Endpoint Incident Response using - Redline by FireEye

Redline by FireEye is a security endpoint tool that provides accelerated live response, host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.

What are the capabilities of this tool?

With Redline, we can: 

      • Audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.
      • Analyze and view imported audit data, including the ability to filter results around a given time frame using Redline’s Timeline functionality features.
      • Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
      • Perform Indicator of Compromise(IOC) analysis. Supplied with a set of IOC’s, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.

From an incident response perspective, identifying the patient zero during the incident or an infection is just the tip of the ice berg. A responder must gather evidence, artifacts, and data about the compromised systems and having the right tool to execute these actions is a must. Not only it automate everything, but it also helps the responder to reduce the time to solve the issue.