Okay, So Red Line has finished running the analysis on my local machine.
Hey, and I met this full screens. We can see a little bit better.
A lot of good information here, for instance,
uh, at the home screen, Will home icon here
the dashboard is essentially showing.
These are all the areas where you can launch your investigation. I've got information about my system,
God's domain, its name, its I P address.
And depending on one of the tools you're using, like a checks
or the memory analyzer, for instance, you can
go further into looking at this. This data, for instance, I can click investigate for my system information, and it basically starts taking me down these side areas here
reviewing a live response or memory image
looking at IOC's that might be might have been discovered So you can go further with that.
I'm gonna go ahead and click these US. We can just review the information that's provided
a lot of good data about the OS users, even bios, settings,
a little bit about network adapters.
I've got a bunch of virtual network adapters because I work with the EMS.
I can see my service is
any persistance related programs that have registry injuries. As you can see here,
that could be important because often malware will
try to install itself in such a way that it starts up every time the system is booted
and I've got user information.
a bit of information about D. N s
showing whatever sites I visited recently.
a records point of records
even routing information.
And this is all good to look at because
there could be anomalies here. You know that
sometimes malware will try to change the default route for man the middle attack purposes, for instance.
But I could look at my discs
looking at internal drives, even partitions,
I think showing up there
on different volumes You are l history
And I didn't even select all of the different
options for gathering information. So
still quite a bit of data to look at
timeline. I can look at all this information and different timelines
obviously, ways to drill down and work detail is gonna take a moment for this to load the items we can see here.
And I can also go to my IOC reports tab.
That might take a moment cause it's still trying to load items.
Once that finishes, you can You could look to see if any were discovered.
And, uh, there we go.
So no reports are available. I could run a report.
I can create a new IOC report,
but you can see it found a lot of things that could be interesting. I've got registry modifications,
files that were modified, falls created.
Many of these things might be completely innocent,
but you won't know until you dig a little deeper and do some analysis.
All right, so that's a nice little overview of the red line tool.
So you're the next section.