search for: volatilityfound

Displaying 3 results from an estimated 3 matches for "volatilityfound".

2017 Feb 20
2
Re: [PATCH v3 0/7] Feature: Yara file scanning
...;t > be relying on any live process state to scan for malicious code, > so must be exclusively considering the file contents. > This is the use case. For the former one, there are tools such as Rekall and Volatility which already do a great job. http://www.rekall-forensic.com/ http://www.volatilityfoundation.org/ > Could yara not simply use the existing libguestfs APIs to do its > work. At the simplest case this might be having the FS fuse mounted > at a location. Alternatively having it directly use the C API to > access content it needs would be safer against malicious symlinks. &g...
2017 Feb 21
0
Re: [PATCH v3 0/7] Feature: Yara file scanning
...cess state to scan for malicious code, > > so must be exclusively considering the file contents. > > > This is the use case. For the former one, there are tools such as Rekall > and Volatility which already do a great job. > > http://www.rekall-forensic.com/ > http://www.volatilityfoundation.org/ > > > Could yara not simply use the existing libguestfs APIs to do its > > work. At the simplest case this might be having the FS fuse mounted > > at a location. Alternatively having it directly use the C API to > > access content it needs would be safer agains...
2017 Feb 19
9
[PATCH v3 0/7] Feature: Yara file scanning
Rebase patches on top of 1.35.25. No changes since last series. Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am