Displaying 3 results from an estimated 3 matches for "volatilityfoundation".
2017 Feb 20
2
Re: [PATCH v3 0/7] Feature: Yara file scanning
...;t
> be relying on any live process state to scan for malicious code,
> so must be exclusively considering the file contents.
>
This is the use case. For the former one, there are tools such as Rekall
and Volatility which already do a great job.
http://www.rekall-forensic.com/
http://www.volatilityfoundation.org/
> Could yara not simply use the existing libguestfs APIs to do its
> work. At the simplest case this might be having the FS fuse mounted
> at a location. Alternatively having it directly use the C API to
> access content it needs would be safer against malicious symlinks.
>
T...
2017 Feb 21
0
Re: [PATCH v3 0/7] Feature: Yara file scanning
...cess state to scan for malicious code,
> > so must be exclusively considering the file contents.
> >
> This is the use case. For the former one, there are tools such as Rekall
> and Volatility which already do a great job.
>
> http://www.rekall-forensic.com/
> http://www.volatilityfoundation.org/
>
> > Could yara not simply use the existing libguestfs APIs to do its
> > work. At the simplest case this might be having the FS fuse mounted
> > at a location. Alternatively having it directly use the C API to
> > access content it needs would be safer against mal...
2017 Feb 19
9
[PATCH v3 0/7] Feature: Yara file scanning
Rebase patches on top of 1.35.25.
No changes since last series.
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am