Factual Rules Generator Logo

Factual Rules Generator

0
Free
Visit Website

Factual Rules Generator is an open source project that generates YARA rules about installed software from a running operating system. The software aims to use a set of rules against collected digital forensic evidences to find installed software efficiently. It can be used to baseline known software from Windows systems and create rules for identifying similar installations on other systems. Dependencies include pefile, psutil, ndjson, python-tlsh, PyInstaller, ssdeep, and additional tools like xxd and curl.

FEATURES

ALTERNATIVES

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

A Kernel fuzzer focusing on race bugs

A script to assist in creating templates for VirtualBox to enhance VM detection evasion.

An anti-forensic Linux Kernel Module kill-switch for USB ports.

A file search and query tool for ops and security experts.

A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.

A python module for orchestrating content acquisitions and analysis via Amazon SSM.

Second-order subdomain takeover scanner