Professional Documents
Culture Documents
Redline
Redline, released by Mandiant, is a forensic tool that is able to detect malware through both
memory and file analysis. In addition, Redline creates a threat assessment for suspected
malicious activity. Although there are several options in the software, one choice is the standard
collection that will collect data from the memory of the device. To provide assistance in
analyzing the data, the following information is provided during the standard collection. In
addition, tags and comments can be added as shown below. I was able to generate a list of this
information.
After clicking on the Wireless Network Connection, a capture of the interface was printed on the
screen. The information included a numbered list, the time, source, destination, protocol, length,
and information identifying whether it is application data, a standard query, a name query, etc.
One note though, if this program is not run as admin or root it will not be able to see any
interfaces.
Autopsy
The digital forensic tool, Autopsy, is commonly used by law enforcement, military, and
corporate examiners to investigate what happened on a computer. You can even use it to
recover photos from your camera's memory card (Carrier, B., 2015). According to the website,
Autopsy features include timeline analysis, hash filtering, keyword search, web artifacts, data
carving, multimedia, and indicators of compromise.
The
autopsy
report is
based on
the
selection
of an
image file,
logical file,
or local
disk.
References
Autopsy Download. 2015 Sourceforge. Slashdot Media. Retrieved August 13, 2015 from
http://sourceforge.net/projects/autopsy/files/latest/download?source=files
Carrier, B. 2015. Autopsy. The Sleuth Kit. Retrieved August 13, 2015 from
http://www.sleuthkit.org/autopsy/
FTK Imager User Guide.July 2, 2014. FTK Imager Imager Download. Access Data. Retreived
August 13, 2015 from http://accessdata.com/product-download/digital-forensics/ftk-imagerversion-3.2.0.
Razaq, H. April 26, 2014. How to Use FTK Imager, part 2 of 3. Youtube.com Retreived August
13, 2015 from https://www.youtube.com/watch?v=5Y_ZB0l9NgY.
Redline. 2015. Mandiant a FireEye company. Software Downloads, Redline. Retreived on
August 13, 2015 from .http://www.mandiant.com/resources/download/redline/.
Wireshark. 2015 Wireshark Foundation download. Retrieved on August 13, 2015 from
https://www.wireshark.org/download.html.