As we discuss before, Redline is a great tool for investigating endpoints. In this post, we will explain how to collect memory data with Redline.
First, in the main page of Redline, we click on “Create a Standard Collector” button. In the opened window, we click on “Edit your script” label and be sure we choose all we need for memory analysis. Then we create a folder for analysis and show it with browsing in the Redline window.
This process will create the data collector in the folder we choose. Then we open a cmd and run “RunREdlineAudit.bat” script in this folder.
Once the script starts to run, you can see some analysis created in “Audit” folder. Sure, it will take some time to finish the analysis.
When it finishes, click on “AnalysisSessionX.mans” file in the “Audit” folder and this will open Redline again.
This file provides us all the information that we checked at the beginning (Edit your script).