https://github.com/jaegeral/yara-forensics-rules
A collection of yara rules that can be used for forensics (non malware) cases but also some other rules
https://github.com/jaegeral/yara-forensics-rules
yara yara-forensics yara-rules
Last synced: 3 months ago
JSON representation
A collection of yara rules that can be used for forensics (non malware) cases but also some other rules
- Host: GitHub
- URL: https://github.com/jaegeral/yara-forensics-rules
- Owner: jaegeral
- License: gpl-3.0
- Created: 2019-01-08T20:25:00.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2022-12-02T20:31:31.000Z (over 2 years ago)
- Last Synced: 2025-01-11T19:31:31.830Z (5 months ago)
- Topics: yara, yara-forensics, yara-rules
- Language: YARA
- Homepage:
- Size: 35.2 KB
- Stars: 5
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# yara-forensics-rules
A collection of yara rules that can be used for forensics (non malware) cases
[](http://www.gnu.org/licenses/gpl-3.0) [](https://yararules.com) [](https://github.com/Xumeiquer/yara-forensics)
`Yara` is the pattern matching swiss knife for malware researchers (and everyone else). Basically `Yara` allow us to scan files based on textual or binary patterns, thus we can take advantage of `Yara`'s potential and focus it in forensic investigations.
# Reason
If you start analysing a forensic image, a fast way to detect certain files like password safes is by using yara.
It can also be used to hunt on file repositories for interesting files.
# Malware
This repo is not meant to cover yara rules in regard to malware / rootkits / threat actors.
# Using
```
sudo apt-get install yara
git clone https://github.com/jaegeral/yara-forensics-rules
```
# Other projects
* https://github.com/Xumeiquer/yara-forensics focuses only on detecting magic bytes
* https://asecuritysite.com/forensics/magic good list of magic bytes