DRONE Release: YARA Scanner & Ransomware Identifier

A couple of months ago we released our new DRONE solution, which is set to transform remote digital forensics investigation by giving you the capability to quickly understand your network by acquiring and analyzing data across all endpoints in minutes. 

With each release version, we are adding new improvements and enhancements based on our product roadmap as well as some of your great quality feedback. 

Today we are releasing v1.6.0 and here are the release highlights:

• YARA Scanner

• Ransomware Identifier

• Sigma public repository synchronization

• Pull YARA repositories given from the config file

Let’s dive into the new feature set.

YARA Scanner & YARA repositories 

Starting from this version, DRONE supports a generic YARA scanner.

You can provide your own list of YARA rules as shown below and DRONE will automatically execute them.

As a linked feature to the YARA scanner, we have also added a new configuration section called YARA repositories that allows you to provide publicly available repository links (Github and Gitlab) into this section and sync it so DRONE. This will automatically add the provided YARA rules from the repository so you can always have up-to-date YARA rules throughout your investigations tasks. 

Ransomware Identifier

This new feature will scan your machines for ransomware and detect any traces of it. We are using reversing labs’ ransomware rules to scan your machine process paths, prefetch paths, user root folder, and its subdirectories,  to speed up the detection process and increase efficiency by scanning the locations where ransomware resides.

Sigma public repository synchronization

Running Sigma rules on a live machine is a key benefit of DRONE. Now, this feature allows you to stay always up to date with the latest public Sigma repositories. If there are any new rules available, instead of adding them manually, with this version just use the sync feature and DRONE will automatically support it. 

About DRONE

DRONE is among the first solutions in the digital forensics software market that is built on a foundation that empowers users with much faster speed and simplified user experience, clearing the way from heavy and time-consuming traditional digital forensics solutions. 

You can use DRONE for: 

• Fully remote endpoint assessment

• Ultra-fast Early Case Assessments

• Automated Compromise Assessments

• Rapid keyword searching of forensic evidence

• Anomaly Detection on endpoint forensic data

• Support for Sigma rules

• Decreasing preliminary analysis time to minutes

• Supporting analysts with less experience to make informed decisions

For a deeper understanding of DRONE, watch the live product launch where our CEO, Emre Tınaztepe, showcased all product features and functionalities.