Mandiant Redline

Mandiant Redline is a program that provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.

You can audit and collect all running processes and drivers from memory, file system metadata, registry data, event logs, network information, services, tasks and web history.