factual-rules-generator: generate YARA rules about installed software from a running operating system

factual-rules-generator

Factual-rules-generator is an open-source project which aims to generate YARA rules about installed software from a running operating system.

The goal of the software is to be able to use a set of rules against collected or acquired digital forensic pieces of evidence and find installed software in a timely fashion.

The software can be used to baseline known software from the Windows system and create a set of rules for finding similar installation on other systems.

Overview of factual rules generator

Public YARA rules repository

• factual-rules – Sample rules generated from some very common software.

Install & Use

Copyright (C) 2021-2022 David Cruciani
Copyright (C) 2021-2022 CIRCL – Computer Incident Response Center Luxembourg