Skip to content
/ yara-forensics-rules Public

A collection of yara rules that can be used for forensics (non malware) cases but also some other rules

License

GPL-3.0 license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jaegeral/yara-forensics-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits

eml

eml

 
 

interesting

interesting

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

yara-forensics-rules

A collection of yara rules that can be used for forensics (non malware) cases

License: GPL v3 DFIR: Yara rules Travis build

Yara is the pattern matching swiss knife for malware researchers (and everyone else). Basically Yara allow us to scan files based on textual or binary patterns, thus we can take advantage of Yara's potential and focus it in forensic investigations.

Reason

If you start analysing a forensic image, a fast way to detect certain files like password safes is by using yara. It can also be used to hunt on file repositories for interesting files.

Malware

This repo is not meant to cover yara rules in regard to malware / rootkits / threat actors.

Using

sudo apt-get install yara
git clone https://github.com/jaegeral/yara-forensics-rules

Other projects

About

A collection of yara rules that can be used for forensics (non malware) cases but also some other rules

Topics

yara yara-rules yara-forensics

Resources

Readme

License

GPL-3.0 license
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages