Finding malware on memory dumps using Volatility and Yara rules

Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA.

Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.

Continue reading “Finding malware on memory dumps using Volatility and Yara rules”

Two open source tools to easily generate YARA rules

If you need to generate your own rules starting from recovered evidences

YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.

Continue reading “Two open source tools to easily generate YARA rules”