Introduction to Redline
Рет қаралды 40,478
Күн бұрын
@ChrissssOfficial 7 ай бұрын
your content is amazing man. Seriously. Thanks!
@SilentKoala 6 жыл бұрын
This video is very clear to understand / follow...
@shahidkhan-pl1dn 4 жыл бұрын
24:18 Now we have options for mac OSX and linux as well
@IBITZEE 5 жыл бұрын
Another great video... Thanks--- a bit long... but I couldn't stop watching...
@TheKiller7276 7 жыл бұрын
Another good video. I look forward to the next one.
@CatSmiling 2 жыл бұрын
amazing as usual
@sumitbhat5961 5 жыл бұрын
how to take image while doing live forensics and window OS screen is locked?
@danafellows1542 4 жыл бұрын
Been trying to watch this video and there is a constant loop of ads playing. I click "Skip Ad" and another starts to play about 10 seconds later. Closed the browser and reopened, same thing. Weird.
@13Cubed 4 жыл бұрын
Not sure what's going on there. I don't see any problems on my end. Maybe try an incognito/private browsing session, or a different browser?
@alanharper5087 2 жыл бұрын
Good stuff Rich. Please consider creating a module for extracting passwords and using mimikatz.
@Taskdriper 6 жыл бұрын
really great piece of content
@Glen_Tyson Жыл бұрын
I was wondering is there a possibility the file could take longer than an hour to run? At the two hour mark now and not sure if it’s right or not
@13Cubed Жыл бұрын
Hard to say, but I've seen this take quite a while.
@lukemallett7964 7 жыл бұрын
What other tools could you use during the analysis section, if you just wanted to use redline for memory collection? (any FOSS for example?)
@13Cubed 7 жыл бұрын
Volatility, Rekall, etc., but I wouldn't use Redline Collectors unless I was going to analyze the data with Redline. You could use FTK Imager, Belkasoft RAM Capturer, DumpIt, or any number of other tools to acquire memory.
@lukemallett7964 7 жыл бұрын
13Cubed wow such swift response Thankyou!
@EkramHBGaleti Жыл бұрын
@@13Cubed Can we collect Memory image through FTK Imager. My Prof has always recommended Red Line and Volatility for Memory image.
@FahadAldosary 7 жыл бұрын
Thanks you are always great.
@ΜιλτιαδηςΓεωργιου-φ7ρ 4 жыл бұрын
Hello sir! Congratulations for the detailed video...I am a student and i have an issue about redline. I have to restore deleted files using redline. Do you know where to search? And how to do that? Thank you in advance!
@13Cubed 4 жыл бұрын
Redline is not a data recovery tool. I'm not sure what you are trying to do?
@ΜιλτιαδηςΓεωργιου-φ7ρ 4 жыл бұрын
@@13Cubed "Use and analyze Redline by Fireeye. Perform host investigation and find malicious activity through memory and file analysis. Develop a threat assessment profile using the tool" that's exactly the exercise that i have about redline. So far i have found the deleted file through your video, but i am stuck...
@maymotto 6 жыл бұрын
can anyone offer advice? ive created a .dmp file with DumpIt and a .raw file with Magnet RAM Capture. When analysing the .raw file in redline i can get a lot of information, but when trying to analyse the .dmp there is no information at all. Any adivce?
@13Cubed 6 жыл бұрын
What version of Redline are you running? Have you watched the "Introduction to Redline - Update" video? That may be of interest to you.
@maymotto 6 жыл бұрын
Hi, thanks for your reply. I am running version 1.20.1. I haven't watched that I will check it out.
@13Cubed 6 жыл бұрын
Hmm. That is the new version that corrected many of the issues I had (including no results when analyzing certain captures). Can you try to obtain a memory capture with FTK Imager and see if you get the same results? If both FTK and Magnet's tools work, I would point the finger at DumpIt.
@maymotto 6 жыл бұрын
I've tried with FTK and Encase and both seem fine. Also tried another dump with DumpIt and Redline still didn't read anything. Probably a problem with DumpIt!
@13Cubed 6 жыл бұрын
may motto Yep, sounds that way.
@4n6wizard 6 жыл бұрын
I have been running Redline since 0930 today in a Mac laptop with Windows 10 Pro on it, is taking more than an hour and is not done yet, hopefully it will be done soon then ill run Ostriage to capture the RAM again to compare the results. One con in my opinion is that it take to long if I have to capture RAM from a life box in a crime scene.
@Eskimoz 5 жыл бұрын
Belle réalisation !
@4n6wizard 6 жыл бұрын
Great video, do you mind making a memory analysis video using FTK imager? Thanks
@13Cubed 6 жыл бұрын
FTK Imager can be used to acquire memory, but not to analyze it. Redline, Volatility, Rekall, etc. would be better suited for that task. FTK could be used, but I don't have a personal license for that software, and generally stick with open-source (free) tools, or lesser expensive tools that can be utilized by many.
@4n6wizard 6 жыл бұрын
Have you ever use OsTriage? Is pretty much the same concept the .exe have to be run from the USB, It seem to me that after running OsTriage on a life box I get a lot of information from the RAM just like Redine, I'm going to give it a try for sure. Very nice video keep up the great work, you are very knowledge.
@inokentiy_potapuch 4 жыл бұрын
Thanks!
@davidm1635 4 жыл бұрын
Time for a refresh, redline 2.0 (4/28/20)
@13Cubed 4 жыл бұрын
Good point. I'll add that to the suggestion list.
@subhamoyguha3481 5 жыл бұрын
nice.. please make more details video about it.
@manikandanpalanivel5203 4 жыл бұрын
What is -k parameter and what is means
SANS Digital Forensics and Incident Response
Рет қаралды 54 М.
SANS Digital Forensics and Incident Response
Рет қаралды 21 М.