Yara is the pattern matching swiss knife for malware researchers (and everyone else). Basically Yara allows us to scan files based on textual or binary patterns, thus we can take advantage of Yara's potential and focus it in forensic investigations. The repository is split into two folders: file and raw. The rules in the file folder are mainly to look for magic in standalone files, while rules inside the raw folder are mainly to look for magic in raw files or dump files. The main difference is the offset of the magic, usually at 0x0 in files. Contribution guidelines are available in CONTRIBUTING.md.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
Automated digital image forensics tool
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.
A tool that uses Plaso to parse forensic artifacts and disk images, creating custom reports for easier analysis.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
A Python tool for in-depth PDF analysis and modification.