Memory analysis has been successfully utilized to detect malware in many high profile cases. The use of signature scanning to detect malicious tools is becoming an effective triaging and first response technique. In particular, the Yara library and scanner has emerged as the defacto standard in malware signature scanning for files, and there are many open source repositories of yara rules. Previous attempts to incorporate yara scanning in memory analysis yielded mixed results. This paper examines the differences between applying Yara signatures on files and in memory and how yara signatures can be developed to effectively search for malware in memory.

Scanning memory with Yara
Load More Related Articles
Load More In Science

Leave a Reply

Your email address will not be published. Required fields are marked *