One powerful tool that analysts should include in their toolkits is Mandiant Redline. This Microsoft Windows application provides a feature-rich platform for analyzing memory images. These features include the ability to create a memory collector, although the tool will work with memory captures that have been performed via tools previously discussed. There is also the ability to utilize previously discovered Indicators of Compromise (IOCs) to aid in the examination. The tool can be downloaded at https://www.fireeye.com/services/freeware/redline.html. The download package includes a Microsoft self installer.