beta-2) Installation so, um Benutzer (wieder) glücklich zu machen. Denn "glückliche Benutzer == glückliche Admins".
In this PowerPoint, learn how a security policy can be your first line of defense. Servers running AIX and other operating systems are frequent targets of cyberattacks, according to the Data Breach Investigations Report. From DoS attacks to malware, attackers have a variety of strategies at their disposal. Having a security policy in place makes it easier to ensure you have appropriate controls in place to protect mission-critical data.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
ICONUK 2018 - IBM Notes V10 Performance BoostChristoph Adler
Maximizing IBM Notes client to performance doesn't have to be complicated! Reloaded for the latest IBM Notes V10 (beta), join Chris and find out what can be tuned - and how to resolve it. Learn how to debug your client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to users. Gather best practices on how to streamline location and connection documents and why the catalog.nsf is so important. Improve your IBM Notes V10 client installations to provide a better experience for happier administration and happier end users! As a special bonus, Chris will show you how to reduce the startup time of virtualized IBM Notes V10 Clients (Citrix / VMWare / etc).
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Leading Change strategies and insights for effective change management pdf 1.pdf
What the Heck Just Happened?
1. What the Heck Just Happened?
An Introduction to Digital Forensics
for Incident Response
Ken Evans
Information Security Incident Response Lead
Henry Ford Health Systems
CISSP, GSEC, GCFA, GCFE
Kevans.infosec@gmail.com
http://csc-hub.com/what_the_heck.pdf
2. What We’re Covering
• Introduction to Digital Forensics
• Basic memory analysis of a host with
Mandiant Redline
• Intermediate file system analysis of a host
with Log2timeline
3. We Are NOT Covering…
• Proper evidence handling procedures
• Detailed information about forensic
artifacts
• About 165 tools in the SANS SIFT
workstation
• The best way to scale this for a business
4. To Get the Most Value From This Presentation
• Don’t try to memorize the steps
• Keep a high level view and go for the
concepts
• See if this looks useful or fun
• Follow-up by getting the presentation and
accessing the links at the end
5. The Scenario
• You’re at work browsing when suddenly a popup window
appears and then goes away immediately.
• You look at your system for a minute, don’t see anything
amiss, shrug your shoulders and keep browsing.
• Thirty minutes later the help desk calls you and asks why you
are pinging an RBN command and control server in the
Ukraine.
• A virus scan and a reboot later, no one sees any problem,
and the traffic has stopped, so they leave you to your own
devices.
BUT…
8. Our Approach
Memory is VERY volatile, we need to capture
it as soon as possible.
We’ll use Mandiant Redline for this.
Logs and other artifacts on the disk are also volatile,
in that they can decay and additional noise can make
it harder to find the entries we want.
We’ll take a disk image and create a
Super Timeline for this.
9. Some Assembly Required
1. Examiner system (64-bit, 4 GB RAM for VMware support)
2. Installation of Mandiant Redline on the Examiner system
3. External storage, larger than memory
4. External storage, larger than the source hard drive
5. Ubuntu Desktop 14 install disc on DVD or bootable USB
6. Installation of VMware Player on Examiner system
7. Installation of SANS SIFT Workstation 3 on Examiner system
8. MS Excel or other spreadsheet program (macro compatible)
For Memory Analysis:
For Disk Image Analysis:
10. Mandiant Redline Overview
Malware can sometimes hide in transit or on disk,
but eventually…
IT MUST EXECUTE
And to do that it needs to use…
MEMORY!
Mandiant Redline is a great way to visually analyze
the memory on your machine to look for problems.
11. Creating a Redline Collector
Create a “Standard Collector” from Redline on your Examiner system.
12. Collector Option - Acquire Memory Image
Make sure to Acquire Memory Image. Save the Collector to USB device.
13. Running the Redline Collector on the Subject
Run Redline from the USB device with a command line
session with elevated privileges.
14. Collector Can Take a While
Depends mostly on:
• Machine speed
• RAM size
• Disk speed
15. Time for the Subject Disk Image
We need to capture a disk image without changing or
corrupting the contents.
One simple way to do this is to use
Linux to read the disk.
Professionals would use a write blocker or do a live
capture here, but those are more complicated or
need special equipment or software.
19. Note the Source Drive with lsblk
Source 30 GB drive device is
/dev/sda2
Mounted external media is
/media/ubuntu/FreeAgent Drive
Note: In Linux, everything is a file.
20. Use the dd Command to Make a Disk Image File
dd Command Syntax
if = input “file”
of = output file
bs = bytes to copy (i.e. buffer size)
conv= convert flags
noerror = continue if you get an error
notrunc = do not truncate the output file
21. Image Can Take a While
Depends mostly on:
• Machine speed
• Disk size
• Disk speed
22. Analyze the Memory
• Shutdown Ubuntu / Subject system
• Hook the USB drive up to your Examiner system
• Run Mandiant Redline
23. Open Collected Redline Data
Click on upper-left “R” symbol for menu, and select Analyze Collected Data.
24. Browse to your Collector Data
Browse to the Collector data on the USB device.
25. Select the Time Stamped Audit Folder
Drill down through the Redline directory until you get to the folder that is based
on the date the collector ran. Then click the Select Folder button.
26. Browse to your Collector Data
We don’t need the Advanced or Indicators of Compromise options. Click Next.
33. Analyze the Disk Image
• Hook the USB drive up to your Examiner system
• Launch Vmware Player
• Launch SIFT Workstation
• Make sure USB drive is readable (mounted) in the
SIFT Workstation
34. Super Timeline Process Overview
• Unbuntu desktop live CD boot, dd command
1. Acquire Image
• Launch SIFT workstation, mount command
2. Mount image for processing
• log2timeline command
3. Create comprehensive timeline
• l2t_process command
4. Filter the timeline
• Colorize, sort, and analyze
5. Apply colorization macro
38. Mount the .dd Image
mount Command Syntax
[options] sourcefile mountpoint
-o = options flag
ro = read-only
loop = loopback
show_sys_files = yes, show them
streams_interface = how to interpret alternate data streams
40. Execute the log2timeline Command
log2timeline Command Syntax
[options] [-f format] [-z timezone] log_file [-w bodyfile]
-p = preprocess (trust me, you want it)
-r = recursive
-f = format. There are several, check the docs for your type (-f list).
-z = timezone. Use the timezone for the subject. Check the docs for the string
…….(-z list).
44. Timeline Might Take a While
Depends mostly on:
• Machine speed
• Disk speed
• Age of machine /
size of logs
45. Let’s Trim it Down
The resulting file will be between hundreds of thousands and a
couple million entries. Yuck. Let’s focus on our pivot point.
46. l2t_process Command
l2t_process Command Syntax
l2t_process [OPTIONS] -b CSV_FILE [DATE_RANGE]
Where DATE_RANGE is MM-DD-YYYY or MM-DD-YYYY..MM-DD-YYYY
NOTE: Make sure to process at least 1 full day (e.g. 23rd to 24th in this example)
49. Output of l2t_process
This is a date filtered file, with all the duplicates removed. We still
have 80K entries for 1 day, but we are closer.
50. Color Timeline Blog Entry
1. Download it - Open Timeline Color Template
2. Switch to Color Timeline worksheet/tab
3. Click on Cell A-1
4. Select 'DATA' Ribbon
5. Import Data "FROM TEXT"
6. Select log2timeline.csv file
7. TEXT IMPORT WIZARD Will Start
8. Step 1 -> Select Delimited ->Select NEXT
9. Step 2 -> Unselect Tab under Delimiters -> Select Comma under Delimiters -> Select NEXT >
10. Step 3 ->Select Finish
11. Where do you want to put the data? Simply Select OK.
12. Once imported View -> Freeze Panes -> Freeze Top Row
13. Optional Hide Columns Timzone, User, Host, Short or Desc (keep one of these), Version
14. Select HOME Ribbon
15. Select all Cells "CTRL-A"
16. In Home Ribbon -> Sort and Filter - Filter
http://digital-forensics.sans.org/blog/2012/01/25/digital-forensic-sifting-colorized-super-timeline-
template-for-log2timeline-output-files
51. What Does the Color Template Do?
The color template will apply the following colors to rows in
the timeline file.
54. Summary
• We used Mandiant Redline to do a quick memory
analysis to find out if we had a problem
• svchost.exe was called out by Redline
• We followed it up with a more detailed file system
analysis
• We found a svchost.exe call in the middle of
several other events of note
55. Resources - 1
SANS SIFT Workstation 3.0 Download
http://digital-forensics.sans.org/community/downloads
SANS SIFT Workstation Blog
http://digital-forensics.sans.org/blog/category/sift-workstation
SANS SIFT Workstation YouTube series
https://www.youtube.com/playlist?list=PL60DFAE759FCDF36A
Super Timeline Creation Cheat Sheet
http://blogs.sans.org/computer-forensics/files/2011/12/digital-forensics-incident-
response-log2timeline-timeline-cheatsheet.pdf
Timeline Colorization Template Instructions
http://digital-forensics.sans.org/blog/2012/01/25/digital-forensic-sifting-colorized-super-
timeline-template-for-log2timeline-output-files
56. Resources - 2
Mandiant Redline Download
https://www.mandiant.com/resources/download/redline
Example: Use the Mandiant Redline memory analysis tool for threat assessments
http://searchsecurity.techtarget.com/video/Use-the-Mandiant-Redline-memory-analysis-
tool-for-threat-assessments
Kevans.infosec@gmail.com
http://csc-hub.com/what_the_heck.pdf