Once the we have downloaded and successfully installed Redline, we next have to setup our collector. Let's use the 'Standard Collector". For this we will only collect the minimum amount of information required for an analysis.
From the standard collector page we select "Acquire Memory Image" and then "Browse" for the directory to which the collector should be stored
Once the collector has finished running it will report the message below.
So now that we have finished setting up our collector. Let's look at the next post for how we will collect the contents of RAM from the suspect machine.
Reference:
https://www.mandiant.com/resources/download/redline
No comments:
Post a Comment