A look at Redline from Mandiant

Redline is a nice tool to investigate a particular host for signs of compromises. It works on Windows and is freely available on the FireEye site .

redline1
Redline Interface

At a glance, we have options to collect data from the host or Analyse an existing data collected file. In our case , I am going to create  a Standard Collector for the sake of this demo.

Redline2
Redline Review Script Configuration

It is clear that the script will run the Collector and save it to a folder named ‘Sessions\AnalysisSession2´ in our case because we run the script twice as in the figure below

redline5
AnalysisSession2.mans file to import in Redline

As said in the Readme.txt file, AnalysisSession2.mans has to be openend in Redline to continue with the investigation. We can go through the System Information,Processes,…

The tool is worth a try.

Happy investigations

redline6
Investigative options after opening the AnalysisSession2.mans file
Advertisements

How much is your Gmail Account Worth?

Many emails account are hijacked everyday. Cybercrooks are selling those compromised accounts in the black market. If you are using Gmail , then there is an auditing method of  knowing its retail price on the underground.

The university of Illinois at Chicago has created a Gmail account audit tool called Cloudsweeper.

Cloudsweeper
Cloudsweeper

As seen in the picture above  My account is worth $5. It has also helped me finding plain text passwords which were sent to my email. The tool rocks and is worth trying.

Plain text passwords found by Cloudsweeper
Plain text passwords found by Cloudsweeper