Analyzing Memory in the Wonderful World of Redline

Redline is one of a few memory capture/analyzer programs that I keep in my toolkit. How it works is that the software needs to only be installed on the system that you will be analyzing the data on and from there, you would configure the options you want to include grabbing a copy of live memory and save the custom script from Redline. With said script in hand, you would then run it on the system from which memory will be captured. The output will be saved to the location from where the script ran from. With the output data in hand, you would then take it back to you analyst system and import the data into Redline.

Upon importing the data, you will be presented with a few options to aid you in your investigation and after that, you will be presented with a gui of said data. Redline will also provide an MRI (Malware Risk Index) score based on a multiple factors and if it considers it to be bad or very suspicious, it will have a red circle next to it as seen below.


Redline has the ability to analyze memory captures for Memoryze and other captures in the format of .img. I have tried other memory capture formats with 50/50 results.