<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3026858&amp;fmt=gif">

1 min read

DRONE Release: YARA Scanner & Ransomware Identifier

Featured Image

A couple of months ago we released our new DRONE solution, which is set to transform remote digital forensics investigation by giving you the capability to quickly understand your network by acquiring and analyzing data across all endpoints in minutes. 

With each release version, we are adding new improvements and enhancements based on our product roadmap as well as some of your great quality feedback. 

Today we are releasing v1.6.0 and here are the release highlights:

  • YARA Scanner
  • Ransomware Identifier
  • Sigma public repository synchronization
  • Pull YARA repositories given from the config file

Let’s dive into the new feature set.

YARA Scanner & YARA repositories 

Starting from this version, DRONE supports a generic YARA scanner.

yara scanner

You can provide your own list of YARA rules as shown below and DRONE will automatically execute them.

yara scanner in DRONE

As a linked feature to the YARA scanner, we have also added a new configuration section called YARA repositories that allows you to provide publicly available repository links (Github and Gitlab) into this section and sync it so DRONE. This will automatically add the provided YARA rules from the repository so you can always have up-to-date YARA rules throughout your investigations tasks. 

yara scanner binalyze

Ransomware Identifier

This new feature will scan your machines for ransomware and detect any traces of it. We are using reversing labs’ ransomware rules to scan your machine process paths, prefetch paths, user root folder, and its subdirectories,  to speed up the detection process and increase efficiency by scanning the locations where ransomware resides.

ransomware detection digital forensics

Sigma public repository synchronization

Running Sigma rules on a live machine is a key benefit of DRONE. Now, this feature allows you to stay always up to date with the latest public Sigma repositories. If there are any new rules available, instead of adding them manually, with this version just use the sync feature and DRONE will automatically support it. 

public sigma repositories


DRONE is among the first solutions in the digital forensics software market that is built on a foundation that empowers users with much faster speed and simplified user experience, clearing the way from heavy and time-consuming traditional digital forensics solutions. 

You can use DRONE for: 

  • Fully remote endpoint assessment
  • Ultra-fast Early Case Assessments
  • Automated Compromise Assessments
  • Rapid keyword searching of forensic evidence
  • Anomaly Detection on endpoint forensic data
  • Support for Sigma rules
  • Decreasing preliminary analysis time to minutes
  • Supporting analysts with less experience to make informed decisions

For a deeper understanding of DRONE, watch the live product launch where our CEO, Emre Tınaztepe, showcased all product features and functionalities.

How to get DRONE?

If you would like to try the DRONE, please visit www.binalyze.com/drone.

How to perform compromise assessment with 1 click?

Compromise assessment is an analysis of a network of endpoints or a single endpoint to uncover unknown security breaches, malware, and any sign of...

Read More

Microsoft Exchange Server Vulnerability Scanner (CVE-2021-42321)

UPDATE 15.11.2021.

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321). Please refer to their site for more details. 


Read More

The Tenth Step to Forensic Readiness: Legal review

When we plan our incident response strategies and forensic readiness steps, we strongly pay attention to digital evidence acquisition, storage,...

Read More