YARA
Featured🔬 Digital Forensics · C
YARA is the pattern matching swiss knife for malware researchers. It allows you to create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each rule consists of a set of strings and a boolean expression which determines its logic. YARA is used by security researchers, incident responders, and threat hunters to identify and classify malware samples, suspicious files, and network artifacts.
Installation
apt (Debian/Ubuntu)
$ sudo apt install yarabrew (macOS)
$ brew install yarapip
$ pip install yara-pythonUse Cases
- Malware identification and classification
- Threat hunting across endpoints
- Incident response triage
- File and memory scanning for indicators
- Building detection rules for security products
Tags
Details
- Category
- 🔬 Digital Forensics
- Language
- C
- Repository
- VirusTotal/yara
Platforms
Alternatives & Comparisons
More in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps — processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.
Plaso (log2timeline)
PythonSuper timeline creation engine. Extracts timestamps from multiple forensic artifact sources into a single timeline.