Redline is considered Mandiant’s premier free tool for host investigative capabilities (Mandiant, 2015). While Redline has the ability to audit and collect running processes and drivers from memory, file system metadata, registry data, event logs, network information, service and tasks (Mandiant, 2015) the objective of this post is to evaluate its web history component.
Figure below shows Mandiant's Redline Main Screen
OS used
Windows 10 Insider Preview
Browsers Tested
Firefox v39.0
Internet Explorer v11.0
Google Chrome - v43.0.2357.134 m
Opera v30.0.1835.125
Project Spartan (Microsoft Windows [Version 10.0.10130])
Functional Analysis
This analysis will test Redline's ability to identify the following from all browsers.Links visited
Date visited
Time visited
Cookies
Search entries
Action taken
Browser used
Files downloaded
Links opened within each browser
http://securitynik.blogspot.comhttp://www.gmail.com
http://www.cnn.com
http://www.washingtonpost.com
http://www.nba.com
http://www.nhl.com
https://www.youtube.com
http://www.portableapps.com
http://www.sourceforge.net
Videos played from
htttp://www.youtube.comSearch for “Linux Security”
https://www.youtube.com/watch?v=Liw86dRI0Qo
https://www.youtube.com/watch?v=Liw86dRI0Qo
https://www.youtube.com/watch?v=c_PZvA9qi2k
Files downloaded from sourceforge.net
http://sourceforge.net/projects/clamwin/?source=directoryhttp://sourceforge.net/projects/ophcrack/?source=directory
http://sourceforge.net/projects/shielausbshield/?source=directory
http://sourceforge.net/projects/modbus-traffic-generator/?source=directory
Files downloaded from portable apps:
http://portableapps.com/apps/music_video/aimp-portablehttp://portableapps.com/apps/music_video/cdex_portable
http://portableapps.com/apps/music_video/audacity_portable
Now that we have laid out the information relating to the test, in part two we will look at the actual analysis. See you there
great
ReplyDelete