Mandiant Redline Logo
Redline, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.  With Redline, users can:
  • Thoroughly audit and collect all running processes and drivers from memory, file system metadata, registry data, event logs, network information, services, tasks, and web history.
  • Analyze and view imported audit data, including narrowing and filtering results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
  • Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
  • Identify processes more likely worth investigating based on the Redline Malware Risk Index (MRI) score.
  • Perform Indicator of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.

In addition, Redline can be used in conjunction with Mandiant for Intelligent Response®(MIR®) and Mandiant for Security Operations™:
  • Investigators can open audits gathered in Mandiant for Intelligent Response (MIR) directly in Redline to quickly identify a malicious process and create an IOC based on the analysis. MIR can use this IOC to quickly sweep a network to identify all other systems running the same or similar malware.
  • Mandiant for Security Operations users can open triage collections directly in Redline in order to perform in-depth analysis allowing the user to establish a timeline and the scope of an incident.
Mandiant Redline 1.11 includes various changes to improve your user experience, and adds support for Windows 8 and 2012. A redesigned find panel remains open and offers users the ability to search and filter on a specific column. You can also filter lists by multiple tags at the same time and choose whether to include only items that do or do not have a comment. Finally, the Redline Collector now provides beta support for gathering Windows 2012 and Windows 8 data..

Supported Operating Systems: Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)

Tutorials ::

User Guide :: Mandiant Redline 1.11 (PDF)
Redline Blog :: Mandiant Redline Blog 

Download ::

Windows :: Mandiant Redline v1.11

Official Website ::


Post a Comment