Accelerated Live Response

Redline®, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.

With Redline, you can:

  • Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history.
  • Analyze and view imported audit data, including the ability to filter results around a given timeframe using Redline’s Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.
  • Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.
  • Identify the processes most worth investigating using the Redline Malware Risk Index score.
  • Perform Indicators of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.

In addition, users of FireEye’s Endpoint Threat Prevention Platform (HX) can open triage collections directly in Redline for in-depth analysis allowing the user to establish the timeline and scope of an incident.

Complete the short form to the right to download your free version of Redline 1.14.

Get Redline Free


Current Version: Redline 1.14
Release Date: June 12, 2015

Redline 1.14 includes several enhancements specific for HX customers. This release includes visualization of and filtering by the alerts that caused a triage package to be collected. It also includes the ability to analyze URL activity and process events as newly collected in the latest version of HX.

Supported Operating Systems: Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)

File Size: 66.94 MB

Integrity Hashes:
MD5     F51F458F7A69F9EF8FFEC9693A4444C5
SHA-1  60A972C62BF8AA6F33F133BDE5866A46F5164840

Current Version: Whitelist 1.0 for Redline**
Release Date: July 11, 2012

File Size: 31.6 MB

Integrity Hashes:
  MD5: 0e8fdc80faffe72bb02799d6cdc75d0a
  SHA-1: 22eb80e40ea3a84b0ed3d821730485253ab31738
  MD5: 8448C5E5D4F9273DFA15F00D708F9173
  SHA-1: F2A9E7A87BAB4AC41E893EB721739E41226D2BDC