Factual Rules Generator Logo

Factual Rules Generator

0
Free
Visit Website

Factual Rules Generator is an open source project that generates YARA rules about installed software from a running operating system. The software aims to use a set of rules against collected digital forensic evidences to find installed software efficiently. It can be used to baseline known software from Windows systems and create rules for identifying similar installations on other systems. Dependencies include pefile, psutil, ndjson, python-tlsh, PyInstaller, ssdeep, and additional tools like xxd and curl.

FEATURES

ALTERNATIVES

Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.

A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

Forensic imaging program with full hash authentication and various acquisition options.

A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.

No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.

Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.

Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.

PINNED