-
Hello, I had been using the SIFT Workstation provided to me from the Memory Forensics couse, and I have been having an issue, where i could not get yarascan to work properly. I have finally been able …
-
There are many features r2 supports and Cutter does not, it will be good to create some priorities and use milestones to specify when that stuff will be implemented.
* Forensics
* Mount filesyst…
-
Hi,
I am not able to install the sift-cli-linux on Ubuntu Server 16.04 LTS (HVM), SSD Volume Type - ami-a4dc46db on AWS Cloud
I have gone through the below link but getting the error
https://gith…
-
**Plaso version:**
plaso - log2timeline version 1.4.1_20160809
**Operating system Plaso is running on:**
Platform:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codena…
-
Requesting config extraction for Ursnif. I am able to get the final Ursnif payload that's injected into Explorer.exe using CAPE extraction and a yara rule. I've done some RE and have the functions tha…
enzok updated
6 years ago
-
In an effort to proactively identify malware it would be beneficial to leverage the power of yara rules related to the filesystem.
-
I'm compiling Yara3 on Gentoo, using handcrafted ebuild, which simply calling:
``` sh
./bootstrap.sh
./configure
make
make install
```
and it install part of the library in `/usr/lib` prefix and par…
-
```
If the following command line is executed on a Win7 Enterprise box using ver
2.4 of Volatility:
W:\VOL_Analysis_Scripts>volatility.exe yarascan -f MemoryDump.bin
--yara-rules="(25[0-5]|2[0-4][0…
-
```
If the following command line is executed on a Win7 Enterprise box using ver
2.4 of Volatility:
W:\VOL_Analysis_Scripts>volatility.exe yarascan -f MemoryDump.bin
--yara-rules="(25[0-5]|2[0-4][0…
-
```
If the following command line is executed on a Win7 Enterprise box using ver
2.4 of Volatility:
W:\VOL_Analysis_Scripts>volatility.exe yarascan -f MemoryDump.bin
--yara-rules="(25[0-5]|2[0-4][0…