Forensic Tool
Forensic Tools: Redline Vs. Volatility
One of the hardest choices to make when dealing with a problem is, what tool will resolve this issue? There are hundreds of tools that deal with the different aspects and approaches to memory forensics and incident response. Failing to choose a tool, leaves a hole in mission related capabilities. The two that are discussed within this paper are Redline and Volatility. These tools address the issue of memory forensics and incident response; however, they take different approaches to accomplish that goal. Redline is a Windows specific, GUI based program with minimal functionality, but a streamlined approach to giving you the important data up front. Volatility is compatible with Windows, Linux, Mac, and …show more content…
It pulls out information based on its’ designed indicators, without the user needing to dive too deep searching for signs of compromise. The tool then takes all the important information and organizes it into a visual timeline. This is important to analysts because without knowledge of when events took place, it is hard to grasp the full impact of what took place. Giving a user as much information in as simple a form as possible is the main goal of Redline. The main drawback of Redline is that in most cases that a 35Q deals with, a general simplified overview isn’t going to be enough. A 35Q is an advanced user and will not need to rely so heavily on a GUI based explanation of events. Having only capabilities of performing forensics on Windows based systems is another problem with Redline that is not suitable for an everchanging mission field. Redline is a tool that has a role to fulfill, it does not, however, align with the responsibilities and technical level of a …show more content…
The plugins available cover everything that needed while conducting forensics. If a capability is discovered that Volatility does not include, it is open source so you are able to develop plugins to fit that need. The tool also covers many different memory formats, therefore no matter what is encountered during an investigation, volatility can handle it. The biggest pro to Volatility is how adaptable and versatile it is, however it comes at a price. Since volatility is command line based, it is more difficult to learn than a GUI based software. Volatility does not provide the information needed right up front. Customizing and knowing how to utilize the toolkit is required. It will also take much longer to train a new user on how to navigate the toolkit over a GUI based software. Though Volatility does have its’ drawbacks, the pros far outweigh the cons. (“Volatility,”
One of the hardest choices to make when dealing with a problem is, what tool will resolve this issue? There are hundreds of tools that deal with the different aspects and approaches to memory forensics and incident response. Failing to choose a tool, leaves a hole in mission related capabilities. The two that are discussed within this paper are Redline and Volatility. These tools address the issue of memory forensics and incident response; however, they take different approaches to accomplish that goal. Redline is a Windows specific, GUI based program with minimal functionality, but a streamlined approach to giving you the important data up front. Volatility is compatible with Windows, Linux, Mac, and …show more content…
It pulls out information based on its’ designed indicators, without the user needing to dive too deep searching for signs of compromise. The tool then takes all the important information and organizes it into a visual timeline. This is important to analysts because without knowledge of when events took place, it is hard to grasp the full impact of what took place. Giving a user as much information in as simple a form as possible is the main goal of Redline. The main drawback of Redline is that in most cases that a 35Q deals with, a general simplified overview isn’t going to be enough. A 35Q is an advanced user and will not need to rely so heavily on a GUI based explanation of events. Having only capabilities of performing forensics on Windows based systems is another problem with Redline that is not suitable for an everchanging mission field. Redline is a tool that has a role to fulfill, it does not, however, align with the responsibilities and technical level of a …show more content…
The plugins available cover everything that needed while conducting forensics. If a capability is discovered that Volatility does not include, it is open source so you are able to develop plugins to fit that need. The tool also covers many different memory formats, therefore no matter what is encountered during an investigation, volatility can handle it. The biggest pro to Volatility is how adaptable and versatile it is, however it comes at a price. Since volatility is command line based, it is more difficult to learn than a GUI based software. Volatility does not provide the information needed right up front. Customizing and knowing how to utilize the toolkit is required. It will also take much longer to train a new user on how to navigate the toolkit over a GUI based software. Though Volatility does have its’ drawbacks, the pros far outweigh the cons. (“Volatility,”