To search, Click below search items.


All Published Papers Search Service


PDF Forensic Analysis System using YARA


Suleiman J. Khitan, Ali Hadi and Jalal Atoum


Vol. 17  No. 5  pp. 77-85


This this paper presents an important enhanced method to detect suspicious PDF files by applying two scanning methods (structure scan and YARA scan), which depend on extracting and pointing out malicious objects that are often used for attacks. This enhanced method will be a great assistant to forensic analysts in analyzing PDF files and detecting malicious content in them. Testing both scanning methods was carried out through conducting several experiments on a real dataset. The results show an improvement for detecting malicious PDF files when applying both methods. The structure scan achieved an accuracy of 99.91% and the YARA scan achieved an accuracy of 98.05%.


Malware Analysis, PDF Documents, Malicious PDF, Suspicious PDF, Structure Scan, YARA Rules, Learning Machines.