Search Files by Binary Patterns
Power computer users and IT administrators are provided with a binary pattern file matching rule, which is capable of searching files by binary patterns located at specific places inside of files. In order to add a binary file matching rule, select the 'Search Files Containing HEX Pattern' rule, select an appropriate pattern matching operator, enter the HEX pattern to search for and enter the position inside of the file where the binary pattern should be found at.
The binary pattern file matching rule is very useful when the user needs to detect specific file formats containing format-specific signature patterns at designated positions. Multiple binary pattern rules may be combined with logical operators to detect files containing multiple patterns at different positions. The pattern should be specified as a string of HEX characters with two characters per byte delimited with the space character. The position should be specified as an absolute offset from the beginning of the file.