Skip to the main content.
TRY NOW
TRY NOW

1 min read

DRONE Release: YARA Scanner & Ransomware Identifier

Picture of Amina Zilic Amina Zilic : Sep 10, 2021 8:32:06 AM

Binalyze DRONE DFIR Products & Solutions
Featured Image

A couple of months ago we released our new DRONE solution, which is set to transform remote digital forensics investigation by giving you the capability to quickly understand your network by acquiring and analyzing data across all endpoints in minutes. 

With each release version, we are adding new improvements and enhancements based on our product roadmap as well as some of your great quality feedback. 

Today we are releasing v1.6.0 and here are the release highlights:

  • YARA Scanner

  • Ransomware Identifier

  • Sigma public repository synchronization

  • Pull YARA repositories given from the config file

Let’s dive into the new feature set.

YARA Scanner & YARA repositories 

Starting from this version, DRONE supports a generic YARA scanner.

yara-scanner

You can provide your own list of YARA rules as shown below and DRONE will automatically execute them.

yara scanner in DRONE

As a linked feature to the YARA scanner, we have also added a new configuration section called YARA repositories that allows you to provide publicly available repository links (Github and Gitlab) into this section and sync it so DRONE. This will automatically add the provided YARA rules from the repository so you can always have up-to-date YARA rules throughout your investigations tasks. 

yara-scanner-binalyze

Ransomware Identifier

This new feature will scan your machines for ransomware and detect any traces of it. We are using reversing labs’ ransomware rules to scan your machine process paths, prefetch paths, user root folder, and its subdirectories,  to speed up the detection process and increase efficiency by scanning the locations where ransomware resides.

MicrosoftTeams-image-52-2

Sigma public repository synchronization

Running Sigma rules on a live machine is a key benefit of DRONE. Now, this feature allows you to stay always up to date with the latest public Sigma repositories. If there are any new rules available, instead of adding them manually, with this version just use the sync feature and DRONE will automatically support it. 

public sigma repositories

About DRONE

DRONE is among the first solutions in the digital forensics software market that is built on a foundation that empowers users with much faster speed and simplified user experience, clearing the way from heavy and time-consuming traditional digital forensics solutions. 

You can use DRONE for: 

  • Fully remote endpoint assessment

  • Ultra-fast Early Case Assessments

  • Automated Compromise Assessments

  • Rapid keyword searching of forensic evidence

  • Anomaly Detection on endpoint forensic data

  • Support for Sigma rules

  • Decreasing preliminary analysis time to minutes

  • Supporting analysts with less experience to make informed decisions

For a deeper understanding of DRONE, watch the live product launch where our CEO, Emre Tınaztepe, showcased all product features and functionalities.

 

New call-to-action

5 min read

Why fast, remote evidence acquisition is critical for improved enterprise Incident Response

Read More

3 min read

Digital Forensics in the Cloud

Cloud computing has become an integral part of our business infrastructure.

We use cloud computing primarily for application development, providing...

Read More

2 min read

Credence and Binalyze see the power in partnerships

At Binalyze, we always look at the world from the viewpoint of our customers. How can we add more value, what are their pain points and how do we...

Read More