How it works...

This script imports the required libraries to handle argument parsing, file and folder iteration, writing CSV spreadsheets, and the yara library to compile and scan for the YARA rules.

from __future__ import print_functionfrom argparse import ArgumentParser, ArgumentDefaultsHelpFormatterimport osimport csvimport yara

This recipe's command-line handler accepts two positional arguments, yara_rules and path_to_scan, which represent the path to the YARA rules and the file or folder to scan, respectively. This recipe also accepts one optional argument, output, which, if supplied, writes the results of the scan to a spreadsheet as opposed to the console. Lastly, we pass these values to the main() method.

if __name__ == '__main__': ...

Get Python Digital Forensics Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.