Giters

jaegeral / yara-forensics-rules

A collection of yara rules that can be used for forensics (non malware) cases but also some other rules

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

yarayara-rulesyara-forensics

yara-forensics-rules

A collection of yara rules that can be used for forensics (non malware) cases

License: GPL v3 DFIR: Yara rules Travis build

Yara is the pattern matching swiss knife for malware researchers (and everyone else). Basically Yara allow us to scan files based on textual or binary patterns, thus we can take advantage of Yara's potential and focus it in forensic investigations.

Reason

If you start analysing a forensic image, a fast way to detect certain files like password safes is by using yara. It can also be used to hunt on file repositories for interesting files.

Malware

This repo is not meant to cover yara rules in regard to malware / rootkits / threat actors.

Using

sudo apt-get install yara
git clone https://github.com/jaegeral/yara-forensics-rules

Other projects

About

A collection of yara rules that can be used for forensics (non malware) cases but also some other rules

yarayara-rulesyara-forensics

License:GNU General Public License v3.0

Languages

Language:YARA 100.0%