A victim VM has been deliberately infected with Meterpreter via an IE exploit. The video shows copying over a Redline collector to extract forensic artifacts and save them to network share. The artifacts are then imported to an analysis workstation over sftp and opened in Redline. The analysis starts at the highest malicious score to discover injected memory, reverse the chain of malicious processes. Once it’s established that IE spawned a malicious Notepad process, view the timeline and use time wrinkle to narrow search.