Software Engineering Institute

Linux Forensics Tools Repository: All Announcements

January 12, 2022: The following changes have been made:

Volatility3-2.0.0-2.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is patched as of 2022-01-05.
python36-requests-2.27.1-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
pfring-8.0.0-7172.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7172-7172.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3475.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc35-x86_64-1.9.1-10.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.13-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.13-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.13-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-33.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.13-100 for FC34

January 5, 2022: The following changes have been made:

libfsntfs{,-devel,-python3}-20211229-2.{fc33,fc34,fc35,el8}.x86_64.rpm and libfsntfs{,-devel,-python36}-20211229-2.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
opensearch-py-1.0.0-1.{fc33,fc34,fc35,el7,el8}.noarch.rpm - OpenSearch-PY is a Python client for OpenSearch.
plaso-20211229-1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here. Note: For CentOS/RHEL 7 and 8, Plaso now runs in Python Virtual Environment.
python{2,36}-psutil-5.9.0-1.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
mac_apt-1.4.3.dev-3.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.). This package is based on the 2022-01-04 version of the code.
hindsight-2021.12-1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications. Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.
lime-kernel-modules-fc35-x86_64-1.9.1-9.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.12-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.12-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.12-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-32.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.12-100 for FC34
fmem-kernel-modules-el8-x86_64-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-348.7.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-348.7.1 for EL8

December 29, 2021: The following changes have been made:

python3-dfdatetime-20211228-1.{fc33,fc34,fc35,el8}.noarch.rpm and python36-dfdatetime-20211225-1.el7.noarch.rpm - dfDateTime, or Digital Forensics Date and Time, provides date and time objects to preserve accuracy and precision.
python3-dfvfs-20211228-1.{fc33,fc34,fc35,el8}.noarch.rpm and python36-dfvfs-20211224-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
bulk_extractor-2.0.0.beta3-1.{,fc33,fc34,fc35,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This is the development version for 2.0.0. Note: These packages have been installed in the forensics-test repository.
exfat-utils-1.3.0-2.{fc33,fc34,fc35,el7,cl8}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems. This version was rebuilt to remove the obsoletes directives for exfatprogs and fuse-exfat. This means that the installer must select the appropriate version for their system if not installing with the CERT-Forensics-Tools meta package.
ghidra-10.1.1-PUBLIC_20211221.1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvements here. This release fixes a log4j vulnerability.
python3-elasticsearch-7.16.2-1.{fc33,fc34,fc35,el8}.x86_64.rpm and python36-elasticsearch-7.16.2-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python3-packaging-21.3-1.fc33.x86_64.rpm and python36-packaging-21.3-1.el7.x86_64.rpm - Packaging is a library that provides utilities that implement the interoperability specifications which have clearly one correct behaviour (eg: PEP 440) or benefit greatly from having a single shared implementation (eg: PEP 425).
python3-redis-4.1.0-1.fc33.noarch.rpm and python36-redis-4.1.0-1.el7.noarch.rpm - Redis is a Python interface to the Redis key-value store.
VeraCrypt-1.25.4-1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. VeraCypt is based on TrueCrypt 7.1a.
lime-kernel-modules-fc35-x86_64-1.9.1-8.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.11-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.11-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.11-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-31.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.11-100 for FC34

December 22, 2021: The following changes have been made:

python3-dfdatetime-20211222-1.{fc33,fc34,fc35,el8}.noarch.rpm and python36-dfdatetime-20211222-1.el7.noarch.rpm - dfDateTime, or Digital Forensics Date and Time, provides date and time objects to preserve accuracy and precision.
pfring-8.0.0-7150.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7150-7150.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-X3460.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc35-x86_64-1.9.1-7.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.10-200 for FC35
- 5.15.8-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.10-200 for FC35
- 5.15.8-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.10-100 for FC34
- 5.15.8-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-30.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.10-100 for FC34
- 5.15.8-100 for FC34

December 15, 2021: The following changes have been made:

plaso-20211024-2.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here. Note: For CentOS/RHEL 7 and 8, Plaso now runs in Python Virtual Environment. The Fedora version is unchanged in this release.
python3-elasticsearch-7.16.1-1.{fc33,fc34,fc35,el8}.x86_64.rpm and python36-elasticsearch-7.16.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
ghidra-10.1-PUBLIC_20211210.1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvements here.
pfring-8.0.0-7140.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7140-7140.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3453.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc35-x86_64-1.9.1-6.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.7-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.7-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.7-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-29.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.7-100 for FC34

December 10, 2021: The following changes have been made:

python3-artifacts-20211205-1.{fc33,fc34,fc35,el8}.x86_64.rpm, python36-artifacts-20211205-1.el7.x86_64.rpm, and artifacts-data-20211205-1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Artifacts is a free, community-sourced,
snort-2.9.19-1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
snort-sample-rules-2.9.19-1.{fc33,fc34,fc35,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.19-1.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
python3-dfwinreg-20211207-1.{fc33,fc34,fc35,el8}.x86_64.rpm and python36-dfwinreg-20211207-1.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
python3-elasticsearch-7.16.0-1.{fc33,fc34,fc35,el8}.x86_64.rpm and python36-elasticsearch-7.16.0-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
snort-3.1.18.0-1.{fc33,fc34,fc35,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement.
pfring-8.0.0-7115.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7115-7115.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3441.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
CERT-Forensics-Tools-1.0-98.{fc33,fc34,fc35,el7,el8}.x86_64.rpm - This release removes exfat-utils and replaces it with exfatprogs.
lime-kernel-modules-fc35-x86_64-1.9.1-5.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.6-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.6-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.6-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-28.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.6-100 for FC34
fmem-kernel-modules-el7-x86_64-1.6-1.82.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.49.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-82.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.49.1 for EL7

December 1, 2021: The following changes have been made:

mac_apt-1.4.3.dev-2.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.). This package fixes a scripting error for each provided command.
snort-3.1.17.0-1.{fc32,fc33,fc34,fc35,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
veracrypt-1.24.7-2.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. VeraCypt is based on TrueCrypt 7.1a. This release was rebuilt to include larger and easier to see icons.
python36-lz4-3.1.10-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library.
python3-redis-4.0.2-1.{fc32,fc33}.noarch.rpm and python36-redis-4.0.2-1.el7.noarch.rpm - Redis is a Python interface to the Redis key-value store.
pfring-8.0.0-7106.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7106-7106.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3432.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc35-x86_64-1.9.1-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.5-200 for FC35
- 5.15.4-201 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.5-200 for FC35
- 5.15.4-201 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.15.5-100 for FC34
- 5.15.4-101 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-27.noarch.rpm - Support for the following kernels were added for LiME:
- 5.15.5-100 for FC34
- 5.15.4-101 for FC34
Fedora 32 - Updates to Fedora 32 for the x86_64 CPU architecture have ceased.

November 19, 2021: The following changes have been made:

python3-elasticsearch-7.15.2-1.{fc32,fc33,fc34,fc35,el8}.x86_64.rpm and python36-elasticsearch-7.15.2-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python3-pytsk3-20211111-1.{fc32,fc33,fc34,fc35,el8}.x86_64.rpm and python36-pytsk3-20211111-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
sleuthkit{,-devel,-libs}-4.11.1-1.1.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
autopsy-4.19.2-1.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Notes:
1. This version uses Java 8 from Bellsoft.
2. This version was tested on Fedora 32 through 35 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
3. If you wish to run autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
  [ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp) sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini sudo systemctl stop xrdp
  sudo systemctl start xrdp
mac_apt-1.4.3.dev-1.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.). Here are a list of features:
- Cross platform (no dependency on pyobjc)
- Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression), SPARSEIMAGE & mounted images
- XLSX, CSV, TSV, Sqlite outputs
- Analyzed files/artifacts are exported for later review
- zlib, lzvn, lzfse compressed files are supported!
- Native HFS & APFS parser
- Reads the Spotlight database and Unified Logging (tracev3) files
And here are a list of new functionality added in this release:
- Can read Axiom created targeted collection zip files
- ios_apt can read GrayKey extracted file system
- Can read RECON created .sparseimage files
- Support for macOS Big Sur Sealed volumes (11.0)
- Introducing ios_apt for processing iOS/ipadOS images
- FAST mode ⏳
- Encrypted 🔒 APFS images can now be processed using password/recovery-key 🔑
- macOS Catalina (10.15+) separately mounted SYSTEM & DATA volumes now supported
- AFF4 images (including macquisition created) are supported
python3-dfvfs-20211107-1.{fc32,fc33,fc34,fc35,el8}.noarch.rpm and python36-dfvfs-20211107-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python3-dfdatetime-20211113-1.{fc32,fc33,fc34,fc35,el8}.noarch.rpm and python36-dfdatetime-20211113-1.el7.noarch.rpm - dfDateTime, or Digital Forensics Date and Time, provides date and time objects to preserve accuracy and precision.
libvshadow{,-devel,-python3,-tools}-20211114-1.{fc32,fc33,fc34,fc35,el8}.x86_64.rpm and libvshadow{,-devel,-python36,-tools}-20211114-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
python3-redis-4.0.1-1.{fc32,fc33}.noarch.rpm and python36-redis-4.0.1-1.el7.noarch.rpm - Redis is a Python interface to the Redis key-value store.
libvsgpt{,-devel,-python3,-tools}-20211115.{fc32,fc33,fc34,fc35,el8}.x86_64.rpm and libfsgpt{,-devel,-python36,-tools}-20211115.el7.x86_64.rpm - Libvsgpt is a library and tools used to access the GUID Partition Table (GPT) volume system.
pfring-8.0.0-7094.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7094-7094.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3423.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
bulk_extractor-1.6.0-4.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This version fixes many issues. In addition, it also contains the BEViewer GUI front-end for bulk_extractor. Note 1: This version was built with the expat-devel library to facility restarting bulk_extractor.
bulk_extractor-2.0.0.dev-2.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This is the development version for 2.0.0. Note 1: These packages have been installed in the forensics-test repository. Note 2: This version was built with the expat-devel library to facility restarting bulk_extractor.
lime-kernel-modules-fc35-x86_64-1.9.1-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.18-300 for FC35
- 5.14.17-301 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.18-300 for FC35
- 5.14.17-301 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.18-200 for FC34
- 5.14.17-201 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-26.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.18-200 for FC34
- 5.14.17-201 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.46.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.18-100 for FC33
- 5.14.17-101 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-46.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.18-100 for FC33
- 5.14.17-101 for FC33
fmem-kernel-modules-el8-x86_64-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-348.2.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-348.2.1 for EL8

November 10, 2021: The following changes have been made:

python36-xlsxwriter-3.0.2-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
zeek{,-btest,-btest-data,-core,ctl,-devel,-libcaf-devel,-zkg}-4.1.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm, and libbroker-devel-4.1.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
snort-3.1.16.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
fuse-python{2,3}-1.0.4-1.{fc32,fc33,fc34}.x86_64.rpm - Fuse-Python is a Python interface to libfuse, a simple interface for userspace programs to export a virtual filesystem to the Linux kernel.
guymager-0.8.12-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Guymager is a forensic imaging package. See here for the list of changes.
python{2,3}-pycparser-2.21-1.el8.noarch.rpm - Python-PYCParser is a complete C99 parser in pure Python.
rifiuti2-0.7.0-20.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file. This package was updated to avoid a conflict with the rifiuti package.
python3-artifacts-20211107-1.{fc32,fc33,fc34,el8}.x86_64.rpm, python36-artifacts-20211107-1.el7.x86_64.rpm, and artifacts-data-20211107-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Artifacts is a free, community-sourced,
pfring-8.0.0-7085.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7085-7085.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3415.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
CERT-Forensics-Tools-1.0-97.{fc32,fc33,fc34,fc35,el7,el8}.x86_64.rpm - This release removes the following tools from Fedora 35 only. All other releases are unchanged
- binplist
- shellbags
- vinetto
- Volatility-community-plugins
In addition, the Volatility application has been replaced by a Docker container based on Alpine Linux 3.10. The volatility, vol, and vol.py programs have been replaced by a script that manages this container. Please address any unexpected behavior or requests for improvements and enhancements to
fmem-kernel-modules-fc34-x86_64-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.16-201 for FC34
- 5.14.15-200 for FC34
- 5.14.14-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.16-201 for FC34
- 5.14.15-200 for FC34
- 5.14.14-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.45.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.16-101 for FC33
- 5.14.15-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-45.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.16-101 for FC33
- 5.14.15-100 for FC33
fmem-kernel-modules-el8-x86_64-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-305.25.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-305.25.1 for EL8

Fedora 35 - The repository now supports Fedora 35 for the x86_64 CPU architecture. Here is the list of tools provided for Fedora 35:

2hash
acr
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
avml
bencode
bulk-reviewer
bulk_extractor
cert-forensics-tools-release
CERT-Forensics-Tools
crunch
cryptcat
daq
dcp
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
docker-forensics-toolkit
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
EVTXtract
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
fuse-python
galleta

ghidra
grokevt
guymager
hachoir
hindsight
jafat
KStrike
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfsxfs
libfvde
libfwevt
libfwnt
libfwps
libfwsi
libguytools
libhibr
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff

libphdi
libqcow
libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvsgpt
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
mac_apt
maryam
missidentify
mount_ewf
mtftar
netsa-python
netsa-rayon
packetexaminer
pasco
pefile
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyfixbuf
python-construct
pytsk3
qtmltfs-noscripts
qtmltfs

rar
reglookup
regripper-plugins
regripper
rekall-forensics
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
silk-ipa
silk-ipset
silk
sleuthkit
snarf
snort-openappid
snort-sample-rules
snort
stegdetect
super_mediator
tln_tools
umit
unrar
untex
veracrypt
videosnarf
vmfs-tools
vmfs6-tools
Volatility3-linux-symbols
Volatility3-mac-symbols
Volatility3-windows-symbols
Volatility3
Volatility
wdpassport-utils
winevt-kb
winreg-kb
xplico
xva-img
yaf
zeek

fmem-kernel-modules-1.6-1.22.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 35 x86_64 architecture was added.
lime-kernel-modules-1.1.r17-22.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 35 x86_64 architecture was added.
lime-kernel-modules-fc35-x86_64-1.9.1-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.16-301 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.16-301 for FC35

October 29, 2021: The following changes have been made:

Volatility3-2.0.0-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here.
libfsntfs{,-devel,-python3}-20211023-2.{fc32,fc33,fc34,el8}.x86_64.rpm and libfsntfs{,-devel,-python36}-20211023-2.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python36-pyparsing-3.0.0-2.el7.noarch.rpm, python3-pyparsing-3.0.0-2.el8.noarch.rpm, and pyparsing-doc-3.0.0-2.{el7,el8}.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
Note: based on the requirements of Plaso, versions of pyparsing newer than version 3.0.0 need to be removed and 3.0.0 installed as described below:
For CentOS/RHEL 8, do the following:
sudo rpm -ev python3-pyparsing plaso --nodeps; sudo dnf install plaso -y --refresh
For CentOS/RHEL 7, do the following:
sudo rpm -ev python36-pyparsing plaso --nodeps; sudo yum clean all; sudo yum install plaso -y
We regret this inconvenience.
yaf{,-devel}-2.12.2-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 7 and 8 for the x86_64 architecture, yaf has been built to use PF_Ring.
plaso-20211024-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
ghidra-10.0.4-PUBLIC_20210928..1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvements here.
pfring-8.0.0-7059.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7059-7059.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3399.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.13-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.13-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.44.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.13-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-44.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.13-100 for FC33
bellsoft-java8-full-1.8.0.312-1+7.x86_64.rpm - Bellsoft Java was installed for Fedora 32, 33, and 34 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
fmem-kernel-modules-el8-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-348 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-348 for EL8

October 20, 2021: The following changes have been made:

python{2,3}-cffi-1.15.0-1.el8.x86_64.rpm and cffi-doc-1.15.0-1.el8.noarch.rpm - Python-CFFI is a C Foreign Function Interface for Python. Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
python3-elasticsearch-7.15.1-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.15.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python3-dfvfs-20211017-1.{fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20211017-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
KStrike-20210624-1.{fc32,fc33,fc34,el7,el8}.noarch.rpm - KStrike is a stand-alone parser for User Access Logging from Server 2012 and newer systems.
pfring-8.0.0-7045.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.7045-7045.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3390.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.12-200 for FC34
- 5.14.11-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.12-200 for FC34
- 5.14.11-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.43.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.12-100 for FC33
- 5.14.11-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-43.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.12-100 for FC33
- 5.14.11-100 for FC33
fmem-kernel-modules-el7-x86_64-1.6-1.81.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.45.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-81.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.45.1 for EL7

October 13, 2021: The following changes have been made:

silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-5.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This package was rebuilt to use Python 3 instead of Python 2.

silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-6.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This package was rebuilt to use Python 3 instead of Python 2.

python3-artifacts-20211012-1.{fc32,fc33,fc34,el8}.x86_64.rpm, python36-artifacts-20211012-1.el7.x86_64.rpm, and artifacts-data-20211003-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Artifacts is a free, community-sourced,

python3-certifi-2021.10.8-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-certifi-2021.10.8-1.el7.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.

analyzeMFT-3.0.0-1.{fc32,fc33,fc34,,el7,el8}.{i686,x86_64}.rpm - AnalyzeMFT is a tool that fully parses the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. See here for the changes since the previously installed version 2.0.19.1. Note: This version uses Python 3.

python3-idna-3.3-1.el8.noarch.rpm and python36-idna-3.3-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891.

pfring-8.0.0-7003.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.

pfring-dkms-8.0.0.7003-7003.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

ndpi-4.0.0-3370.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.

fmem-kernel-modules-fc34-x86_64-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:

5.14.10-200 for FC34

lime-kernel-modules-fc34-x86_64-1.9.1-22.noarch.rpm - Support for the following kernels were added for LiME:

5.14.10-200 for FC34

fmem-kernel-modules-fc33-x86_64-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:

5.14.10-100 for FC33

lime-kernel-modules-fc33-x86_64-1.9.1-42.noarch.rpm - Support for the following kernels were added for LiME:

5.14.10-100 for FC33

October 6, 2021: The following changes have been made:

bulk_extractor-2.0.0.dev-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This is the development version for 2.0.0. Note that these packages have been installed in the forensics-test repository.
bulk-reviewer-0.3.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - < href="https://bulk-reviewer.readthedocs.io/en/latest/">BulkReviewer is an Electron desktop application that aids in identification, review, and removal of sensitive files in directories and disk images. Bulk Reviewer scans directories and disk images for personally identifiable information (PII) and other sensitive information using bulk_extractor, a best-in-class digital forensics tool. The desktop application enables users to configure, start, and review scans; generate CSV reports of features found; and export sets of files (either those free of sensitive information, or those with PII that should be restricted or run though redaction software).
EVTXtract-0.2.3-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
CERT-Forensics-Tools-1.0-96.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - This relese does the following:
- Added bulk-reviewer for all except CentOS/RHEL 7.
- Added EVTXtract.
fmem-kernel-modules-fc34-x86_64-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.9-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.9-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.14.9-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-41.noarch.rpm - Support for the following kernels were added for LiME:
- 5.14.9-100 for FC33

September 29, 2021: The following changes have been made:

python3-elasticsearch-7.15.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.15.0-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python3-dfvfs-202100918-1.{fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-202100918-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python3-pyxattr-0.7.2-1.{fc32,fc33,el8}.noarch.rpm and python36-pyxattr-0.7.2-1.el7.noarch.rpm - PYXattr is a C extension module for Python which implements extended attributes manipulation. It is a wrapper on top of the attr C library - see attr(5).
Volatility3-1.2.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here.
snort-3.1.13.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
pfring-8.0.0-6952.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.6952-6952.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3344.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.19-200 for FC34
- 5.13.16-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.19-200 for FC34
- 5.13.16-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.19-100 for FC33
- 5.13.16-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-40.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.19-100 for FC33
- 5.13.16-100 for FC33
fmem-kernel-modules-el8-x86_64-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-305.19.1 for EL8
- 4.18.0-305.17.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-305.19.1 for EL8
- 4.18.0-305.17.1 for EL8

September 15, 2021: The following changes have been made:

daq{,-devel,-modules}-3.0.5-1.{fc32,fc33,fc34,el8}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort. Note that these packages have been installed in the forensics-test repository.
snort-3.1.12.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
wdpassport-utils-0.2-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - WDPassPort-Utils is a utility used to lock, unlock, and reset passwords on Western Digital's Passport drives.
qtmltfs-2.4.0.2-2.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - QTMLTFS
qtmltfs-noscripts-2.4.0.2-2.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - QTMLTFS (Quantum Linear Tape File System) enables standard file operations on LTO-5 and LTO-6 tape media. This package differs from qtmltfs in that there are no %pre nor %post scripts, eliminating the /bin/sh dependency, making this package more suitable for building spins.
pfring-8.0.0-6892.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.6892-6892.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3311.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.15-200 for FC34
- 5.13.14-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.15-200 for FC34
- 5.13.14-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.15-100 for FC33
- 5.13.14-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-39.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.15-100 for FC33
- 5.13.14-100 for FC33
fmem-kernel-modules-el7-x86_64-1.6-1.80.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.42.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-80.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.42.2 for EL7

September 8, 2021: The following changes have been made:

snort-2.9.18.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
snort-sample-rules-2.9.18.1-1.{fc32,fc33,fc34,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.18.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
python3-elasticsearch-7.14.1-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.14.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python{2,3}-pefile-2021.9.3-1.{fc32,fc33,fc34,el8}.noarch.rpm and python{2,36}-pefile-2021.9.3-1.el7.noarch.rpm - PEFile is a Portable Executable reader module.
veracrypt-1.24.7-2.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. VeraCypt is based on TrueCrypt 7.1a. This release is patched as of 2021-09-05.
libfwnt{,-devel,-python3,-tools}-20210906-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libfwnt{,-devel,-python36,-tools}-20210906-1.el7.x86_64.rpm - LibFWNT is a library for Windows NT data types.
pfring-8.0.0-6874.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.6874-6874.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3308.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.13-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-18.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.13-200 for FC34

September 1, 2021: The following changes have been made:

pfring-8.0.0-6862.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.6862-6862.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3307.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-el8-x86_64-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-338 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-338 for EL8
fmem-kernel-modules-el7-x86_64-1.6-1.79.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.41.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-79.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.41.1 for EL7

August 25, 2021: The following changes have been made:

xplico-1.2.2-3.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - xplico is an Internet traffic decoder. Note: due to issues related to the version of PHP, the versions for Fedora and CentOS/RHEL 8 now use a Docker container based on Ubuntu 18.04. To used this version, run the /usr/bin/xplico script and address the issues that that script highlights. Speifically some additional adjustments may need to be made. Here are some of the issues:

Fedora 32: If you see the error related to CGroups, follow the steps here.
Fedora 33: If you see the error related to CGroups, follow the steps here.

Volatility3-1.2.0-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here.

ghidra-10.0.2-PUBLIC_20210804.1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvements here.

python2-yara-4.1.2-1.x86_64.{fc32,fc33,fc34,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.

pfring-8.0.0-6835.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.

pfring-dkms-8.0.0.6835-6835.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

ndpi-4.0.0-3305.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.

fmem-kernel-modules-fc34-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:

5.13.12-200 for FC34

lime-kernel-modules-fc34-x86_64-1.9.1-17.noarch.rpm - Support for the following kernels were added for LiME:

5.13.12-200 for FC34

fmem-kernel-modules-fc33-x86_64-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:

5.13.12-100 for FC33

lime-kernel-modules-fc33-x86_64-1.9.1-38.noarch.rpm - Support for the following kernels were added for LiME:

5.13.12-100 for FC33

fmem-kernel-modules-el8-x86_64-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:

4.18.0-331 for EL8
4.18.0-305.12.1 for EL8

lime-kernel-modules-el8-x86_64-1.9.1-24.noarch.rpm - Support for the following kernels were added for LiME:

4.18.0-331 for EL8
4.18.0-305.12.1 for EL8

August 18, 2021: The following changes have been made:

snort-3.1.10.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
libmodi{,-devel,-python3,-tools}-20210807-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libmodi{,-devel,-python36,-tools}-20210807-1.el7.x86_64.rpm - Libmodi is a library and tools to access the Mac OS disk image formats.
yaf{,-devel}-2.12.1-2.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 7 and 8 for the x86_64 architecture, yaf has been built to use PF_Ring. This release was rebuilt to accomodate PF_Ring version 8.
pfring-8.0.0-6812.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.0.0.6812-6812.{el7,el8}.noarch.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3293.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.10-200 for FC34
- 5.13.9-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-16.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.10-200 for FC34
- 5.13.9-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.10-100 for FC33
- 5.13.9-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.10-100 for FC33
- 5.13.9-100 for FC33

August 11, 2021: The following changes have been made:

snort-3.1.9.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
libvmdk{,-devel,-python3,-tools}-20210807-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libvmdk{,-devel,-python36,-tools}-20210807-1.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libvslvm{,-devel,-python3,-tools}-20210807-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libvslvm{,-devel,-python36,-tools}-20210807-1.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
libsmraw{,-devel,-python3,-tools}-20210807-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libsmraw{,-devel,-python36,-tools}-20210807-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
mtftar-0.9.0-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Mtftar is a tool that translates a MTF stream to a TAR stream. MTF is a format commonly found on Microsoft systems as it's what is generated by the NTBACKUP.EXE tool that ships with all modern versions of Windows.
python36-xlsxwriter-3.0.1-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
libregf{,-devel,-python3,-tools}-20210809-1.{fc32,fc33,fc34,el8}.x86_64.rp and libregf{,-devel,-python36,-tools}-20210809-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
fmem-kernel-modules-fc34-x86_64-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.8-200 for FC34
- 5.13.7-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-15.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.8-200 for FC34
- 5.13.7-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.8-100 for FC33
- 5.13.7-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.8-100 for FC33
- 5.13.7-100 for FC33

August 4, 2021: The following changes have been made:

python3-dfvfs-20210728-1.{fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20210728-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python36-xlsxwriter-1.4.5-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
python3-dtfabric-20210731-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-dtfabric-20210731-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
sleuthkit{,-devel,-libs}-4.11.0-1.1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
autopsy-4.19.0-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Notes:
1. This version uses Java 8 from Bellsoft.
2. This version was tested on Fedora 27 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
3. If you wish to run autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
  [ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp) sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini sudo systemctl stop xrdp
  sudo systemctl start xrdp
python3-pytsk3-20210801-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-pytsk3-20210801-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
libcreg{,-devel,-python2,-python3,-tools}-20210625-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libcreg{,-devel,-python36,-tools}-20210625-1.el7.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
python3-elasticsearch-7.14.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.14.0-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
pfring-7.8.0-3496.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3496.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3274.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.6-200 for FC34
- 5.13.5-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-14.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.6-200 for FC34
- 5.13.5-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.6-100 for FC33
- 5.13.5-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-35.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.6-100 for FC33
- 5.13.5-100 for FC33
fmem-kernel-modules-el8-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-326 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-326 for EL8

July 28, 2021: The following changes have been made:

libfsxfs{,-devel,-python3,-static,-tools}-20210726-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libfsxfs{,-devel,-python36,-static,-tools}-20210726-1.el7.x86_64.rpm - Libfsxfs contains library and tools to access the SGI X File System (XFS).
libfshfs{,-devel,-python3,-tools}-20210722-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libfshfs{,-devel,-python36,-tools}-20210722-1.el7.x86_64.rpm - Libfshfs is a library and tools to access the Hierarchical File System (HFS).
nDPI{,-devel}-2.9.0-2.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. These packages were rebuilt to eliminate a conflict with ndpi-4.
pfring-7.8.0-3487.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3487.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.0.0-3273.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.4-200 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-13.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.4-200 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.13.4-100 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-34.noarch.rpm - Support for the following kernels were added for LiME:
- 5.13.4-100 for FC33
fmem-kernel-modules-el7-x86_64-1.6-1.78.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.36.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-78.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.36.2 for EL7

July 21, 2021: The following changes have been made:

python3-elasticsearch-7.13.4-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.13.4-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
libfsext{,-devel,-python3,-tools}-20210720-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libfsext{,-devel,-python36,-tools}-20210522-1.el7.x86_64.rpm - Libfsext is a library and tools to access the Extended File System (EXT).
libfwnt{,-devel,-python3,-tools}-20210717-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libfwnt{,-devel,-python36,-tools}-20210717-1.el7.x86_64.rpm - LibFWNT is a library for Windows NT data types.
bellsoft-java8-full-1.8.0.302-1+8.x86_64.rpm - Bellsoft Java was installed for Fedora 32, 33, and 34 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
fmem-kernel-modules-fc34-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.17-300 for FC34
- 5.12.15-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-12.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.17-300 for FC34
- 5.12.15-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.17-200 for FC33
- 5.12.14-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-33.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.17-200 for FC33
- 5.12.14-200 for FC33
fmem-kernel-modules-el8-x86_64-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-305.10.2 for EL8
- 4.18.0-305.7.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-305.10.2 for EL8
- 4.18.0-305.7.1 for EL8

July 14, 2021: The following changes have been made:

hindsight-2021.04.26-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications. Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.

Please note that hindsight is implemented as Python Virtual Environments with wrapper shell script that is installed in /usr/bin. This means that you need to conifugre pip's /etc/pip.conf if your system is located behind a proxy server. This configuration should be completed before hindsight is installed.
python3-elasticsearch-7.13.3-1.{fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.13.3-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python{2,3}-cffi-1.14.6-1.el8.x86_64.rpm and cffi-doc-1.14.6-1.el8.noarch.rpm - Python-CFFI is a C Foreign Function Interface for Python. Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
Volatility3-1.1.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here.
ghidra-10.0.1-PUBLIC_20210708.1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
CERT-Forensics-Tools-1.0-95.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - This relese does the following:
- Added Hindsight.
python36-requests-2.26.0-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-4.0.3-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm, and libbroker-devel-4.0.1-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
fmem-kernel-modules-fc34-x86_64-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.14-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-11.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.14-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.14-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-32.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.14-200 for FC33

July 7, 2021: The following changes have been made:

xva-img-1.4.2-2.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - XVA-IMG is a tool for working with Citrix XEN disk images. Citrix Xen uses a custom virtual appliance format for import/export called "XVA". It's basically a strangely crafted tar-file. You don't need this program to unpack this tar-file, just use your favourite tar unpacker (tar, gtar, bsdtar). Once unpacked you will end up with a lot of different files, ova.xml (which contains the settings for the virtual appliance, think VMware vmx) and a number of folders called Ref:/, this is your disks. Each of these folders contain hundreds of files named 00000000, 00000001 with a accompanying .CHECKSUM file (SHA1). Each file is a 1MB slice of the disk, but some of the files in the sequence will probably be missing this is because XVA do not use compression; instead it will exclude slices of the disk that only contains zeros (are empty). This tool can assemble the disk for you (you will end up with a RAW disk) that can easily be mounted and modified. It can then also split the file again and generate checksum. Once ready, you will probably want to use the "package" command to rebuild the XVA file. In this release, the modes for the xva-img file were set to 755 as is appropriate.
python36-xlsxwriter-1.4.4-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
avml-0.3.0-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed. AVML can produce a memory image suitable for processing with Volatility 2 or Volatility 3 once the appropriate profiles have been created.
pfring-7.8.0-3459.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3459.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3226.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-el8-x86_64-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-315 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-315 for EL8

June 30, 2021: The following changes have been made:

Volatility3-1.0.1-3.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here. Release 2 is patched as of 2021-06-25.
pfring-7.8.0-3457.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3457.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3221.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.13-300 for FC34
- 5.12.12-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-10.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.13-300 for FC34
- 5.12.12-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.13-200 for FC33
- 5.12.12-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-31.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.13-200 for FC33
- 5.12.12-200 for FC33

June 23, 2021: The following changes have been made:

python3-artifacts-20210620-1.{fc32,fc33,fc34,el8}.x86_64.rpm, python36-artifacts-20210620-1.el7.x86_64.rpm, and artifacts-data-20210620-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Artifacts is a free, community-sourced,

daq{,-devel,-modules}-3.0.4-1.{fc32,fc33,fc34,el8}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort. Note that these packages have been installed in the forensics-test repository.

snort-3.1.6.0-1.{fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.

fmem-kernel-modules-fc34-x86_64-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:

5.12.11-300 for FC34

lime-kernel-modules-fc34-x86_64-1.9.1-9.noarch.rpm - Support for the following kernels were added for LiME:

5.12.11-300 for FC34

fmem-kernel-modules-fc33-x86_64-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:

5.12.11-200 for FC33

lime-kernel-modules-fc33-x86_64-1.9.1-30.noarch.rpm - Support for the following kernels were added for LiME:

5.12.11-200 for FC33

June 16, 2021: The following changes have been made:

libbde{,-devel,-python3,-tools}-20210605-1.{fc32,fc33,fc34,el8}.x86_64.rpm and libbde{,-devel,-python36,-tools}-20210605-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
python{2,3}-pefile-2021.5.24-1.{fc32,fc33,fc34,el8}.noarch.rpm and python{2,36}-pefile-2021.5.24-1.el7.noarch.rpm - PEFile is a Portable Executable reader module.
python3-dfvfs-20210606-1.{fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20210606-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
plaso-20210606-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
snort-2.9.18-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
snort-sample-rules-2.9.18-1.{fc32,fc33,fc34,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.18-1.{fc32,fc33,fc34,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
libregf{,-devel,-python3,-tools}-20210615-1.{fc32,fc33,fc34,el8}.x86_64.rp and libregf{,-devel,-python36,-tools}-20210615-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
fmem-kernel-modules-fc34-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.10-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-8.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.10-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.10-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-29.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.10-200 for FC33
fmem-kernel-modules-el7-x86_64-1.6-1.77.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.25.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-77.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.25.1 for EL7

June 11, 2021: The following changes have been made:

python3-elasticsearch-7.13.1-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and python36-elasticsearch-7.13.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.

plaso-20210412-2.{fc31,fc32,fc33,fc34,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here. Note: This version was rebuilt to remove the restriction on the version of Elasticsearch.

pfring-7.8.0-3429.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.

pfring-dkms-7.8.0-3429.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

ndpi-3.4.0-3200.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.

fmem-kernel-modules-fc34-x86_64-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:

5.12.9-300 for FC34

lime-kernel-modules-fc34-x86_64-1.9.1-7.noarch.rpm - Support for the following kernels were added for LiME:

5.12.9-300 for FC34

fmem-kernel-modules-fc33-x86_64-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:

5.12.9-200 for FC33

lime-kernel-modules-fc33-x86_64-1.9.1-28.noarch.rpm - Support for the following kernels were added for LiME:

5.12.9-200 for FC33

fmem-kernel-modules-el8-x86_64-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:

4.18.0-310 for EL8
4.18.0-305.3.1 for EL8

lime-kernel-modules-el8-x86_64-1.9.1-20.noarch.rpm - Support for the following kernels were added for LiME:

4.18.0-310 for EL8
4.18.0-305.3.1 for EL8

Fedora 31 - Updates to Fedora 31 for the x86_64 CPU architecture have ceased.

June 2, 2021: The following changes have been made:

python3-dfvfs-20210531-1.{fc31,fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20210531-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
maryam-2.2.6.post1-1.{fc31,fc32,fc33,fc34,el8}.noarch.rpm - OWASP Maryam is a modular/optional open-source framework based on OSINT and data gathering. Maryam is written in the Python programming language and has been designed to provide a powerful environment to harvest data from open sources and search engines and collect data quickly and thoroughly. See here for documentation on the modules provided for Maryam. Note that Maryam is not available for CentOS/RHEL 7 at this time.
python3-idna-3.2-1.el8.noarch.rpm and python36-idna-3.2-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891.
python3-certifi-2021.5.30-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-certifi-2021.5.30-1.el7.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
libfshfs{,-devel,-python3,-tools}-20210602-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libfshfs{,-devel,-python36,-tools}-20210602-1.el7.x86_64.rpm - Libfshfs is a library and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format.
CERT-Forensics-Tools-1.0-94.{fc31,fc32,fc33,fc34,el7,el8}.x86_64.rpm - This relese does the following: Added Maryam for all except CentOS/RHEL 7.
pfring-7.8.0-3424.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3424.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3182.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem: 5.12.8-300 for FC34 5.12.7-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-6.noarch.rpm - Support for the following kernels were added for LiME: 5.12.8-300 for FC34 5.12.7-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem: 5.12.8-200 for FC33 5.12.7-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-27.noarch.rpm - Support for the following kernels were added for LiME: 5.12.8-200 for FC33 5.12.7-200 for FC33
fmem-kernel-modules-el8-x86_64-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem: 4.18.0-305.0.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-19.noarch.rpm - Support for the following kernels were added for LiME: 4.18.0-305.0.1 for EL8

May 26, 2021: The following changes have been made:

libfsext{,-devel,-python3,-tools}-20210522-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libfsext{,-devel,-python36,-tools}-20210522-1.el7.x86_64.rpm - Libfsext is a library and tools to access the Extended File System (EXT).
python3-dfvfs-20210522-1.{fc31,fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20210522-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python{2,3}-pefile-2021.5.24-1.{fc31,el8}.noarch.rpm and python{2,36}-pefile-2021.5.24-1.el7.noarch.rpm - PEFile is a Portable Executable reader module.
libevtx{,-devel,-python3,-tools}-20210525-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libevtx{,-devel,-python36,-tools}-20210525-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
pfring-7.8.0-3419.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3419.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3180.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
snort-3.1.5.0-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
fmem-kernel-modules-fc34-x86_64-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.6-300 for FC34
- 5.12.5-300 for FC34
- 5.11.21-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-5.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.6-300 for FC34
- 5.12.5-300 for FC34
- 5.11.21-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.12.6-200 for FC33
- 5.12.5-200 for FC33
- 5.11.21-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-26.noarch.rpm - Support for the following kernels were added for LiME:
- 5.12.6-200 for FC33
- 5.12.5-200 for FC33
- 5.11.21-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.46.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.22-100 for FC32
- 5.11.21-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-46.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.22-100 for FC32
- 5.11.21-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-305 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-305 for EL8

May 19, 2021: The following changes have been made:

Volatility-2.6.1-6.{fc31,fc32,fc33,fc34,el7,el8}.x86_64.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6.1 that has been patched to May 14, 2021. You can read about this version here.
python{2,3}-pefile-2021.5.13-1.{fc31,el8}.noarch.rpm and python{2,36}-pefile-2021.5.13-1.el7.noarch.rpm - PEFile is a Portable Executable reader module.
python{2,3}-future-0.18.2-2.1.{fc31,el8}.noarch.rpm - Python-Future is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead. This package was built to support the packaging of Python-PEFile which in turn is needed to support the packaging of Volatility-community-plugins.
fmem-kernel-modules-fc34-x86_64-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.20-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.20-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.20-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.20-200 for FC33

May 13, 2021: The following changes have been made:

python2-six-1.16.0-1.el8.noarch.rpm - Six provides simple utilities for wrapping over differences between Python 2 and Python 3.
python36-xlsxwriter-1.4.3-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
python3-dfdatetime-20210509-1.{fc31,fc32,fc33,fc34,el8}.noarch.rpm and python36-dfdatetime-20210509-1.el7.noarch.rpm - dfDateTime, or Digital Forensics Date and Time, provides date and time objects to preserve accuracy and precision.
python2-yara-4.1.0-3.x86_64.{fc31,fc32,fc33,fc34,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was rebuilt due to the releases of Yara 4.1.0 for CentOS/RHEL 8.
libolecf{,-devel,-python3,-tools}-20210512-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpma and libolecf{,-devel,-python36,-tools}-20210512-1.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
pfring-7.8.0-3410.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3410.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3160.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc34-x86_64-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.19-300 for FC34
- 5.11.18-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.19-300 for FC34
- 5.11.18-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.19-200 for FC33
- 5.11.18-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.19-200 for FC33
- 5.11.18-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.45.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.19-100 for FC32
- 5.11.18-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-45.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.19-100 for FC32
- 5.11.18-100 for FC32

May 6, 2021: The following changes have been made:

libfsntfs{,-devel,-python3}-20210503-2.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libfsntfs{,-devel,-python36}-20210503-2.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libcreg{,-devel,-python2,-python3,-tools}-20210502-2.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libcreg{,-devel,-python36,-tools}-20210502-2.el7.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format. The previous release was buit with the wrong source file.
libmodi{,-devel,-python3,-tools}-20210501-2.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libmodi{,-devel,-python36,-tools}-20210501-2.el7.x86_64.rpm - Libmodi is a library and tools to access the Mac OS disk image formats. The previous release was buit with the wrong source file.
python3-dfvfs-20210501-2.{fc31,fc32,fc33,fc34,el8}.noarch.rpm and python36-dfvfs-20210501-2.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The previous release was buit with the wrong source file.
daq{,-devel,-modules}-3.0.3-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort. Note that these packages have been installed in the forensics-test repository.
snort-3.1.4.0-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
libfsext{,-devel,-python3,-tools}-20210504-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libfsext{,-devel,-python36,-tools}-20210504-1.el7.x86_64.rpm - Libfsext is a library and tools to access the Extended File System (EXT).
libewf-experimental{,-devel,-tools,-python3,-tools}-20210426-1.{fc31,fc32,fc33,fc34,el8}.x86_64.rpm and libewf-experimental{,-devel,-tools,-python36,-tools}-2,fc340201230-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 7:
sudo yum-config-manager --enable forensics-test
python2-yara-4.1.0-2.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was rebuilt due to the releases of Yara 4.1.0 for Fedora 34.
fmem-kernel-modules-fc34-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.17-300 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.17-300 for FC34
fmem-kernel-modules-fc33-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.17-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.17-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.44.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.17-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-44.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.17-100 for FC32

May 2, 2021: The following changes have been made:

libcreg{,-devel,-python2,-python3,-tools}-20210502-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libcreg{,-devel,-python36,-tools}-20210502-1.el7.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
libesedb{,-devel,-python3,-tools}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libesedb{,-devel,-python36,-tools}-20210424-1.el7.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
libevt{,-devel,-python3,-tools}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libevt{,-devel,-python36,-tools}-20210424-1.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,-devel,-python3,-tools}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libevtx{,-devel,-python36,-tools}-20210424-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libfsapfs{,-devel,-python3,-tools}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsapfs{,-devel,-python36,-tools}-20210424-1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
libfsext{,-devel,-python3,-tools}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsext{,-devel,-python36,-tools}-20210424-1.el7.x86_64.rpm - Libfsext is a library and tools to access the Extended File System (EXT).
libfshfs{,-devel,-python3,-tools}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfshfs{,-devel,-python36,-tools}-20210424-1.el7.x86_64.rpm - Libfshfs is a library and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format.
libfsntfs{,-devel,-python3}-20210424-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsntfs{,-devel,-python36}-20210424-1.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libfvde{,-devel,-python3,-tools}-20210425-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfvde{,-devel,-python36,-tools}-20210425-1.el7.x86_64.rpm - Libfvde is a library and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
libfwnt{,-devel,-python3,-tools}-20210421-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfwnt{,-devel,-python36,-tools}-20210421-1.el7.x86_64.rpm - LibFWNT is a library for Windows NT data types.
libfwsi{,-devel,-python3}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfwsi{,-devel,-python36}-20210419-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
liblnk{,-devel,-python3,-tools}-20210417-1.{fc31,fc32,fc33,el8}.x86_64.rpm and liblnk{,-devel,-python36,-tools}-20210417-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libluksde{,-devel,-python3,-tools}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libluksde{,-devel,-python36,-tools}-20210419-1.el7.x86_64.rpm - Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
libmodi{,-devel,-python3,-tools}-20210501-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libmodi{,-devel,-python36,-tools}-20210501-1.el7.x86_64.rpm - Libmodi is a library and tools to access the Mac OS disk image formats.
libmsiecf{,-devel,-python3,-tools}-20210420-1.{fc31,fc32,fc33,el8}.x86_64.rpm and ibmsiecf{,-devel,-python36,-tools}-20210420-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libolecf{,-devel,-python3,-tools}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rpma and libolecf{,-devel,-python36,-tools}-20210419-1.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
libqcow{,-devel,-python3,-tools}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rp and mlibqcow{,-devel,-python36,-tools}-20210419-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libregf{,-devel,-python3,-tools}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rp and libregf{,-devel,-python36,-tools}-20210419-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
libscca{,-devel,-python3,-tools}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libscca{,-devel,-python36,-tools}-20210419-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
libsigscan{,-devel,-python3}-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libsigscan{,-devel,-python36}-20210419-1.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning.
libsmdev{,-devel,-python3}-20210418-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libsmdev{,-devel,-python36}-20210418-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
libsmraw{,-devel,-python3,-tools}-20210418-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libsmraw{,-devel,-python36,-tools}-20210418-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libvhdi{,-devel,-python3,-tools}-20210425-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libvhdi{,-devel,-python36,-tools}-20210425-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,-devel,-python3,-tools}-20210418-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libvmdk{,-devel,-python36,-tools}-20210418-1.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libvshadow{,-devel,-python3,-tools}-20210425-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libvshadow{,-devel,-python36,-tools}-20210425-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
libvslvm{,-devel,-python3,-tools}-20210425-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libvslvm{,-devel,-python36,-tools}-20210425-1.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
python2-yara-4.1.0-1.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-4.0.1-1.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm, and libbroker-devel-4.0.1-1.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
xva-img-1.4.2-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - XVA-IMG is a tool for working with Citrix XEN disk images. Citrix Xen uses a custom virtual appliance format for import/export called "XVA". It's basically a strangely crafted tar-file. You don't need this program to unpack this tar-file, just use your favourite tar unpacker (tar, gtar, bsdtar). Once unpacked you will end up with a lot of different files, ova.xml (which contains the settings for the virtual appliance, think VMware vmx) and a number of folders called Ref:/, this is your disks. Each of these folders contain hundreds of files named 00000000, 00000001 with a accompanying .CHECKSUM file (SHA1). Each file is a 1MB slice of the disk, but some of the files in the sequence will probably be missing this is because XVA do not use compression; instead it will exclude slices of the disk that only contains zeros (are empty). This tool can assemble the disk for you (you will end up with a RAW disk) that can easily be mounted and modified. It can then also split the file again and generate checksum. Once ready, you will probably want to use the "package" command to rebuild the XVA file.
python3-dfvfs-20210501-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20210501-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
libtommath{,-devel}-1.2.01.2.0--1.el8.x86_64.rpm - LibTOMMath is a free open source portable number theoretic multiple-precision integer library written entirely in C. The library is designed to provide a simple to work with API that provides fairly efficient routines that build out of the box without configuration.
rifiuti2-0.7.0-5.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file. This package was updated to avoid a conflict with the rifiuti package.
pfring-7.8.0-3406.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3406.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3150.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-1.6-1.21.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 34 x86_64 architecture was added.
lime-kernel-modules-1.1.r17-21.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 34 x86_64 architecture was added.
fmem-kernel-modules-fc33-x86_64-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.16-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-22.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.16-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.43.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.16-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-43.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.16-100 for FC32
fmem-kernel-modules-el7-x86_64-1.6-1.76.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.25.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-76.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.25.1 for EL7

Fedora 34 - The repository now supports Fedora 34 for the x86_64 CPU architecture. Here is the list of tools provided for Fedora 34:

2hash
acr
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
avml
bencode
binplist
bulk_extractor
cert-forensics-tools-release
CERT-Forensics-Tools
crunch
cryptcat
daq
dcp
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
distorm3
docker-forensics-toolkit
DropboxReader
dtfabric
eindeutig
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
fuse-python
galleta
ghidra
ghostpdl
grokevt

guymager
hachoir
jafat
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf-experimental
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfsxfs
libfvde
libfwevt
libfwnt
libfwps
libfwsi
libguytools
libhibr
libipa
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi
libqcow
libregf
libscca

libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvsgpt
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
m2crypto
mac_apt
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
packetexaminer
pasco
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pycoin
pyfixbuf
python-colorama
python-construct
python-coverage
python-crypto
python-enum34
python-nose
python-sqlite3dbm
python-yara
python2-typing
pytsk3

qtmltfs
rar
reglookup
regripper
regripper-plugins
rekall-forensics
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk-ipa
silk-ipset
silk
sleuthkit
snarf
snort-openappid
snort-sample-rules
snort
stegdetect
super_mediator
tln_tools
umit
unrar
untex
videosnarf
vinetto
vmfs-tools
vmfs6-tools
Volatility
Volatility-community-plugins
Volatility3
Volatility3-linux-symbols
Volatility3-mac-symbols
Volatility3-windows-symbols
winevt-kb
winreg-kb
xplico
xva-img
yaf
zeek

April 23, 2021: The following changes have been made:

python3-pytsk3-20210419-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-pytsk3-20210419-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
bellsoft-java8-full-1.8.0.292-1+10.x86_64.rpm - Bellsoft Java was installed for Fedora 31, 32, and 33 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
python36-xlsxwriter-1.4.0-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
pfring-7.8.0-3402.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3402.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3137.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.15-200 for FC33
- 5.11.14-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.15-200 for FC33
- 5.11.14-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.15-100 for FC32
- 5.11.14-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-42.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.15-100 for FC32
- 5.11.14-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-301.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-301.1 for EL8

April 15, 2021: The following changes have been made:

plaso-20210412-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
ghidra-9.2.2-PUBLIC_20201229.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
python36-xlsxwriter-1.3.9-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
pfring-7.8.0-3398.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3398.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3130.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.13-200 for FC33
- 5.11.12-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.13-200 for FC33
- 5.11.12-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.13-100 for FC32
- 5.11.12-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-41.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.13-100 for FC32
- 5.11.12-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-240.22.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-240.22.1 for EL8
fmem-kernel-modules-el7-x86_64-1.6-1.75.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.24.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-75.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.24.1 for EL7

April 9, 2021: The following changes have been made:

libfsxfs{,-devel,-python3,-tools}-20210403-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsxfs{,-devel,-python36,-tools}-20210403-1.el7.x86_64.rpm - Libfsxfs contains library and tools to access the SGI X File System (XFS).
python3-artifacts-20210404-1.{fc31,fc32,fc33,el8}.x86_64.rpm, python36-artifacts-20210404-1.el7.x86_64.rpm, and artifacts-data-20210404-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Artifacts is a free, community-sourced,

April 2, 2021: The following changes have been made:

python3-pytsk3-20210327-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-pytsk3-20210327-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
libbde{,-devel,-python3,-tools}-20210327-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libbde{,-devel,-python36,-tools}-20210327-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
snort-2.9.17.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
This release contains these two additional symbolic links that are intended to simplify writing Snort configuration rules in that they are no longer required to contain the Snort version in the path name. These symbolic links are:
1. /usr/lib64/snort_dynamicengine → snort-2.9.17.0_dynamicengine
2. /usr/lib64/snort_dynamicpreprocessor → snort-2.9.17.0_dynamicpreprocessor
Furthermore, the Snort configuration file - /etc/snort/snort.conf - references these version-agnostic path names.
snort-sample-rules-2.9.17.1-1.{fc31,fc32,fc33,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.17.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
This release contains these two additional symbolic links that are intended to simplify writing Snort configuration rules in that they are no longer required to contain the Snort version in the path name. These symbolic links are:
1. /usr/lib64/snort_dynamicengine → snort-2.9.17.0_dynamicengine
2. /usr/lib64/snort_dynamicpreprocessor → snort-2.9.17.0_dynamicpreprocessor
Furthermore, the Snort configuration file - /etc/snort/snort.conf - references these version-agnostic path names.
python36-xlsxwriter-1.3.8-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
pfring-7.8.0-3396.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3396.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3123.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.11-200 for FC33
- 5.11.10-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.11-200 for FC33
- 5.11.10-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.11-100 for FC32
- 5.11.10-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-40.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.11-100 for FC32
- 5.11.10-100 for FC32

March 26, 2021: The following changes have been made:

sleuthkit{,-devel,-libs}-4.10.2-1.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
autopsy-4.18.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Notes:
1. This version uses Java 8 from Bellsoft.
2. This version was tested on Fedora 27 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
3. If you wish to run autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
  [ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp) sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini sudo systemctl stop xrdp
  sudo systemctl start xrdp
pfring-7.8.0-3394.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3394.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3115.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.9-200 for FC33
- 5.11.8-200 for FC33
- 5.11.7-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-18.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.9-200 for FC33
- 5.11.8-200 for FC33
- 5.11.7-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.11.7-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-39.noarch.rpm - Support for the following kernels were added for LiME:
- 5.11.7-100 for FC32

March 19, 2021: The following changes have been made:

fmem-kernel-modules-fc33-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.23-200 for FC33
- 5.10.22-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-17.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.23-200 for FC33
- 5.10.22-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.22-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-38.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.22-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-294 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-294 for EL8
fmem-kernel-modules-el7-x86_64-1.6-1.74.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.21.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-74.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.21.1 for EL7

March 12, 2021: The following changes have been made:

Volatility3-1.0.1-2.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here. Release 2 is patched as of 2021-03-10.
plaso-20210213-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
pfring-7.8.0-3385.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3385.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3094.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.21-200 for FC33
- 5.10.20-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-16.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.21-200 for FC33
- 5.10.20-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.21-100 for FC32
- 5.10.20-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.21-100 for FC32
- 5.10.20-100 for FC32

March 5, 2021: The following changes have been made:

python2-yara-4.0.5-1.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
pfring-7.8.0-3382.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3382.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3084.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.19-200 for FC33
- 5.10.18-200 for FC33
- 5.10.17-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-15.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.19-200 for FC33
- 5.10.18-200 for FC33
- 5.10.17-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.19-100 for FC32
- 5.10.18-100 for FC32
- 5.10.17-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.19-100 for FC32
- 5.10.18-100 for FC32
- 5.10.17-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-240.15.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-240.15.1 for EL8

February 19, 2021: The following changes have been made:

python3-dfvfs-20210213-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20210213-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python3-elasticsearch-7.11.0-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-elasticsearch-7.11.0-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. Note: This version has been removed from the repository due to incompatibilities with plaso.
python3-elasticsearch-7.9.1-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-elasticsearch-7.9.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
Note: You will need to downgrade to this version of elasticsearch with the following on Fedora and CentOS/RHEL 8:
sudo dnf downgrade python3-elasticsearch -y
And this on CentOS/RHEL 7:
sudo yum downgrade python36-elasticsearch -y
plaso-20201228-2.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here. This version removes a patch that intended to make plaso work with ElasticSearch version 7.10 and newer.
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.12-0.{fc31,fc32,fc33,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.12-0.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
pfring-7.8.0-3371.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3371.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3047.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.16-200 for FC33
- 5.10.15-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-14.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.16-200 for FC33
- 5.10.15-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.16-100 for FC32
- 5.10.15-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-35.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.16-100 for FC32
- 5.10.15-100 for FC32

February 12, 2021: The following changes have been made:

python3-dfvfs-20210207-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20210207-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python3-elasticsearch-7.11.0-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-elasticsearch-7.11.0-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
Volatility3-1.0.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here.
Due to the way in which the previous packages were named, you will need to remove the older version and install this version by hand with the following on Fedora and CentOS/RHEL 8:
sudo rpm -e Volatility3 --nodeps; sudo dnf install -y --refresh Volatility3
And this on CentOS/RHEL 7:
sudo rpm -e Volatility3 --nodeps; sudo yum -y install Volatility3
libvsgpt{,-devel,-python3,-tools}-20210207.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsgpt{,-devel,-python36,-tools}-20210207.el7.x86_64.rpm - Libvsgpt is a library and tools used to access the GUID Partition Table (GPT) volume system.
plaso-20201228-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
pfring-7.8.0-3361.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3361.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3044.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.14-200 for FC33
- 5.10.13-200 for FC33
- 5.10.12-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-13.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.14-200 for FC33
- 5.10.13-200 for FC33
- 5.10.12-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.13-100 for FC32
- 5.10.12-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-34.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.13-100 for FC32
- 5.10.12-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-277 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-277 for EL8

February 4, 2021: The following changes have been made:

python3-dfvfs-20210125-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20210125-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
libfsext{,-devel,-python3,-tools}-20210129-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsext{,-devel,-python36,-tools}-20210129-1.el7.x86_64.rpm - Libfsext is a library and tools to access the Extended File System (EXT).
pfring-7.8.0-3356.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3356.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2999.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.11-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-12.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.11-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.11-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-33.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.11-100 for FC32
fmem-kernel-modules-el7-x86_64-1.6-1.73.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.15.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-73.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.15.2 for EL7

January 29, 2021: The following changes have been made:

Volatility3-2.0.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is the version of Volatility 3 which can be found here. It is taken from the source code available as of 2021-01-27.
Due to the way in which the previous packages were named, you will need to remove the older version and install this version by hand with the following on Fedora and CentOS/RHEL 8:
sudo rpm -e Volatility3 --nodeps; sudo dnf install -y --refresh Volatility3
And this on CentOS/RHEL 7:
sudo rpm -e Volatility3 --nodeps; sudo yum -y install Volatility3
python2-yara-4.0.4-1.x86_64.{fc31,fc32,fc33,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
fmem-kernel-modules-fc33-x86_64-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.10-200 for FC33
- 5.10.9-201 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-11.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.10-200 for FC33
- 5.10.9-201 for FC33

January 22, 2021: The following changes have been made:

python36-lz4-3.1.3-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library.
bellsoft-java8-full-1.8.0.282-1+8.x86_64.rpm - Bellsoft Java was installed for Fedora 31, 32, and 33 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
libvsgpt{,-devel,-python3,-tools}-20210118.{fc31,fc32,fc33,el8}.x86_64.rpm and libfsgpt{,-devel,-python36,-tools}-20210118.el7.x86_64.rpm - Libvsgpt is a library and tools used to access the GUID Partition Table (GPT) volume system.
python3-dfvfs-20210120-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20210120-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
daq{,-devel,-modules}-3.0.0-1.{fc31,fc32,fc33,el8}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort. Note that these packages have been installed in the forensics-test repository.
snort-3.1.0.0-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the announcement. Note that these packages have been installed in the forensics-test repository.
pfring-7.8.0-3343.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3343.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2996.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-common-1.9.1-7.noarch.rpm - LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page. The changes are the following:
- Updated to include a fix for kernels 5.10 and beyond
Note: the version number has changed to correspond with the version on the LiME website.
fmem-kernel-modules-fc33-x86_64-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.8-200 for FC33
- 5.10.7-200 for FC33
- 5.10.6-200 for FC33
lime-kernel-modules-fc33-x86_64-1.9.1-10.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.8-200 for FC33
- 5.10.7-200 for FC33
- 5.10.6-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.10.8-100 for FC32
- 5.10.7-100 for FC32
lime-kernel-modules-fc32-x86_64-1.9.1-32.noarch.rpm - Support for the following kernels were added for LiME:
- 5.10.8-100 for FC32
- 5.10.7-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-240.10.1 for EL8
lime-kernel-modules-el8-x86_64-1.9.1-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-240.10.1 for EL8

January 7, 2021: The following changes have been made:

libewf-experimental{,-devel,-tools,-python3,-tools}-20201230-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libewf-experimental{,-devel,-tools,-python36,-tools}-20201230-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 7:
sudo yum-config-manager --enable forensics-test
python3-idna-3.1-1.el8.noarch.rpm and python36-idna-3.1-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
libfixbuf{,-devel,-ipfixDump}-2.4.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-3.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This package was rebuilt to use libfixbuf 2.4.1.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-4.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This package was rebuilt to use libfixbuf 2.4.1.
libschemaTools{,-devel}-1.3-7.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. This package was rebuilt to use libfixbuf 2.4.1.
python3-pyfixbuf-0.8.0-2.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-pyfixbuf-0.8.0-2.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). This package was rebuilt to use libfixbuf 2.4.1. Note also that the Python 2 version is no longer provided.
analysis-pipeline-5.11.3-5.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.4.1.
super_mediator-1.8.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. See here for the list of changes.
yaf{,-devel}-2.12.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring. See here for the list of changes.
mac-robber-1.02-1.el8.x86_64.rpm - Mac-robber is a digital investigation tool that collects data from allocated files in a mounted file system. Removed: Provided by CentOS/RHEL.
python3-redis-3.5-1.el8.noarch.rpm - Redis is a Python interface to the Redis key-value store. Removed: Provided by CentOS/RHEL.
pfring-7.8.0-3323.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3323.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2968.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.16-200 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.16-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.16-100 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.16-100 for FC32

December 23, 2020: The following changes have been made:

python3-dfvfs-20201219-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20201219-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
pfring-7.8.0-3320.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3320.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2958.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.15-200 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.15-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.15-100 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.15-100 for FC32
fmem-kernel-modules-el7-x86_64-1.6-1.72.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.11.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-72.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.11.1 for EL7

December 18, 2020: The following changes have been made:

libewf-experimental{,-devel,-tools,-python3,-tools}-20201210-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libewf-experimental{,-devel,-tools,-python36,-tools}-20201210-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 7:
sudo yum-config-manager --enable forensics-test
python36-chardet-4.0.0-1.el7.x86_64.rpm - Chardet is a universal character encoding detector.
ghidra-9.2-PUBLIC_20201113.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
Volatility3-2.0.0.b1-20201216.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is a beta version of Volatility 3 which can be found here. It is patched to 2020-12-16.
python36-requests-2.25.1-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
python3-cryptography-3.3-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-cryptography-3.1-1.el7.x86_64.rpm Cryptography is a package which provides cryptographic recipes and primitives to Python developers. Note: This package is being withdrawn from the repository. It needs to be removed and the vendor-provided version installed in its place.
For Fedora and CentOS/RHEL 8, do the following:
sudo rpm -ev python3-cryptography --nodeps; sudo dnf install python3-cryptography -y --refresh
For CentOS/RHEL 7, do the following:
sudo rpm -ev python36-cryptography --nodeps; sudo yum clean all; sudo yum install python36-cryptography -y
We regret this inconvenience.
snort-2.9.17.0-2.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
This release contains these two additional symbolic links that are intended to simplify writing Snort configuration rules in that they are no longer required to contain the Snort version in the path name. These symbolic links are:
1. /usr/lib64/snort_dynamicengine → snort-2.9.17.0_dynamicengine
2. /usr/lib64/snort_dynamicpreprocessor → snort-2.9.17.0_dynamicpreprocessor
Furthermore, the Snort configuration file - /etc/snort/snort.conf - references these version-agnostic path names.
snort-sample-rules-2.9.17.0-2.{fc31,fc32,fc33,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.17.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm and snort-openappid-2.9.1.17-1.el6.{i686,x86_64}.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 7 and 8 for the x86_64 architecture.
This release contains these two additional symbolic links that are intended to simplify writing Snort configuration rules in that they are no longer required to contain the Snort version in the path name. These symbolic links are:
1. /usr/lib64/snort_dynamicengine → snort-2.9.17.0_dynamicengine
2. /usr/lib64/snort_dynamicpreprocessor → snort-2.9.17.0_dynamicpreprocessor
Furthermore, the Snort configuration file - /etc/snort/snort.conf - references these version-agnostic path names.
pfring-7.8.0-3307.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3307.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2954.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.14-200 for FC33
- 5.9.13-200 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.14-200 for FC33
- 5.9.13-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.14-100 for FC32
- 5.9.13-100 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.14-100 for FC32
- 5.9.13-100 for FC32

December 10, 2020: The following changes have been made:

python3-certifi-2020.12.5-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-certifi-2020.12.5-1.el7.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Note: The Python 2 package is no longer provided.
libbde{,-devel,-python36,-tools}-20200724-2.el7.x86_64.rpm and libbde{,-devel,-python3,-tools}-20200724-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. Note: The Python 2 package is no longer provided.
libesedb{,-devel,-python36,-tools}-20200418-2.el7.x86_64.rpm and libesedb{,-devel,-python3,-tools}-20200418-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. Note: The Python 2 package is no longer provided.
libevt{,-devel,-python36,-tools}-20200926-2.el7.x86_64.rpm and libevt{,-devel,-python3,-tools}-20200926-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. Note: The Python 2 package is no longer provided.
libevtx{,-devel,-python36,-tools}-20200709-2.el7.x86_64.rpm and libevtx{,-devel,-python3,-tools}-20200709-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. Note: The Python 2 package is no longer provided.
libexe{,-devel,-python36,-tools}-20191221-2.el7.x86_64.rpm and libexe{,-devel,-python3,-tools}-20191221-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format. Note: The Python 2 package is no longer provided.
libfsapfs{,-devel,-python36,-tools}-20201107-2.el7.x86_64.rpm and libfsapfs{,-devel,-python3,-tools}-20201107-2.{fc31,fc32,fc33,el8}.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note: The Python 2 package is no longer provided.
libfshfs{,-devel,-python36,-tools}-20201104-2.el7.x86_64.rpm and libfshfs{,-devel,-python3,-tools}-20201104-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libfshfs is a library and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format. Note: The Python 2 package is no longer provided.
libfvde{,-devel,-python36,-tools}-20191221-2.el7.x86_64.rpm and libfvde{,-devel,-python3,-tools}-20191221-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libfvde is a library and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. Note: The Python 2 package is no longer provided.
libfwnt{,-devel,-python36,-tools}-20200723-2.el7.x86_64.rpm and libfwnt{,-devel,-python3,-tools}-20200723-2.{fc31,fc32,fc33,el8}.x86_64.rpm - LibFWNT is a library for Windows NT data types. Note: The Python 2 package is no longer provided.
libfwps{,-devel,-python36,-tools}-20191221-2.el7.x86_64.rpm and libfwps{,-devel,-python3,-tools}-20191221-2.{fc31,fc32,fc33,el8}.x86_64.rpm - LibFWPS is a library for Windows Property Store data types. Note: The Python 2 package is no longer provided.
liblnk{,-devel,-python36,-tools}-20200810-2.el7.x86_64.rpm and liblnk{,-devel,-python3,-tools}-20200810-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. Note: The Python 2 package is no longer provided.
libmodi{,-devel,-python36,-tools}-20201019-2.el7.x86_64.rpm and libmodi{,-devel,-python3,-tools}-20201019-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libmodi is a library and tools to access the Mac OS disk image formats. Note that this project currently only focuses on the analysis of the format. Note: The Python 2 package is no longer provided.
libmsiecf{,-devel,-python36,-tools}-20200710-2.el7.x86_64.rpm and libmsiecf{,-devel,-python3,-tools}-20200710-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Note: The Python 2 package is no longer provided.
libnk2{,-devel,-python36,-tools}-20181101-3.el7.x86_64.rpm and libnk2{,-devel,-python3,-tools}-20181101-3.{fc31,fc32,fc33,el8}.x86_64.rpm - Libnk2 is a library and tools to access Microsoft Outlook Nickfile (NK2) format files. Note: The Python 2 package is no longer provided.
libolecf{,-devel,-python36,-tools}-20201004-2.el7.x86_64.rpm and libolecf{,-devel,-python3,-tools}-20201004-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. Note: The Python 2 package is no longer provided.
libpff{,-devel,-python36,-tools}-20180714-5.el7.x86_64.rpm and libpff{,-devel,-python3,-tools}-20180714-5.{fc31,fc32,fc33,el8}.x86_64.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Note: The Python 2 package is no longer provided.
libphdi{,-devel,-python36,-tools}-20201003-2.el7.x86_64.rpm and libphdi{,-devel,-python3,-tools}-20201003-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libphdi is a library to access the Parallels Hard Disk image format. Note: The Python 2 package is no longer provided.
libqcow{,-devel,-python36,-tools}-20200928-2.el7.x86_64.rpm and libqcow{,-devel,-python3,-tools}-20200928-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. Note: The Python 2 package is no longer provided.
libregf{,-devel,-python36,-tools}-20201007-2.el7.x86_64.rpm and libregf{,-devel,-python3,-tools}-20201007-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. Note: The Python 2 package is no longer provided.
libscca{,-devel,-python36,-tools}-20200717-2.el7.x86_64.rpm and libscca{,-devel,-python3,-tools}-20200717-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. Note: The Python 2 package is no longer provided.
libsmraw{,-devel,-python36,-tools}-20191221-2.el7.x86_64.rpm and libsmraw{,-devel,-python3,-tools}-20191221-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Note: The Python 2 package is no longer provided.
libvhdi{,-devel,-python36,-tools}-20201204-1.el7.x86_64.rpm and libvhdi{,-devel,-python3,-tools}-20201204-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note: The Python 2 package is no longer provided.
libvmdk{,-devel,-python36,-tools}-20200926-2.el7.x86_64.rpm and libvmdk{,-devel,-python3,-tools}-20200926-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. Note: The Python 2 package is no longer provided.
libvshadow{,-devel,-python36,-tools}-20191221-2.el7.x86_64.rpm and libvshadow{,-devel,-python3,-tools}-20191221-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. Note: The Python 2 package is no longer provided.
libvslvm{,-devel,-python36,-tools}-20200817-2.el7.x86_64.rpm and libvslvm{,-devel,-python3,-tools}-20200817-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. Note: The Python 2 package is no longer provided.
libvsmbr{,-devel,-python36,-tools}-20200818-2.el7.x86_64.rpm and libvsmbr{,-devel,-python3,-tools}-20200818-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system. Note: The Python 2 package is no longer provided.
libwrc{,-devel,-python36,-tools}-20191221-2.el7.x86_64.rpm and libwrc{,-devel,-python3,-tools}-20191221-2.{fc31,fc32,fc33,el8}.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format. Note: The Python 2 package is no longer provided.
Volatility3-2.0.0.b1-3.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is a beta version of Volatility 3 which can be found here. It is patched to 2020-12-07.
python3-cryptography-3.3-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-cryptography-3.1-1.el7.x86_64.rpm Cryptography is a package which provides cryptographic recipes and primitives to Python developers. Note that for CentOS/RHEL 7, the version remains at 3.1.
python3-elasticsearch-7.10.1-1.{fc31,fc32,fc33,el8}.x86_64.rpm and python36-elasticsearch-7.10.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
pfring-7.8.0-3294.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3294.{el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2941.{el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.12-200 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.12-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.12-100 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.12-100 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-240.1.1 for EL8
- 4.18.0-240 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-240.1.1 for EL8
- 4.18.0-240 for EL8

December 4, 2020: The following changes have been made:

libewf-experimental{,-devel,-tools,-python3,-tools}-20201129-1.{fc31,fc32,fc33,el8}.x86_64.rpm and libewf-experimental{,-devel,-tools,-python36,-tools}-20201129-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.

Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:

sudo dnf config-manager --set-enabled forensics-test

or this command for CentOS/RHEL 7:

sudo yum-config-manager --enable forensics-test

musl-{clang,devel,filesystem,gcc,libc,libc-static}-1.2.1-1.{el7,el8}.x86_64.rpm - MUSL is a fully featured lightweight standard C library for Linux. This package was built to support AVML.

avml-0.2.1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary. AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori. No on-target compilation or fingerprinting is needed. AVML can produce a memory image suitable for processing with Volatility 2 or Volatility 3 once the appropriate profiles have been created.

CERT-Forensics-Tools-1.0-93.el6.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-93.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - This relese does the following:

Added AVML for Fedora 31 and beyond and CentOS/RHEL 7 and beyond.

python3-dfvfs-20201202-1.{fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20201202-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.

sleuthkit{,-devel,-libs}-4.10.1-1.3.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This release attempts to correct an issue with the Sleuth Kit was build with the incorrect version of the Java Development packages. Note that release 1.3 copies the /usr/share/java/sleuthkit-4.10.1.jar file to the correct place for Autopsy as found in LiFTeR which is /usr/autopsy/autopsy/modules/ext/sleuthkit-4.10.1.jar If your version of Autopsy is installed in a different place, you will need to copy /usr/share/java/sleuthkit-4.10.1.jar to that place manually.

autopsy-4.17.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Notes:

This version uses Java 8 from Bellsoft.
This version was tested on Fedora 27 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
If you wish to run autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
[ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp) sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini sudo systemctl stop xrdp
sudo systemctl start xrdp

libfwsi{,-devel,-python36}-20201204-1.el7.x86_64.rpm and libfwsi{,-devel,-python3}-20201204-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.

libsmdev{,-devel,-python36}-20201204-1.el7.x86_64.rpm and libsmdev{,-devel,-python3}-20201204-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.

pfring-7.8.0-3285.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.

pfring-dkms-7.8.0-3285.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

ndpi-3.4.0-2937.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.

fmem-kernel-modules-fc33-x86_64-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:

5.9.11-200 for FC33
5.9.10-200 for FC33

lime-kernel-modules-fc33-x86_64-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:

5.9.11-200 for FC33
5.9.10-200 for FC33

fmem-kernel-modules-fc32-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:

5.9.11-100 for FC32
5.9.10-100 for FC32

lime-kernel-modules-fc32-x86_64-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:

5.9.11-100 for FC32
5.9.10-100 for FC32

CentOS 6 - Updates to CentOS 6 for both the i686 and x86_64 CPU architectures have ceased.

November 25, 2020: The following changes have been made:

snort-2.9.17.0-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm and snort-2.9.17.0-1.el6.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
snort-sample-rules-2.9.17.0-1.{fc31,fc32,fc33,el6,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.17-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm and snort-openappid-2.9.1.17-1.el6.{i686,x86_64}.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
yaf{,-devel}-2.11.2-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm and yaf{,-devel}-2.11.2-1.el6.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or
Volatility3-2.0.0.b1-2.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is a beta version of Volatility 3 which can be found here. It is patched to 2020-11-23.
libewf-experimental{,-devel,-tools,-python3,-tools}-20201123-1.{fc31,fc32,fc33,el8}.x86_64.rpm, libewf-experimental{,-devel,-tools,-python36,-tools}-20201123-1.el7.x86_64.rpm, and libewf-experimental{,-devel,-tools,-python2,-tools}-20201123-1.el6.{i686,x86_64}.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 7:
sudo yum-config-manager --enable forensics-test
sleuthkit{,-devel,-libs}-4.10.1-1.1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
apfs-fuse-20200928-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones.
python2-distorm3-3.5.0-1.el6.{i386,x86_64}.rpm, python{2,36}-distorm3-3.5.0-1.el7.x86_64.rpm, and python{2,3}-distorm3-3.5.0-1.(fc31,fc32,fc33,el8}.x86_64.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework.
libodraw{,-devel,-tools}-20201003-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Libodraw is a library to access to optical disc (split) RAW image files (bin/cue, iso/cue).
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.11-0.{fc31,fc32,fc33,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.11-0.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
pfring-7.8.0-3283.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3283.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2929.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.9-200 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.9-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.9-100 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.9-100 for FC32

November 22, 2020: The following changes have been made:

python3-dfvfs-20201118-1.{fc27,fc28,fc29,fc30,fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20201118-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
libfsntfs{,-devel,-python3}-20201115-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20201115-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20201115-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20201115-1.{fc31,fc32,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libfsxfs{,-devel,-python3,-tools}-20201114-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsxfs{,-devel,-python2,-tools}-20201114-1.el6.{i686,x86_64}.rpm, libfsxfs{,-devel,-python36,-tools}-20201114-1.el7.x86_64.rpm, and libfsxfs{,-devel,-python3,-tools}-20201114-1.{fc31,fc32,el8}.x86_64.rpm - Libfsxfs contains library and tools to access the SGI X File System (XFS).
libsigscan{,-devel,-python3}-20201117-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2}-20201117-1.el6.{i686,x86_64}.rpm, libsigscan{,-devel,-python36}-20201117-1.el7.x86_64.rpm, and libsigscan{,-devel,-python3}-20201117-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning.
python36-lz4-3.1.1-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library.
pfring-7.8.0-3278.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3278.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2923.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc33-x86_64-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.8-200 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.8-200 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.9.8-100 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.9.8-100 for FC32
fmem-kernel-modules-el7-x86_64-1.6-1.71.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.6.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-71.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.6.1 for EL7
Fedora 30 - Updates to Fedora 30 for both the i686 and x86_64 CPU architectures has ceased.
Fedora 29 - Updates to Fedora 29 for both the i686 and x86_64 CPU architectures has ceased.
Fedora 28 - Updates to Fedora 28 for both the i686 and x86_64 CPU architectures has ceased.
Fedora 27 - Updates to Fedora 27 for both the i686 and x86_64 CPU architectures has ceased.

November 13, 2020: The following changes have been made:

libfsapfs{,-devel,-python2,-python3}-20201107-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20201107-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20201107-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20201107-1.{fc31,fc32,fc33,el8}.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
python3-dfvfs-20201107-1.{fc27,fc28,fc29,fc30,fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20201107-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python{2,3}-certifi-2020.11.8-1.{fc27,fc28,fc29,fc30,fc31,fc32,fc33,el8}.noarch.rpm and python{2,36}-certifi-2020.11.8-1.el7.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
python36-requests-2.25.0-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
pfring-7.8.0-3272.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3272.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-2911.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-el7-x86_64-1.6-1.70.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.2.2 for EL7
- 3.10.0-1160.2.1 for EL7
- 3.10.0-1160 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-70.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.2.2 for EL7
- 3.10.0-1160.2.1 for EL7
- 3.10.0-1160 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.69.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.35.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-69.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.35.1 for EL6

November 6, 2020: The following changes have been made:

Volatility3-2.0.0.b1-1.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Volatility 3 is a completely open collection of tools, implemented in Python under the Volatility Software License, for the extraction of digital artifacts from volatile memory (RAM) samples. This release is a beta version of Volatility 3 which can be found here.
Volatility3-{windows,linux,mac}-symbols-20191016-1.noarch.rpm - These three packages are the kernel symbol table files needed by Volatility 3 to correctly interpret inforamtion in various Windows, Linux, and MacOS kernels.
CERT-Forensics-Tools-1.0-92.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-92.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - This relese does the following:
- Added Volatility3 and the Volatility 3 symbol table packages for Fedora 31 and beyond and CentOS/RHEL 7 and beyond.
libfshfs{,-devel,-python2,-python3,-tools}-20201104-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfshfs{,-devel,-python2,-tools}-20201104-1.el6.{i686,x86_64}.rpm, libfshfs{,-devel,-python2,-python36,-tools}-20201104-3.el7.x86_64.rpm, and libfshfs{,-devel,-python2,-python3,-tools}-20201104-3.{fc31,fc32,fc33,el8}.x86_64.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format.
python3-dfvfs-20201105-1.{fc27,fc28,fc29,fc30,fc31,fc32,fc33,el8}.noarch.rpm and python36-dfvfs-20201105-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
pfring-7.8.0-3267.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.8.
pfring-dkms-7.8.0-3267.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.4.0-3267.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
yaf{,-devel}-2.11.0-5.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-5.{fc31,fc32,fc33,el7,el8}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. This release has been updated to support PF_Ring Version 7.8.
bellsoft-java8-full-1.8.0.275-1+1.{i586,x86_64}.rpm - Bellsoft Java was installed for Fedora 27 through 32 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
python3-artifacts-20201106-1.{fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20201106-1.{fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python36-artifacts-20201106-1.el7.x86_64.rpm, artifacts-data-20201106-1.el7.x86_64.rpm - python3-artifacts-20201106-1.{fc31,fc32,fc33,el8}.x86_64.rpm, artifacts-data-20201106-1.{fc31,fc32,fc33,el8}.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
fmem-kernel-modules-fc33-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.18-300 for FC33
- 5.8.17-300 for FC33
lime-kernel-modules-fc33-x86_64-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.18-300 for FC33
- 5.8.17-300 for FC33
fmem-kernel-modules-fc32-x86_64-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.18-200 for FC32
- 5.8.17-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.18-200 for FC32
- 5.8.17-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.18-100 for FC31
- 5.8.17-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.18-100 for FC31
- 5.8.17-100 for FC31
fmem-kernel-modules-el8-x86_64-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-193.28.1 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-193.28.1 for EL8

October 30, 2020: The following changes have been made:

python{2,36}-psutil-5.7.3-1.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
plaso-20201007-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20201007-1.{fc31,fc32,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
libcreg{,-devel,-python3,-tools}-20200725-2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libcreg{,-devel,-python2,-tools}-20200725-2.el6.{i686,x86_64}.rpm, libcreg{,-devel,-python36,-tools}-20200725-2.el7.x86_64.rpm, and libcreg{,-devel,-python2,-python3,-tools}-20200725-2.{fc31,fc32,el8}.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format. Note that in this release, the Python3 version for CentOS/RHEl 7 is correctly named, that is it is named libcreg-python36 and not libcreg-python3. There are no other changes in this release.
Volatility-2.6.1-5.{fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-5.{fc31,fc32,el7,el8}.x86_64.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6.1 that has been patched to October 27, 2020. You can read about this version here.
libfsntfs{,-devel,-python3}-20201027-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20201027-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20201027-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20201027-1.{fc31,fc32,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libmdmp{,-devel,-tools}-20200819-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libmdmp{,-devel,-tools}-20200819-1.{fc31,fc32,el7,el8}.x86_64.rpm - Libmdmp is a library to access the Windows Minidump (MDMP) format. Note that this project currently only focuses on the analysis of the format.
libhibr{,-devel,-tools}-20200820-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libhibr{,-devel,-tools}-20200820-1.{fc31,fc32,el7,el8}.x86_64.rpm - libhibr is a lbrary and tools to access the Windows Hibernation File (hiberfil.sys) format. Note that this project currently only focuses on the analysis of the format.
libmodi{,-devel,-python2,-python3,-tools}-20201019-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmodi{,-devel,-python2,-tools}-20201019-1.el6.{i686,x86_64}.rpm, and libmodi{,-devel,-python2,-python36,-tools}-20201019-1.el7.x86_64.rpm, libmodi{,-devel,-python2,-python3,-tools}-20201019-1.{fc31,fc32,el8}.x86_64.rpm - Libmodi is a lbrary and tools to access the Mac OS disk image formats. Note that this project currently only focuses on the analysis of the format.
libphdi{,-devel,-python2,-python3,-tools}-20201003-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libphdi{,-devel,-python2,-tools}-20201003-1.el6.{i686,x86_64}.rpm, libphdi{,-devel,-python2,-python36,-tools}-20201003-1.el7.x86_64.rpm, and libphdi{,-devel,-python2,-python36,-tools}-20201003-1.{fc31,fc32,el8}.x86_64.rpm - Libphdi is a library to access the Parallels Hard Disk image format.
libagdb{,-devel,-tools}-20201023-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and ibagdb{,-devel,-tools}-20201023-1.{fc31,fc32,el7,el8}.x86_64.rpm - Libagdb is a library to access the SuperFetch database format.
libvsmbr{,-devel,-python2,-python3,-tools}-20200818-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvsmbr{,-devel,-python2,-tools}-20200818-1.el6.{i686,x86_64}.rpm, and libvsmbr{,-devel,-python2,-python36,-tools}-20200818-1.el7.x86_64.rpm, and libvsmbr{,-devel,-python2,-python3,-tools}-20200818-1.{fc31,fc32,el8}.x86_64.rpm - Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system.
rifiuti2-0.7.0-5.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-5.fc31,fc32,el7,el8.x86_64.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file. This package was updated to avoid a conflict with the rifiuti package.
fmem-kernel-modules-1.6-1.20.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 33 x86_64 architecture was added.
lime-kernel-modules-1.1.r17-20.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 33 x86_64 architecture was added.
fmem-kernel-modules-fc32-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.16-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.16-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.16-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.16-100 for FC31

Fedora 33 - The repository now supports Fedora 33 for the x86_64 CPU architecture. Here is the list of tools provided for Fedora 33:

2hash
acr
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
bulk_extractor
cert-forensics-tools-release
CERT-Forensics-Tools
certifi
crunch
cryptcat
cryptography
daq
dcp
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
distorm3
docker-forensics-toolkit
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
fuse-python
galleta
ghidra

ghostpdl
grokevt
guymager
hachoir
jafat
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwps
libfwsi
libguytools
libhibr
libipa
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi
libqcow
libregf
libscca

libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
m2crypto
mac_apt
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
packetexaminer
pasco
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pycoin
pyfixbuf
python-colorama
python-construct
python-coverage
python-crypto
python-enum34
python-nose
python-registry
python-sqlite3dbm
python-unicodecsv
python-yara
python2-typing

pytsk3
qtmltfs
rar
redis
reglookup
regripper-plugins
regripper
rekall-forensics
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk-ipa
silk-ipset
silk
sleuthkit
snarf
snort-openappid
snort-sample-rules
snort
stegdetect
super_mediator
tln_tools
umit
unrar
untex
veracrypt
videosnarf
vinetto
vmfs-tools
vmfs6-tools
Volatility-community-plugins
Volatility
winevt-kb
winreg-kb
xplico
xva-img
yaf
zeek

October 23, 2020: The following changes have been made:

libvhdi{,-devel,-python2,-python3,-tools}-20201018-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20201018-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20201018-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20201018-1.{fc31,fc32,el8}.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libfshfs{,-devel,-python2,-python3,-tools}-20201019-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfshfs{,-devel,-python2,-tools}-20201019-1.el6.{i686,x86_64}.rpm, libfshfs{,-devel,-python2,-python36,-tools}-20201019-3.el7.x86_64.rpm, and libfshfs{,-devel,-python2,-python3,-tools}-20201019-3.{fc31,fc32,el8}.x86_64.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format.
python3-cryptography-3.1-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-cryptography-3.1-1.el7.x86_64.rpm, and python3-cryptography-3.1-1.{fc30,fc31,el8}.x86_64.rpm - Cryptography is a package which provides cryptographic recipes and primitives to Python developers.
python3-dfvfs-20201018-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-dfvfs-20201018-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
bellsoft-java8-full-1.8.0.272-1+10.{i586,x86_64}.rpm - Bellsoft Java was installed for Fedora 27 through 32 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
pfring-7.6.0-3245.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3245.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2878.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.

October 16, 2020: The following changes have been made:

libfsapfs{,-devel,-python2,-python3}-20201008-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20201008-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20201008-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20201008-1.{fc31,fc32,el8}.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
python3-xlsxwriter-1.3.7-1.{fc27,fc28,fc29}.noarch.rpm and python36-xlsxwriter-1.3.7-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
libvhdi{,-devel,-python2,-python3,-tools}-20201014-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20201014-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20201014-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20201014-1.{fc31,fc32,el8}.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
fmem-kernel-modules-fc32-x86_64-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.15-200 for FC32
- 5.8.14-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.15-200 for FC32
- 5.8.14-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.15-101 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.15-101 for FC31

October 8, 2020: The following changes have been made:

python3-dfwinreg-20201006-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20201006-1.el7.x86_64.rpm, and python3-dfwinreg-20201006-1.{fc31,fc32,el8}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
libregf{,-devel,-python2,-python3}-20201007-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2}-20201007-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36}-20201007-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3}-20201007-1.{fc31,fc32,el8}.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
libolecf{,-devel,-python2,-python3}-20201004-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2}-20201004-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36}-20201004-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3}-20201004-1.{fc31,fc32,el8}.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
pfring-7.6.0-3209.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3209.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2862.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.13-200 for FC32
- 5.8.12-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.13-200 for FC32
- 5.8.12-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.13-100 for FC31
- 5.8.12-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.13-100 for FC31
- 5.8.12-100 for FC31

October 1, 2020: The following changes have been made:

libevt{,-devel,-python2,-python3}-20200926-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200926-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200926-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200926-1.{fc31,fc32,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libvhdi{,-devel,-python2,-python3,-tools}-20200926-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20200926-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20200926-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20200926-1.{fc31,fc32,el8}.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,-devel,-python2,-python3}-20200926-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2}-20200926-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36}-20200926-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3}-20200926-1.{fc31,fc32,el8}.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
bulk_extractor-1.6.0-3.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-3.{fc31,fc32,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This version fixes many issues. In addition, it also contains the BEViewer GUI front-end for bulk_extractor. This version was rebuilt to add the python3-matplotlib dependency which caused be_grapher.py to be removed from CentOS/RHEL 7.
libqcow{,-devel,-python2,-python3}-20200928-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2}-20200928-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36}-20200928-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3}-20200928-1.{fc31,fc32,el8}.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
python3-dfwinreg-20200928-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200928-1.el7.x86_64.rpm, and python3-dfwinreg-20200928-1.{fc31,fc32,el8}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
fmem-kernel-modules-fc32-x86_64-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.11-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.11-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.11-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.11-100 for FC31

September 24, 2020: The following changes have been made:

python3-xlsxwriter-1.3.6-1.{fc27,fc28,fc29}.noarch.rpm and python36-xlsxwriter-1.3.6-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
libfsntfs{,-devel,-python3}-20200921-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200921-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200921-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200921-1.{fc31,fc32,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python3-dfwinreg-20200415-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200415-1.el7.x86_64.rpm, and python3-dfwinreg-20200415-1.{fc31,fc32,el8}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
python3-dfvfs-20200920-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-dfvfs-20200920-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
libfsext{,-devel,-python2,-python3,-tools}-20200819-2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-tools}-20200819-2.el6.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-python36,-tools}-20200819-2.el7.x86_64.rpm and libfsext{,-devel,-python2,-python3,-tools}-20200819-2.{fc31,fc32,el8}.x86_64.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT). This release correctly names the CentOS/RHEL 7 version (python36 vs. python3).
mac_apt-0.7-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and mac_apt-0.7-1.{fc321,fc32,el7,el8}.x86_64.rpm - Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.). Here are a list of features:
- Cross platform (no dependency on pyobjc)
- Works on E01, VMDK, AFF4, DD, split-DD, DMG (no compression) and mounted images
- XLSX, CSV, Sqlite outputs
- Analyzed files/artifacts are exported for later review
- zlib, lzvn, lzfse compressed files are supported!
- Native HFS and APFS parser
- Reads the Spotlight database and Unified Logging (tracev3) files
And here are a list of new functionality added in this release:
- Support for macOS Big Sur (11.0)
- FAST mode ⏳
- Encrypted 🔒 APFS images can now be processed using password/recovery-key 🔑
- macOS Catalina (10.15) images can be parsed now
- macOS Catalina (10.15) separately mounted SYSTEM and DATA volumes now supported
- AFF4 images (including macquisition created) now supported
CERT-Forensics-Tools-1.0-91.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-91.{fc31,fc32,el7,el8}.x86_64.rpm - This relese does the following:
- Added mac_apt for Fedora and CentOS/RHEL 7 and 8.
pfring-7.6.0-3176.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3176.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2841.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.10-200 for FC32
- 5.8.9-200 for FC32
- 5.8.8-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.10-200 for FC32
- 5.8.9-200 for FC32
- 5.8.8-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.10-100 for FC31
- 5.8.9-101 for FC31
- 5.8.8-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.10-100 for FC31
- 5.8.9-101 for FC31
- 5.8.8-100 for FC31
fmem-kernel-modules-el8-x86_64-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-193.19.1 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-193.19.1 for EL8

September 12, 2020: The following changes have been made:

sleuthkit{,-devel,-libs}-4.10.0-1.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.10.0-1.1.{fc31,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
autopsy-4.16.0-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.16.0-1.{fc31,fc32,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Notes:
1. This version uses Java 8 from Bellsoft.
2. This version was tested on Fedora 27 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
3. If you wish to run autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
  [ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp) sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini sudo systemctl stop xrdp
  sudo systemctl start xrdp
python2-pysocks-1.6.8-6.el8.noarch.rpm - Pysocks is a fork of SocksiPy with bug fixes and extra features. It acts as a drop-in replacement for the socket module. This package was built for CentOS 8 to support the Volatility-community-plugins package.
python2-six-1.11.0-5.el8.noarch.rpm - Six provides simple utilities for wrapping over differences between Python 2 and Python 3. This package was built for CentOS 8 to support the Volatility-community-plugins package.
fmem-kernel-modules-fc32-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.7-200 for FC32
- 5.8.6-201 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.7-200 for FC32
- 5.8.6-201 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.6-101 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.6-101 for FC31

September 3, 2020: The following changes have been made:

python3-dfdatetime-20200824-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-dfdatetime-20200824-1.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
libfsext{,-devel,-python2,-python3,-tools}-20200819-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-tools}-20200819-1.el6.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-python36,-tools}-20200819-1.el7.x86_64.rpm and libfsext{,-devel,-python2,-python3,-tools}-20200819-1.{fc31,fc32,el8}.x86_64.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT).
libcreg{,-devel,-python3,-tools}-20200725-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libcreg{,-devel,-python2,-tools}-20200725-1.el6.{i686,x86_64}.rpm, libcreg{,-devel,-python36,-tools}-20200725-1.el7}.x86_64.rpm, and libfsext{,-devel,-python2,-python3,-tools}-20200819-1.{fc31,fc32,el8}.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
pfring-7.6.0-3146.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3146.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2780.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-common-1.1.r17-6.noarch.rpm - LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page. The changes are the following:
- LiME code up to date as of August 31, 2020 (which includes changes for the 5.8 Linux kernels)
fmem-kernel-modules-fc32-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.8.4-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 5.8.4-200 for FC32

August 28, 2020: The following changes have been made:

python3-dfdatetime-20200809-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-dfdatetime-20200809-1.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
snort-2.9.16.1-2.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.16.1-2.{fc31,fc32,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture. This release corrected a packaging error where the openappid option was not correctly disabled.
snort-sample-rules-2.9.16.1-2.{fc27,fc28,fc29,fc30,fc31,fc32,el6,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.1.16.1-2.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.16-1.{fc31,fc32,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture. This release corrected a packaging error where the openappid option was not correctly enabled.
pfring-7.6.0-3144.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3144.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2775.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.17-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.17-200 for FC32
fmem-kernel-modules-el7-x86_64-1.6-1.69.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1127.19.1 for EL7
- 3.10.0-1127.18.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-69.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1127.19.1 for EL7
- 3.10.0-1127.18.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.68.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.33.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-68.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.33.1 for EL6

August 23, 2020: The following changes have been made:

python3-xlsxwriter-1.3.3-1.{fc27,fc28,fc29}.noarch.rpm and python36-xlsxwriter-1.3.3-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
libvhdi{,-devel,-python2,-python3,-tools}-20200810-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20200810-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20200810-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20200810-1.{fc31,fc32,el8}.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,-devel,-python2,-python3}-20200810-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2}-20200810-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36}-20200810-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3}-20200810-1.{fc31,fc32,el8}.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
liblnk{,-devel,-python2,-python3}-20200810-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2}-20200810-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36}-20200810-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3}-20200810-1.{fc31,fc32,el8}.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libevt{,-devel,-python2,-python3}-20200810-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200810-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200810-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200810-1.{fc31,fc32,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libvslvm{,-devel,-python2,-python3}-20200817-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20200817-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20200817-1.{fc31,fc32,el8}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
libfsext{,-devel,-python2,-python3,-tools}-20200811-2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-tools}-20200811-2.el6.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-python36,-tools}-20200811-2.el7.x86_64.rpm and libfsext{,-devel,-python2,-python3,-tools}-20200811-2.{fc31,fc32,el8}.x86_64.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT).
python3-elasticsearch-7.9.1-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-elasticsearch-7.9.1-1.el7.x86_64.rpm, python3-elasticsearch-7.9.1-1.{fc31,fc32,el8}.x86_64.rpm, and python2-elasticsearch-7.9.1-1.el6.{i686,x86_64}.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
pfring-7.6.0-3136.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3136.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2753.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.16-200 for FC32
- 5.7.15-200 for FC32
- 5.7.14-200 for FC32
- 5.7.12-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.16-200 for FC32
- 5.7.15-200 for FC32
- 5.7.14-200 for FC32
- 5.7.12-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.15-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.15-100 for FC31

August 6, 2020: The following changes have been made:

snort-2.9.16.1-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.16.1-1.{fc31,fc32,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
snort-sample-rules-2.9.16.1-1.{fc27,fc28,fc29,fc30,fc31,fc32,el6,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.1.16.1-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.16-1.{fc31,fc32,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
libfsntfs{,-devel,-python3}-20200805-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200805-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200805-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200805-1.{fc31,fc32,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libregf{,-devel,-python2,-python3}-20200805-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2}-20200805-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36}-20200805-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3}-20200805-1.{fc31,fc32,el8}.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
fmem-kernel-modules-fc32-x86_64-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.11-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.11-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.11-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.11-100 for FC31

July 31, 2020: The following changes have been made:

libfsntfs{,-devel,-python3}-20200726-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200726-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200726-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200726-1.{fc31,fc32,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libfsapfs{,-devel,-python2,-python3}-20200727-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20200727-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20200727-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20200727-1.{fc31,fc32,el8}.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
libqcow{,-devel,-python2,-python3}-20200729-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2}-20200729-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36}-20200729-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3}-20200729-1.{fc31,fc32,el8}.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
pfring-7.6.0-3097.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3097.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2705.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
bellsoft-java8-1.8.0.265-1+1.{i586,x86_64}-full.rpm - Bellsoft Java was installed for Fedora 27 through 32 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
python3-elasticsearch-7.8.1-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-elasticsearch-7.8.1-1.el7.x86_64.rpm, python3-elasticsearch-7.8.1-1.{fc31,fc32,el8}.x86_64.rpm, and python2-elasticsearch-7.8.1-1.el6.{i686,x86_64}.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
fmem-kernel-modules-fc32-x86_64-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.10-201 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.10-201 for FC32
fmem-kernel-modules-el8-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-193.14.2 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-193.14.2 for EL8

July 24, 2020: The following changes have been made:

plaso-20200717-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200717-1.{fc31,fc32,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
docker-forensics-toolkit-0.2.0-2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and docker-forensics-toolkit-0.2.0-1.{fc31,fc32,el7,el8}.x86_64.rpm - Docker Forensics Toolkit is a toolkit for performing post-mortem analysis of Docker runtime environments based on forensic HDD copies of the docker host system. See this page for usage instructions. This version fixes a packaging problem.
libfwnt{,-devel,-python2,-python3}-20200723-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20200723-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20200723-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20200723-1.{fc31,fc32,el8}.x86_64.rpm - LibFWNT is a library for Windows NT data types.
libscca{,-devel,-python2,-python3,-tools}-20200717-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20200717-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20200717-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20200717-1.{fc31,fc32,el8}.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
libolecf{,-devel,-python2,-python3}-20200724-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2}-20200724-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36}-20200724-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3}-20200724-1.{fc31,fc32,el8}.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
bellsoft-java8-1.8.0.262-1+10.{i586,x86_64}-full.rpm - Bellsoft Java was installed for Fedora 27 through 32 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
fmem-kernel-modules-fc32-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.9-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.9-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.9-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.9-100 for FC31

July 17, 2020: The following changes have been made:

libmsiecf{,-devel,-python2,-python3}-20200710-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2}-20200710-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36}-20200710-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3}-20200710-1.{fc31,fc32,el8}.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
perl-Parse-Win32Registry-1.0-3.{fc27,fc28,fc29,fc30,fc31,fc32,el7,el8}.noarch.rpm - perl-Parse-Win32Registry is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API. It provides an object-oriented interface to the keys and values in a registry file. Registry files are structured as trees of keys, with each key containing further subkeys or values. The module is intended to be cross-platform, and run on those platforms where Perl will run. It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition). It is intended to be used to parse offline registry files. If a registry file is currently in use, you will not be able to open it. However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
This version corrected a packaging error in the previous release.
regripper-30000000-2.{fc27,fc28,fc29,fc30,fc31,fc32,el7,el8}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool. This package is contains version 3.0 of the regripper tool. The plugins are packaged separately. This version is based on the May 28, 2020 version of the code, also known as RegRipper 3.0.
This version contains a patch that correctly finds the pluginsfolder.
libevt{,-devel,-python2,-python3}-20200715-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200715-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200715-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200715-1.{fc31,fc32,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
pfring-7.6.0-3095.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3095.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2657.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.8-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.8-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.8-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.8-100 for FC31
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.67.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.31.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-67.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.31.1 for EL6

July 10, 2020: The following changes have been made:

liblnk{,-devel,-python2,-python3}-20200709-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2}-20200709-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36}-20200709-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3}-20200709-1.{fc31,fc32,el8}.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libevt{,-devel,-python2,-python3}-20200708-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200708-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200708-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200708-1.{fc31,fc32,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,-devel,-python2,-python3}-20200709-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20200709-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20200709-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20200709-1.{fc31,fc32,el8}.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
pfring-7.6.0-3060.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3060.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2605.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.7-200 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.7-200 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.7-100 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.7-100 for FC31

July 3, 2020: The following changes have been made:

libfsntfs{,-devel,-python3}-20200627-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200627-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200627-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200627-1.{fc31,fc32,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python3-idna-2.10-1.{fc27,fc28,el8}.noarch.rpm and python36-idna-2.10-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
python3-dfdatetime-20200613-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-dfdatetime-20200613-1.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python3-dtfabric-20200621-2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dtfabric-20200621-2.el7.x86_64.rpm, and python3-dtfabric-20200621-2.{fc31,fc32,el8}.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
python2-yara-4.0.2-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.2-1.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
python2-coverage-4.5.1-4.fc32.x86_64.rpm - Python Coverage measures code coverage, typically during test execution. It uses the code analysis tools and tracing hooks provided in the Python standard library to determine which lines are executable, and which have been executed. This package was installed to support building python2-yara for Fedora 32.
python2-nose-1.3.7-24.fc32.noarch.rpm - Python Nose extends the test loading and running features of unittest, making it easier to write, find and run tests. This package was installed to support building python2-yara for Fedora 32.
docker-forensics-toolkit-0.2.0-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and docker-forensics-toolkit-0.2.0-1.{fc31,fc32,el7,el8}.x86_64.rpm - Docker Forensics Toolkit is a toolkit for performing post-mortem analysis of Docker runtime environments based on forensic HDD copies of the docker host system. See this page for usage instructions.
python3-dfvfs-20200625-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-dfvfs-20200625-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
python3-redis-3.5-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-redis-3.5-1.el7.noarch.rpm - Redis is a Python interface to the Redis key-value store.
plaso-20200630-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200630-1.{fc31,fc32,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Details of this update are available here.
pfring-7.6.0-3059.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3059.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2599.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.7.6-201 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 5.7.6-201 for FC32

June 26, 2020: The following changes have been made:

python{2,3}-certifi-2020.6.20-1.{fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python{2,36}-certifi-2020.6.20-1.el7.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
python3-bencode-4.0.0-1.{fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-bencode-4.0.0-1.el7.noarch.rpm - Bencode re-packages the existing bencoding and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency.
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.7-0.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.7-0.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.7-0.{fc31,fc32,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.7-0.{fc31,fc32,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
pfring-7.6.0-3052.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3052.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2544.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.19-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.19-300 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.19-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.19-200 for FC31
fmem-kernel-modules-el7-x86_64-1.6-1.68.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1127.13.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-68.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1127.13.1 for EL7

June 19, 2020: The following changes have been made:

perl-Parse-Win32Registry-1.0-2.{fc27,fc28,fc29,fc30,fc31,fc32,el7,el8}.noarch.rpm - perl-Parse-Win32Registry is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API. It provides an object-oriented interface to the keys and values in a registry file. Registry files are structured as trees of keys, with each key containing further subkeys or values. The module is intended to be cross-platform, and run on those platforms where Perl will run. It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition). It is intended to be used to parse offline registry files. If a registry file is currently in use, you will not be able to open it. However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
This version was built with the new modules required for regripper Version 3.0.
regripper-30000000-1.{fc27,fc28,fc29,fc30,fc31,fc32,el7,el8}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool. This package is contains version 3.0 of the regripper tool. The plugins are packaged separately. This version is based on the May 28, 2020 version of the code, also known as RegRipper 3.0.
regripper-plugins-20200528-1.{fc27,fc28,fc29,fc20,fc31,fc32,el7,el8}.noarch.rpm - Regripper-plugins are the plugins packaged separately from the regripper application. This package is taken from the plugins directory at the Github source code site as of 2020-05-28.
python3-elasticsearch-7.8.0-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-elasticsearch-7.8.0-1.el7.x86_64.rpm, python3-elasticsearch-7.8.0-1.{fc31,fc32,el8}.x86_64.rpm, and python2-elasticsearch-7.8.0-1.el6.{i686,x86_64}.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python36-requests-2.24.0-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
pfring-7.6.0-3043.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3043.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2534.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.18-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.18-300 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.18-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.18-200 for FC31
fmem-kernel-modules-el8-x86_64-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-193.6.3 for EL8
- 4.18.0-193.1.2 for EL8
- 4.18.0-193 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-193.6.3 for EL8
- 4.18.0-193.1.2 for EL8
- 4.18.0-193 for EL8

June 12, 2020: The following changes have been made:

Volatility-2.6.1-4.{fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-4.{fc31,fc32,el7,el8}.x86_64.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6.1 that has been patched to June 8, 2020. You can read about this version here.
libfwnt{,-devel,-python2,-python3}-20200605-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20200605-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20200605-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20200605-1.{fc31,fc32,el8}.x86_64.rpm - LibFWNT is a library for Windows NT data types.
pfring-7.6.0-3016.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3016.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2522.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.16-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.16-300 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.16-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.16-200 for FC31
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.66.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.30.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-66.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.30.2 for EL6

June 5, 2020: The following changes have been made:

veracrypt-1.24.6-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and veracrypt-1.24.6-1.{fc31,fc32,el7,el8}.x86_64.rpm - VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. based on TrueCrypt 7.1a.
pfring-7.6.0-3011.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3011.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2503.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.15-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.15-300 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.15-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.15-200 for FC31
fmem-kernel-modules-el7-x86_64-1.6-1.67.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1127.10.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-67.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1127.10.1 for EL7

May 29, 2020: The following changes have been made:

disktype-9-30.1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and disktype-9-30.1.{fc31,fc32,el7,el8}.x86_64.rpm - Disktype detects the content format of a disk or disk image. This version is based on the standard version with support for exfat, LUKS, f2fs, btrfs, and EXT 2, 3, and 4, all courtesy Erik Uitto formerly from the Silicon Valley Regional Computer Forensics Laboratory in Menlo Park, CA. This version was rebuilt to increment the release number to be higher (30.1) than the current version provided for either Fedora (30) or CentOS/RHEL (29).
python3-elasticsearch-7.7.1-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-elasticsearch-7.7.1-1.el7.x86_64.rpm, python3-elasticsearch-7.7.1-1.{fc31,fc32,el8}.x86_64.rpm, and python2-elasticsearch-7.7.1-1.el6.{i686,x86_64}.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. Note that the Python 2 version is no longer provided except for CentOS/RHEL 6.
python3-bencode-3.0.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,fc32,el8}.noarch.rpm and python36-bencode-3.0.1-1.el7.noarch.rpm - Bencode re-packages the existing bencoding and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency.
pfring-7.6.0-3000.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-3000.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2477.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.14-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.14-300 for FC32
Fedora 26 - Updates to Fedora 26 for both the i686 and x86_64 CPU architectures has ceased.

May 22, 2020: The following changes have been made:

bellsoft-java8-1.8.0.252-1+9.{i586,x86_64}-full.rpm - Bellsoft Java was installed for Fedora 26 through 32 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux where this recommendation can be found.
Note that the previous version of BellSoft's Java that was installed as part of autopsy can be removed with:
sudo yum erase bellsoft-java8 -y
autopsy-4.15.0-6.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-6.{fc31,fc32,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Notes:
1. This version uses the aforementiontion version of Java 8 from Bellsoft.
2. This version was tested on Fedora 26 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
3. If you wish to run autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
  [ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp) sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini sudo systemctl stop xrdp
  sudo systemctl start xrdp
python3-artifacts-20200515-1.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20200515-1.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python36-artifacts-20200515-1.el7.x86_64.rpm, artifacts-data-20200515-1.el7.x86_64.rpm - python3-artifacts-20200515-1.{fc31,fc32,el8}.x86_64.rpm, artifacts-data-20200515-1.{fc31,fc32,el8}.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
python2-yara-4.0.1-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.1-1.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
pfring-7.6.0-2990.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2990.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2473.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.13-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.13-300 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.13-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.13-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.13-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.13-100 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.66.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1127.8.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-66.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1127.8.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.65.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.29.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-65.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.29.2 for EL6

May 15, 2020: The following changes have been made:

plaso-20200430-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200430-1.{fc31,fc32,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
sevenzipjbinding-16.02_2.01-1.el7.x86_64.rpm - 7-Zip Bindings is a java wrapper for 7-Zip C++ library. It allows extraction of many archive formats using a very fast native library directly from java through JNI.
This version was build for CentOS/RHEL 7 due to a compiler inconsistency with the version provided with Autopsy 4.15.0.
autopsy-4.15.0-5.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-5.{fc31,fc32,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. This release fixes a problem with the 7 Zip ingest module on CentOS/RHEL 7. For all other releases for all other systems, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
apfs-fuse-20200429-1.{fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm and apfs-fuse-20200429-1.{fc31,fc32,el7,el8}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
pfring-7.6.0-2977.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2977.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2448.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc32-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.12-300 for FC32
- 5.6.11-300 for FC32
lime-kernel-modules-fc32-x86_64-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.12-300 for FC32
- 5.6.11-300 for FC32
fmem-kernel-modules-fc31-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.11-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.11-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.11-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.11-100 for FC30

May 11, 2020: The following changes have been made:

autopsy-4.15.0-4.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-4.{fc31,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. This release reverts back to the JDK that comes with the OS and away from BellSoft. It also fixed a problem with the CentOS/RHEL version.

May 10, 2020: The following changes have been made:

autopsy-4.15.0-3.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-3.{fc31,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. This release reverts back to the JDK that comes with the OS and away from BellSoft.

May 8, 2020: The following changes have been made:

guymager-0.8.12-1.{fc26,fc27,fc28.fc29,fc30}.{i686,x86_64}.rpm and guymager-0.8.12-1.{fc31,el7,el8}.x86_64.rpm - Guymager is a forensic imaging package. See here for the list of changes.
hachoir-3.1.2-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm - Hachoir is a Python library to view and edit a binary stream field by field. In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files. A file is splitted in a tree of fields, where the smallest field is just one bit. Examples of fields types: integers, strings, bits, padding types, floats, etc. Hachoir is the French word for a meat grinder (meat mincer), which is used by butchers to divide meat into long tubes; Hachoir is used by computer butchers to divide binary files into fields.
Notes:
1. In this version, these tools are all available: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-urwid, and hachoir-wx. As such, the previous packages where these tools were packaged separately are obsoleted.
2. For CentOS/RHEL 8, the hachoir-wx program is not available due to a lack of the Python 3 version of wx.
CERT-Forensics-Tools-1.0-90.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-90.{fc31,el7,el8}.x86_64.rpm - This relese does the following:
- Added hachoir for Fedora and CentOS/RHEL 7 and 8.
sleuthkit{,-devel,-libs}-4.9.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.9.0-1.1.{fc31,el7,el8}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
bellsoft-jdk8u252+9-linux-{i586,amd64}.rpm - Bellsoft Java was installed for Fedora 26 through 32 and CentOS/RHEL 7 and 8. Bellsoft Java 8 is the recommended version of Java for Autopsy. See these instructions for installing Autopsy on Linux.
autopsy-4.15.0-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-2.{fc31,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
ghidra-9.1.2-PUBLIC_20200212.2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1.2-PUBLIC_20200212.2{fc26,fc31,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here. This release repairs some incorrect file permissions and properly references various other files within the Ghidra hierarchy.
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.5-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.5-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.5-0.{fc31,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.5-0.{fc31,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
rifiuti2-0.7.0-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-4.{fc31,el7,el8}.x86_64.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file. This package was updated to avoid a conflict with the rifiuti package.
libfsntfs{,-devel,-python3}-20200506-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200506-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200506-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200506-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python2-colorama-0.4.1-2.{fc30,fc31,fc32,el8}.noarch.rpm - Python-Colorama is a Python library that makes ANSI escape character sequences (for producing colored terminal text and cursor positioning) work under MS Windows. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
umit-1.0-17.1.{fc32,el8}.noarch.rpm - Umit is a front-end for nmap. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
python{2,3}-m2crypto-0.35.2-3.1.{fc32,el8}.x86_64.rpm - M2Crypto is a Python library that allows you to call OpenSSL functions from Python 2 and 3 scripts. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
python-netaddr-0.7.19-18.1.fc32.x86_64 - python-netaddr is a pure Python network address representation and manipulation library. Python-netaddr provides a Pythonic way of working with: This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
python2-enum34-1.1.6-10.1.fc32.noarch.rpm - python-enum34 is the Python 3.4 version of enum backported to Python 2, in this case. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
python2-yara-3.11.0-4.{fc30,el6}.{i386,x86_64}.rpm and python2-yara-3.11.0-4.x86_64.{fc31,fc32,el8}.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts. This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
pfring-7.6.0-2963.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2963.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2431.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-1.6-1.19.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 32 x86_64 architecture was added.
lime-kernel-modules-1.1.r17-19.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 32 x86_64 architecture was added.
fmem-kernel-modules-fc31-x86_64-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.8-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.8-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.8-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.8-100 for FC30

Fedora 32 - The repository now supports Fedora 32 for the x86_64 CPU architecture. Here is the list of tools provided for Fedora 32:

2hash
acr
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
biplist
bulk_extractor
CERT-Forensics-Tools
cert-forensics-tools-release
certifi
colorama
construct
crunch
cryptcat
daq
dcp
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
distorm3
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
fuse-python

galleta
ghidra
ghostpdl
grokevt
guymager
hachoir
jafat
KHracker
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwps
libfwsi
libguytools
libhibr
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi

libqcow
libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
m2crypto
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
packetexaminer
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pycoin
pyfixbuf
python2-netaddr
python-crypto
python-enum34
python-registry
python-sqlite3dbm

python-unicodecsv
python-yara
pytsk3
qtmltfs
rar
reglookup
regripper
regripper-plugins
rekall-forensics
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
stegdetect
super_mediator
tln_tools
umit
unrar
untex
videosnarf
vinetto
vmfs6-tools
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xplico
xva-img
yaf
zeek

May 1, 2020: The following changes have been made:

qtmltfs-2.4.0.2-1.{fc28,fc29,fc30}.{i686,x86_64}.rpm and qtmltfs-2.4.0.2-1.{fc31,el7,el8}.x86_64.rpm - QTMLTFS (Quantum Linear Tape File System) enables standard file operations on LTO-5 and LTO-6 tape media.
libfsntfs{,-devel,-python3}-20200428-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200428-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200428-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200428-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python3-dfvfs-20200429-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200429-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
libregf{,-devel,-python2,-python3}-20200429-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2}-20200429-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36}-20200429-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3}-20200429-1.{fc31,el8}.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
python3-dfdatetime-20200501-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfdatetime-20200501-1.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
pfring-7.6.0-2934.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2934.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2425.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-common-1.6-1.6.noarch.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This package contains the source code for making the FMEM kernel modules and the install-fmem script. The changes are the following:
- Fmem code up was updated to provide support for Linux 5.6 kernels.
fmem-kernel-modules-fc31-x86_64-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.6.7-200 for FC31
- 5.6.6-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.6.7-200 for FC31
- 5.6.6-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.7-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.7-100 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.65.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1127 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-65.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1127 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.64.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.29.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-64.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.29.1 for EL6

April 24, 2020: The following changes have been made:

libesedb{,-devel,-python2,-python3}-20200418-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2}-20200418-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36}-20200418-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3}-20200418-1.{fc31,el8}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
libevt{,-devel,-python2,-python3}-20200418-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200418-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200418-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200418-1.{fc31,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,-devel,-python2,-python3}-20200419-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20200419-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20200419-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20200419-1.{fc31,el8}.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libfsntfs{,-devel,-python3}-20200416-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200416-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200416-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200416-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
pfring-7.6.0-2926.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2926.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2411.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.17-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.17-200 for FC31

April 17, 2020: The following changes have been made:

daq{,-devel,-modules}-2.0.7-10.1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.7-10.1.{fc31,el7,el8}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort. This release differs from daq provided by Fedora and EPEL because it contains the static libraries required by snort.
snort-2.9.16-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.16-1.{fc31,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
snort-sample-rules-2.9.16-1.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.1.16-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.16-1.{fc31,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
bulk_extractor-1.6.0-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-2.{fc31,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This version fixes many issues. In addition, it also contains the BEViewer GUI front-end for bulk_extractor. This version was rebuilt to add SQLite and LibXML build dependencies.
libewf-experimental{,-devel,-tools,-python3,-tools}-20200405-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf-experimental{,-devel,-tools,-python2,-tools}-20200405-1.el6.{i686,x86_64}.rpm, libewf-experimental{,-devel,-tools,-python36,-tools}-20200405-1.el7.x86_64.rpm, and libewf-experimental{,-devel,-tools,-python3,-tools}-20200405-1.{fc31,el8}.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 6 and 7:
sudo yum-config-manager --enable forensics-test
python{2,36}-psutil-5.7.0-2.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python. Note that the Python 2 version is now provided and the Python 3 version no longer obsoletes the Python 2 version.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-1.{fc31,el7,el8}.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version. Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28. This release contains those fixes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-2.{fc31,el6,el7,el8}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28. This release contains those fixes.
analysis-pipeline-5.11.3-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-4.{fc31,el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.19.0 release 3.
prism-1.2-9.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-9.{fc31,el7,el8}.x86_64.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This package was rebuilt to use silk 3.19.0.
super_mediator-1.7.1-3.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-3.{fc31,el7,el8}.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use silk 3.19.0.
libfsapfs{,-devel,-python2,-python3}-20200416-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20200416-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20200416-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20200416-1.{fc31,el8}.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
pfring-7.6.0-2903.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2903.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2375.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.16-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.16-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.16-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.16-100 for FC30
fmem-kernel-modules-el8-x86_64-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-147.8.1 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-147.8.1 for EL8

April 10, 2020: The following changes have been made:

python{2,3}-certifi-2020.4.5.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python{2,36}-certifi-2020.4.5.1-1.el7.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
python{2,3}-pyparsing-2.4.7-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm, python{2,36}-pyparsing-2.4.7-1.el7.noarch.rpm, and pyparsing-doc-2.4.7-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
bulk_extractor-1.6.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-1.{fc31,el7,el8}.x86_64.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This version fixes many issues. In addition, it also contains the BEViewer GUI front-end for bulk_extractor.
CERT-Forensics-Tools-1.0-89.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-89.{fc31,el7,el8}.x86_64.rpm - This relese does the following:
- Added bulk_extractor
Volatility-community-plugins-20190729-5.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. This package was updated to reflect the removal of the python-dpapick dependency for Fedora 31. No changes were made for any of the other provided systems.
python2-dpapick-0.3-1.fc31.noarch.rpm - Python-DPAPick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API). This package was removed from the Fedora 31 repository for the x86_64 architecture.
python-CFPropertyList-0.0.1-1.fc31.x86_64.rpm - Python-CFPropertyList is a Python toolkit to that contains classes to read binary property list files as defined by Apple. This package was removed from the Fedora 31 repository for the x86_64 architecture.
python-registry-1.2.0-1.fc31.x86_64.rpm - Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE. This package was removed from the Fedora 31 repository for the x86_64 architecture.
python-unicodecsv-0.14.0-1.fc31.x86_64.rpm - Python-unicodecsv is a drop-in replacement for Python 2.7’s csv module which supports unicode strings without a hassle. This package was removed from the Fedora 31 repository for the x86_64 architecture.
pfring-7.6.0-2900.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2900.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2358.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.15-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.15-200 for FC31
fmem-kernel-modules-el8-x86_64-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-147.5.1 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-147.5.1 for EL8

April 3, 2020: The following changes have been made:

cert-forensics-tools-release-{6,7,8,26,27,28,29,30,31}-15.noarch.rpm - cert-forensics-tools-release is the package that connects a Fedora- and CentOS/RHEL-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR). This package has been changed to include a new Forensics team key which is also available here.
pfring-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-7.6.0-2888.el8.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-dkms-7.6.0-2888.el8.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2351.{el6,el7}.x86_64.rpm and ndpi-3.2.0-2340.el8.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm - This package has been changed to include a new Forensics team key which is also available here.
pfring-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-7.6.0-2888.el8.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-dkms-7.6.0-2888.el8.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2351.{el6,el7}.x86_64.rpm and ndpi-3.2.0-2340.el8.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31

March 27, 2020: The following changes have been made:

python{2,3}-elasticsearch-7.6.0-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.6.0-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.6.0-1.{fc31,el8}.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python3-zmq{,-tests}-19.0.0-el8.x86_64.rpm - ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python. For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
pfring-7.6.0-2887.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2887.{el6,el7,el8}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2340.{el6,el7,el8}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
yaf{,-devel}-2.11.0-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-4.{fc31,el7,el8}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
snort-2.9.15.1-2.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15.1-2.{fc31,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
snort-openappid-2.9.1.15-2.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15.1-2.{fc31,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
fmem-kernel-modules-fc31-x86_64-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.10-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.10-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.10-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.10-100 for FC30

March 21, 2020: The following changes have been made:

ddrescue-1.25-1.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. See here for the changes since the last version (1.24) released to this repository.
cutter-1.10.1-1.fc30.{i686,x86_64}.rpm and cutter-1.10.1-1.fc31.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. These packages have been removed from the repository because they are now provided by Fedora by a package named cutter-re
cutter-1.10.1-1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-1.10.1-1.{el7,el8}.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. These packages have been removed from the repository because they are now provided by a package named cutter-re to be consistent with the packages provided by Fedora.
cutter-re-1.7.3-2.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-re-1.7.3-1.{el7,mel8}.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. This version of cutter is based on the code dated 2019-01-15 which was built to embed radare2 version 2.6.0 in it. This release provides the same files as cutter-1.7.3-1 except that the package is renamed to be consistent with the packages provided by Fedora.
CERT-Forensics-Tools-1.0-88.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-88.{fc31,el7,el8}.x86_64.rpm - This relese does the following:
- Obsoletes cutter.
- Added cutter-re.
aeskeyfind-1.0-3.{fc31,el7,el8}.x86_64.rpm and aeskeyfind-1.0-3.fc30.{i686,x86_64}.rpm - Aeskeyfind illustrates automatic techniques for locating 128-bit and 256-bit AES keys in a captured memory image. This package has been removed form the repository because it is now provided by Fedora.
fmem-kernel-modules-fc31-x86_64-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.9-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.9-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.9-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.9-100 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.64.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1062.18.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-64.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1062.18.1 for EL7

March 13, 2020: The following changes have been made:

pfring-7.6.0-2867.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2867.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2314.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
pfring-7.6.0-2867.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2867.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2314.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.8-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.8-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.8-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.8-100 for FC30
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.63.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.28.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-63.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.28.1 for EL6

March 4, 2020: The following changes have been made:

python3-dfvfs-20200211-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200211-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
plaso-20200227-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200227-1.{fc31,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
pfring-7.6.0-2853.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2853.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.7-200 for FC31
- 5.5.6-201 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.7-200 for FC31
- 5.5.6-201 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.7-100 for FC30
- 5.5.6-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.7-100 for FC30
- 5.5.6-100 for FC30

February 28, 2020: The following changes have been made:

libfsntfs{,-devel,-python3}-20200223-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200223-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200223-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200223-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
python3-xlsxwriter-1.2.8-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python36-xlsxwriter-1.2.8-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. Note that the Python 2 version is no longer provided.
python{2,3}-future-0.18.2-1.{fc31,el8}.noarch.rpm - Python-Future is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead. This package was built to support the packaging of Python-PEFile which in turn is needed to support the packaging of Volatility-community-plugins.
python3-idna-2.9-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.10-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
python36-psutil-5.7.0-1.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python. Note that the Python 2 version is no longer provided.
python{2,3}-requests-2.23.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.23.0-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc31,el7,el8}.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version. Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28. This release contains those fixes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc31,el6,el7,el8}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28. This release contains those fixes.
analysis-pipeline-5.11.3-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-3.{fc31,el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.19.0 release 3.
prism-1.2-8.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-8.{fc31,el7,el8}.x86_64.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This package was rebuilt to use silk 3.19.0.
super_mediator-1.7.1-2.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-2.{fc31,el7,el8}.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use silk 3.19.0.
fmem-kernel-modules-common-1.6-1.5.noarch.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This package contains the source code for making the FMEM kernel modules and the install-fmem script. The changes are the following:
- Fmem code up to date as of February 28, 2020 which incorporates changes for Linux 5.5 kernels.
pfring-7.6.0-2852.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2852.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.5.5-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 5.5.5-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.21-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.21-100 for FC30

February 21, 2020: The following changes have been made:

cutter-1.10.1-1.fc30.{i686,x86_64}.rpm and cutter-1.10.1-1.fc31.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Note that this release is only available for Fedora 30 and 31 because it relies on Qt version 5.12.
ghidra-9.1.2-PUBLIC_20200212.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1.2-PUBLIC_20200212.1.{fc26,fc31,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
pfring-7.6.0-2845.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.6.
pfring-dkms-7.6.0-2845.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.2.0-2284.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.20-200 for FC31
- 5.4.19-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.20-200 for FC31
- 5.4.19-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.19-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.19-100 for FC30

February 17, 2020: The following changes have been made:

Volatility-community-plugins-20190729-4.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. This package was updated to reflect the removal of python2-simplejson from EPEL for CentOS/RHEL 8. No changes were made for any of the other provided systems.

February 14, 2020: The following changes have been made:

python3-artifacts-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python36-artifacts-20200118-2.el7.x86_64.rpm, artifacts-data-20200118-2.el7.x86_64.rpm, python3-artifacts-20200118-2.{fc31,el8}.x86_64.rpm, artifacts-data-20200118-2.{fc31,el8}.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools. Note that the Python 2 version is no longer provided.
python{2,3}-cffi-1.14.0-1.el8.x86_64.rpm and cffi-doc-1.14.0-1.el8.noarch.rpm - Python-CFFI is a C Foreign Function Interface for Python. Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
python3-dfdatetime-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfdatetime-20200121-2.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision. Note that the Python 2 version is no longer provided.
python3-dfvfs-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200121-2.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. Note that the Python 2 version is no longer provided.
python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. Note that the Python 2 version is no longer provided.
python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. Note that the Python 2 version is no longer provided.
python3-dtfabric-20200119-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dtfabric-20200119-2.el7.x86_64.rpm, and python3-dtfabric-20200119-2.{fc31,el8}.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects. Note that the Python 2 version is no longer provided.
libfsntfs{,-devel,-python3}-20200201-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200201-2.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200201-2.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200201-2.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). Note that the Python 2 version is no longer provided.
zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc31,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.1-0.{fc31,el7,el8}.x86_64.rpm - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin [[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
python{2,3}-elasticsearch-7.5.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.5.1-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.5.1-1.{fc31,el8}.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
libluksde{,-devel,-python3,-tools}-20200205-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200205-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python36,-tools}-20200205-1.el7.x86_64.rpm, and libluksde{,-devel,-python3,-tools}-20200205-1.{fc31,el8}.x86_64.rpm - Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes. Note that the Python 2 version is only provided for CentOS/RHEL 6.
libsmdev{,-devel,-python3}-20200210-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20200210-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python36}-20200210-1.el7.x86_64.rpm, and libsmdev{,-devel,-python3}-20200210-1.{fc31,el8}.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. Note that the Python 2 version is only provided for CentOS/RHEL 6.
python36-lz4-3.0.2-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library. Note that the Python 2 version is no longer provided.
sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc31,el7}.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Note that CentOS/RHEL 6 is no longer being udpated.
autopsy-4.14.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.14.0-1.{fc31,el7,el8}.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora. However, for CentOS/RHEL 7 and 8,the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories. In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers. Further, note that CentOS/RHEL 6 is no longer being udpated.
python3-pytsk3-20200117-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-pytsk3-20200117-1.el7.x86_64.rpm, and python3-pytsk3-20200117-1.{fc31,el8}.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
python3-idna-2.8-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.8-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
python{2,3}-requests-2.22.0-3.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-3.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
plaso-20200121-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200121-1.{fc31,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
CERT-Forensics-Tools-1.0-87.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-87.{fc31,el7,el8}.x86_64.rpm - The registerydecoder package was removed due to its dependence on Python 2.
pfring-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module. Here is the announcement of PF_Ring 7.4.
pfring-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2242.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.63.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1062.12.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-63.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1062.12.1 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.62.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.27.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-62.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.27.1 for EL6

January 17, 2020: The following changes have been made:

fmem-kernel-modules-fc31-x86_64-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.10-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.10-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.10-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.10-100 for FC30
fmem-kernel-modules-el8-x86_64-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-147.3.1 for EL8
- 4.18.0-147.0.3 for EL8
- 4.18.0-147 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-147.3.1 for EL8
- 4.18.0-147.0.3 for EL8
- 4.18.0-147 for EL8

January 10, 2020: The following changes have been made:

snort-2.9.15.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15.1-1.{fc31,el7,el8}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
snort-sample-rules-2.9.15.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.1.15-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15.1-1.{fc31,el7,el8}.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
pfring-7.4.0-2804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2155.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
fmem-kernel-modules-fc31-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.8-200 for FC31
- 5.4.7-200 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.8-200 for FC31
- 5.4.7-200 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.4.7-100 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 5.4.7-100 for FC30

January 3, 2020: The following changes have been made:

libluksde{,-devel,-python2,-python3,-tools}-20200101-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200101-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-python36,-tools}-20200101-1.el7.x86_64.rpm, and libluksde{,-devel,-python2,-python3,-tools}-20200101-1.{fc31,el8}.x86_64.rpm - Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
libvslvm{,-devel,-python2,-python3}-20200102-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2}-20200102-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20200102-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20200102-1.{fc31,el8}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.

December 27, 2019: The following changes have been made:

libbde{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libbde{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libbde{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
libesedb{,-devel,-python2,-python3}-20192120-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2}-20192120-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36}-20192120-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3}-20192120-1.{fc31,el8}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
libevt{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libexe{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libexe{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libexe{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libexe{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format.
libfsapfs{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
libfsntfs{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libfvde{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfvde{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
libfwnt{,-devel,-python2,-python3}-20191222-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191222-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191222-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191222-1.{fc31,el8}.x86_64.rpm - LibFWNT is a library for Windows NT data types.
libfwps{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwps{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfwps{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfwps{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - LibFWPS is a library for Windows Property Store data types.
libfwsi{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
liblnk{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libmsiecf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libolecf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
libqcow{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libregf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
libsigscan{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsigscan{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning.
libsmdev{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
libsmraw{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsmraw{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libvhdi{,-devel,-python2,-python3,-tools}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20191221-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20191221-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20191221-1.{fc31,el8}.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libvshadow{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvshadow{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
libvslvm{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
libwrc{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libwrc{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libwrc{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libwrc{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
plaso-20191203-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20191203-1.{fc31,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
python{2,3}-xlsxwriter-1.2.7-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python{2,36}-xlsxwriter-1.2.7-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
libscca{,-devel,-python2,-python3,-tools}-20191222-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20191222-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20191222-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20191222-1.{fc31,el8}.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
python{2,3}-pyparsing-2.4.6-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm, python{2,36}-pyparsing-2.4.6-1.el7.noarch.rpm, and pyparsing-doc-2.4.6-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
pfring-7.4.0-2795.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2795.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2144.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.61.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.25.3 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-61.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.25.3 for EL6

December 20, 2019: The following changes have been made:

libfwnt{,-devel,-python2,-python3}-20191219-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191219-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191219-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191219-1.{fc31,el8}.x86_64.rpm - LibFWNT, is a library for Windows NT data types.
libfsntfs{,-devel,-python2,-python3,-tools}-20191218-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20191218-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36,-tools}-20191218-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20191218-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
fmem-kernel-modules-fc31-x86_64-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.16-300 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.16-300 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.16-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.16-200 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.62.noarch.rpm - Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1062.9.1 for EL7
- 3.10.0-1062.7.1 for EL7
- 3.10.0-1062.4.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-62.noarch.rpm - Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1062.9.1 for EL7
- 3.10.0-1062.7.1 for EL7
- 3.10.0-1062.4.2 for EL7

December 12, 2019: The following changes have been made:

liblnk{,-devel,-python2,-python3,-tools}-20191209-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191209-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191209-1.el7.x86_64.rpm, liblnk{,-devel,-python2,-python3,-tools}-20191209-1.{fc31,el8}.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
pfring-7.4.0-2780.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2780.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2120.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc31-x86_64-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.15-300 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.15-300 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.15-200 for FC30
- 5.3.14-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.15-200 for FC30
- 5.3.14-200 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.61.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-1062.9.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-61.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-1062.9.1 for EL7

December 7, 2019: The following changes have been made:

pfring-7.4.0-2774.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2774.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2104.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.

December 6, 2019: The following changes have been made:

certifi-2019.11.28-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
libfsntfs{,-devel,-python2,-python3,-tools}-20191201-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20191201-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36,-tools}-20191201-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20191201-1.{fc31,el8}.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
liblnk{,-devel,-python2,-python3,-tools}-20191203-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191203-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191203-1.el7.x86_64.rpm, liblnk{,-devel,-python2,-python3,-tools}-20191203-1.{fc31,el8}.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
fmem-kernel-modules-fc31-x86_64-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.14-300 for FC31
- 5.3.13-300 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.14-300 for FC31
- 5.3.13-300 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.13-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.13-200 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.60.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-1062.7.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-60.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-1062.7.1 for EL7
Fedora 25 - Updates to Fedora 25 for both the i686 and x86_64 CPU architectures has ceased.

November 27, 2019: The following changes have been made:

python{2,3}-psutil-5.6.7-1.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
pfring-7.4.0-2768.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2768.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2086.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc31-x86_64-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.12-300 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.12-300 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.12-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.12-200 for FC30

November 22, 2019: The following changes have been made:

python{2,3}-elasticsearch-7.1.0-1.i{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.1.0-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.1.0-1.{fc31,el8}.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python{2,3}-xlsxwriter-1.2.6-1.{fc26,fc27,fc28,fc29,fc30,el7,el8}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
python3-zmq{,-tests}-18.1.1-el8.x86_64.rpm and zmq{,-tests}-18.1.1-el8.x86_64.rpm - ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python. For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
python2-haystack-0.42-3.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
libffi{,-devel}-3.1-19.el8.x86_64.rpm - Libffi is a portable foreign function interface library. This package was built to support the packaging of python-cffi.
python{2,3}-ply-3.11-2.el8.noarch.rpm - Python-PLY is an implementation of lex and yacc parsing tools for Python. This package was built to support the packaging of Python-PYCParser.
python{2,3}-pycparser-2.14-18.el8.noarch.rpm - Python-PYCParser is a complete C99 parser in pure Python. This package was built to support the packaging of Python-CFFI.
python{2,3}-cffi-1.11.5-7.el8.x86_64.rpm and python-cffi-doc-1.11.5-7.el8.noarch.rpm - Python-CFFI is a C Foreign Function Interface for Python. Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation. This package was built to support the packaging of python-ssdeep.
python{2,3}-ssdeep-3.2-1.el8.x86_64.rpm - Python-SSDeep is a Python wrapper for SSDeep fuzzy hashing library. This package was built to support the packaging of Volatility-community-plugins.
python2-dpapick-0.3-1.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - Python-DPAPick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API). This package was built to support the packaging of Volatility-community-plugins.
python2-ioc_writer-0.3.3-1.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - Python-IOCWriter is a Python library that provides a limited CRUD for manipulating OpenIOC formatted Indicators of Compromise. This package was built to support the packaging of Volatility-community-plugins.
python2-pycoin-0.77-0.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm - Python-PYCoin is a Python library implements many of utilities useful when dealing with bitcoin and some bitcoin-like alt-coins. It has been tested with Python 2.7, 3.6 and 3.7. This package was built to support the packaging of Volatility-community-plugins.
python2-colorama-0.3.9-4.el8.noarch.rpm - Python-Colorama is a Python library that makes ANSI escape character sequences (for producing colored terminal text and cursor positioning) work under MS Windows. This package was built to support the packaging of Volatility-community-plugins.
python{2,3}-m2crypto-0.30.1-2.el8.x86_64.rpm - M2Crypto is a Python library that allows you to call OpenSSL functions from Python 2 and 3 scripts. This package was built to support the packaging of Python-Typing.
python2-typing-3.6.2-4.el8.noarch.rpm - Python-Typing is a Python library that defines a standard notation for type annotations. This package was built to support the packaging of Volatility-community-plugins.
python{2,3}-future-0.16.0-4.el8.noarch.rpm - Python-Future is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead. This package was built to support the packaging of Python-PEFile which in turn is needed to support the packaging of Volatility-community-plugins.
Volatility-community-plugins-20190729-3.el8.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. This packages was added to CentOS/RHEL 8.
python{2,3}-pyfixbuf-0.8.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python2-pyfixbuf-0.8.1-1.el6.{i686,x86_64}.rpm, python{2,36}-pyfixbuf-0.8.1-1.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
ghidra-9.1-PUBLIC_20191023.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1-PUBLIC_20191023.1.{fc25,fc26,fc31,el7,el8}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
python{2,3}-requests-2.22.0-2.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-2.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks. In this release, the dependencies for urllib3 were updated.
plaso-20190916-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190708-1.{fc31,el7,el8}.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.

November 15, 2019: The following changes have been made:

python{2,3}-xlsxwriter-1.2.5-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
python{2,3}-pyparsing-2.4.5-1.{fc26,fc27,fc28,fc29,el8}.noarch.rpm, python2-pyparsing-2.4.4-1.el6.noarch.rpm, and pyparsing-doc-2.4.4-1.{fc26,fc27,fc28,fc29,el6,el8}.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
libesedb{,-devel,-python2,-python3,-tools}-20191111-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20191111-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36,-tools}-20191111-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3,-tools}-20191111-1.el8.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
libsmdev{,-devel,-python2,-python3,-tools}-20191112-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20191112-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36,-tools}-20191112-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20191112-1.el8.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
pfring-7.4.0-2751.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2751.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2057.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc31-x86_64-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.11-300 for FC31
- 5.3.9-300 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.11-300 for FC31
- 5.3.9-300 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.11-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.11-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.11-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.11-100 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.59.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-1062.4.3 for EL7
- 3.10.0-1062.4.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-59.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-1062.4.3 for EL7
- 3.10.0-1062.4.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.60.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.23.3 for EL6
- 2.6.32-754.23.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-60.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.23.3 for EL6
- 2.6.32-754.23.2 for EL6

November 8, 2019: The following changes have been made:

daq{,-devel,-modules}-2.0.6-8.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.6-8.1.{el7,el8}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort.
libregf{,-devel,-python2,-python3,-tools}-20191102-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2,-tools}-20191102-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36-tools}-20191102-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3-tools}-20191102-1.el8.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
libsmdev{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
libsmraw{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libsmraw{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libvshadow{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libvshadow{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
libqcow{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libfsapfs{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
libfvde{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-python36,-tools}-20191104-1.el7.6_64.rpm, and libfvde{,-devel,-python2,-python3,-tools}-20191104-1.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
libfwnt{,-devel,-python2,-python3}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191104-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191104-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191104-1.el8.x86_64.rpm - LibFWNT, is a library for Windows NT data types.
libmsiecf{,-devel,-python2,-python3,-tools}-29101104-1.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-29101104-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36,-tools}-29101104-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3,-tools}-29101104-1.el8.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libolecf{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
libscca{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
libvhdi{,-devel,-python2,-python3,-tools}-20191104-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libbde{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, , libbde{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libbde{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
libevt{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36,-tools}-20191104-5.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3,-tools}-20191104-5.el8.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_65.rpm, and libevtx{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_65.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libvslvm{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
Volatility-community-plugins-20190729-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. This package was updated to change dependencies.
python2-haystack-0.42-2.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm - Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
rifiuti2-0.7.0-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-3.el7.x86_64.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file. This package was updated to avoid a conflict with the rifiuti package.
python{2,3}-pyparsing-2.4.4-1.{fc26,fc27,fc28,fc29,el8}.noarch.rpm, python2-pyparsing-2.4.4-1.el6.noarch.rpm, and pyparsing-doc-2.4.4-1.{fc26,fc27,fc28,fc29,el6,el8}.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
python{2,3}-psutil-5.6.5-1.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
python{2,3}-xlsxwriter-1.2.3-1.{fc26,fc27,fc28,fc29,fc30,el7,el8}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
pfring-7.4.0-2741.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2741.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2048.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc31-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.8-300 for FC31
lime-kernel-modules-fc31-x86_64-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.8-300 for FC31
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.8-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.8-200 for FC30
fmem-kernel-modules-1.6-1.18.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 31 x86_64 architecture was added.
lime-kernel-modules-1.1.r17-18.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 31 x86_64 architecture was added.

Fedora 31 - The repository now supports Fedora 31 for the x86_64 CPU architecture. Here is the list of tools provided for Fedora 31:

2hash
acr
aeskeyfind
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
biplist
bro
CERT-Forensics-Tools
cert-forensics-tools-release
certifi
colorama
construct
crunch
cryptcat
cutter
daq
dc3dd
dcp
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
distorm3
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
future

galleta
ghidra
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
haystack
jafat
KHracker
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libipa
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2

libodraw
libolecf
libpff
libphdi
libqcow
libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
packetexaminer
pasco
pefile
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyfixbuf
python-CFPropertyList
python-dpapick
python-ioc_writer
python-ptrace
python-pycoin

python-registry
python-sqlite3dbm
python-ssdeep
python-unicodecsv
python-yara
pytsk3
qtmltfs
rar
registrydecoder
reglookup
regripper
regripper-plugins
rekall-forensics
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
stegdetect
super_mediator
tln_tools
unrar
untex
videosnarf
vinetto
vmfs6-tools
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xlsxwriter
xplico
xva-img
yaf

November 1, 2019: The following changes have been made:

silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{el7,el8}.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
libipa{,-devel,python}-0.5.2-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libipa{,-devel,python}-0.5.2-3.{el6,el7,el8}.x86_64.rpm - LibIPA an IP address annotation system. IPA provides a flexible and efficient repository of IP address information, tools for querying and maintaining the data, and shared libraries and modules for data access. For more information, read the IPA documentation. Note: this release provides no new functionality. This package was rebuild to change the name from ipa to libipa to address a conflict with CentOS/RHEL 8.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{el6,el7,el8}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.11.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-2.{el7,el8}.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.19.0.
prism-1.2-7.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-7.{el7,el8}.x86_64.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This package was rebuilt to use silk 3.19.0.
super_mediator-1.7.1-1.{fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-1.{el7,el8}.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. See here for a list of changes in this version.
libfwsi{,-devel,-python2,-python3}-20191025-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191025-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191025-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python36}-20191025-1.el8.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
liblnk{,-devel,-python2,-python3,-tools}-20191027-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191027-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el8.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
python{2,3}-yara-3.11.0-1.{i386,x86_64}.fc30.rpm, python2-yara-3.11.0-1.{i386,x86_64}.el6.rpm, and python{2,3}-yara-3.11.0-1.x86_64.el8.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
libregf{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20191029-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36-tools}-20191029-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
libscca{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libscca{,-devel,-python2,-python36,-tools}-20191029-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
pfring-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2011.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.7-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.7-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.6-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.6-100 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.58.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-1062.4.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-58.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-1062.4.1 for EL7

October 25, 2019: The following changes have been made:

fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.18.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-18.noarch.rpm - Modules for the following kernels were rebuilt to use the latest version of LiME:

5.3.6-200
5.3.5-200
5.2.18-200
5.2.17-200 5.2.16-200
5.2.15-200
5.2.14-200
5.2.13-200 5.2.11-200
5.2.9-200
5.2.8-200
5.2.7-200 5.2.6-200
5.2.5-200
5.1.20-300
5.1.19-300 5.1.18-300
5.1.17-300
5.1.16-300
5.1.15-300 5.1.12-300
5.1.11-300
5.1.9-300
5.1.8-300 5.1.7-300
5.1.6-300
5.1.5-300
5.0.17-300 5.0.16-300
5.0.14-300
5.0.13-300
5.0.11-300 5.0.10-300
5.0.9-301

fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.35.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:

5.2.7-100
5.2.18-100
5.2.17-100
5.2.11-100
5.1.9-200
5.1.8-200 5.1.6-200
5.1.21-200
5.1.20-200
5.1.18-200
5.1.16-200
5.1.15-200 5.1.11-200
5.0.9-200
5.0.8-200
5.0.7-200
5.0.6-200
5.0.5-200 5.0.4-200
5.0.3-200
5.0.19-200
5.0.17-200
5.0.16-200
5.0.14-200 5.0.13-200
5.0.11-200
5.0.10-200
4.20.8-200
4.20.7-200
4.20.6-200 4.20.5-200
4.20.4-200
4.20.3-200
4.20.16-200
4.20.15-200
4.20.14-200 4.20.13-200
4.20.12-200
4.20.11-200
4.20.10-200
4.19.9-300
4.19.8-300 4.19.7-300
4.19.6-300
4.19.5-300
4.19.4-300
4.19.3-300
4.19.2-301 4.19.2-300
4.19.15-300
4.19.14-300
4.19.13-300
4.19.12-301
4.19.10-300 4.18.18-300
4.18.17-300
4.18.16-300
4.18.14-300

fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.42.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:

5.0.9-100
5.0.8-100
5.0.7-100
5.0.6-100
5.0.5-100
5.0.16-100
5.0.13-100 5.0.11-100
4.20.8-100
4.20.7-100
4.20.6-100
4.20.5-100
4.20.4-100
4.20.17-100 4.20.16-100
4.20.15-100
4.20.14-100
4.20.11-100
4.19.8-200
4.19.7-200
4.19.6-200 4.19.5-200
4.19.4-200
4.19.3-200
4.19.2-200
4.19.16-200
4.19.15-200
4.19.14-200 4.19.13-200
4.19.12-200
4.19.10-200
4.18.9-200
4.18.8-200
4.18.7-200
4.18.5-200 4.18.18-200
4.18.17-200
4.18.16-200
4.18.14-200
4.18.13-200
4.18.12-200
4.18.10-200 4.17.9-200
4.17.7-200
4.17.6-200
4.17.5-200
4.17.4-200
4.17.3-200
4.17.2-200 4.17.19-200
4.17.18-200
4.17.17-200
4.17.14-202
4.17.12-200
4.17.11-200
4.16.9-300 4.16.8-300
4.16.7-300
4.16.6-302
4.16.5-300
4.16.3-301
4.16.16-300
4.16.15-300 4.16.14-300
4.16.13-300
4.16.12-300
4.16.11-300
4.16.10-300

fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.44.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-44.noarch.rpm - Support for the following kernels were added for LiME:

4.18.9-100
4.18.7-100
4.18.19-100
4.18.18-100
4.18.16-100
4.18.15-100
4.18.13-100 4.18.12-100
4.18.10-100
4.17.9-100
4.17.7-100
4.17.6-100
4.17.5-100
4.17.3-100 4.17.2-100
4.17.19-100
4.17.17-100
4.17.14-102
4.17.12-100
4.17.11-100
4.16.9-200 4.16.7-200
4.16.6-202
4.16.5-200
4.16.4-200
4.16.3-200
4.16.16-200
4.16.15-200 4.16.14-200
4.16.13-200
4.16.12-200
4.16.11-200
4.15.9-300
4.15.8-300
4.15.7-300 4.15.6-300
4.15.4-300
4.15.3-300
4.15.17-300
4.15.16-300
4.15.15-300
4.15.14-300 4.15.13-300
4.15.12-301
4.15.10-300
4.14.8-300
4.14.7-300
4.14.6-300
4.14.5-300 4.14.3-300
4.14.18-300
4.14.16-300
4.14.14-300
4.14.13-300
4.14.11-300
4.13.9-300 4.13.16-302
4.13.16-300
4.13.15-300
4.13.13-300
4.13.12-300

fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.38.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:

4.16.7-100
4.16.11-100
4.15.9-200
4.15.7-200
4.15.6-200 4.15.4-200
4.15.3-200
4.15.17-200
4.15.16-200
4.15.15-200 4.15.14-200
4.15.12-201
4.15.10-200
4.14.8-200
4.14.6-200 4.14.5-200
4.14.4-200
4.14.18-200
4.14.16-200
4.14.14-200 4.14.13-200
4.14.11-200
4.13.9-200
4.13.8-200
4.13.5-200 4.13.4-200
4.13.16-202
4.13.16-200
4.13.15-200
4.13.13-200 4.13.12-200
4.13.11-200
4.13.10-200
4.12.9-300
4.12.8-300 4.12.5-300
4.12.14-300
4.12.13-300
4.12.12-300
4.12.11-300 4.11.9-300
4.11.8-300
4.11.11-300
4.11.10-300

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.50.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-50.noarch.rpm - Support for the following kernels were added for LiME:

4.13.16-100
4.13.15-100
4.13.13-100
4.13.12-100
4.13.11-100 4.13.10-100
4.13.8-100
4.13.5-100
4.12.14-200
4.12.13-200 4.12.11-200
4.12.9-200
4.12.8-200
4.11.12-200
4.11.11-200 4.11.10-200
4.11.9-200
4.11.8-200
4.11.7-200
4.11.6-201 4.11.5-200
4.11.4-200
4.11.3-200
4.11.3-202
4.10.17-200 4.10.16-200
4.10.15-200
4.10.10-200
4.10.9-200
4.10.8-200 4.10.6-200
4.10.5-200
4.9.14-200
4.9.13-200
4.9.13-201 4.9.12-200
4.9.11-200
4.9.10-200
4.9.9-200
4.9.8-201 4.9.7-201
4.9.6-200
4.9.5-200
4.9.4-201
4.9.3-200 4.8.16-300
4.8.15-300
4.8.14-300
4.8.13-300
4.8.12-300 4.8.11-300
4.8.10-300
4.8.8-300
4.8.6-300

fmem-kernel-modules-el8-x86_64-1.6-1.3.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.
lime-kernel-modules-el8-x86_64-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:

4.18.0-80.11.2
4.18.0-80.11.1
4.18.0-80.7.2
4.18.0-80.7.1
4.18.0-80.4.2
4.18.0-80.1.2
4.18.0-80
fmem-kernel-modules-el7-x86_64-1.6-1.57.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-el7-x86_64-1.1.r17-57.noarch.rpm - Support for the following kernels were added for LiME:

3.10.0-1062.1.2
3.10.0-1062.1.1
3.10.0-1062
3.10.0-957.5.1
3.10.0-957.27.2
3.10.0-957.21.3
3.10.0-957.21.2
3.10.0-957.1.3
3.10.0-957.12.2
3.10.0-957.12.1
3.10.0-957.10.1
3.10.0-957 3.10.0-862.3.3
3.10.0-862.9.1
3.10.0-862.6.3
3.10.0-862.3.2
3.10.0-862.2.3
3.10.0-862.14.4
3.10.0-862.11.6
3.10.0-862
3.10.0-693.5.2
3.10.0-693.2.2
3.10.0-693.21.1
3.10.0-693.2.1 3.10.0-693.17.1
3.10.0-693.11.6
3.10.0-693.11.1
3.10.0-693.1.1
3.10.0-693
3.10.0-514.6.2
3.10.0-514.6.1
3.10.0-514.26.2
3.10.0-514.26.1
3.10.0-514.2.2
3.10.0-514.21.2
3.10.0-514.21.1 3.10.0-514.16.1
3.10.0-514.10.2
3.10.0-514
3.10.0-327.4.5
3.10.0-327.4.4
3.10.0-327.36.3
3.10.0-327.36.2
3.10.0-327.36.1
3.10.0-327.3.1
3.10.0-327.28.3
3.10.0-327.28.2
3.10.0-327.22.2 3.10.0-327.18.2
3.10.0-327.13.1
3.10.0-327.10.1
3.10.0-327
3.10.0-229.7.2
3.10.0-229.4.2
3.10.0-229.20.1
3.10.0-229.14.1
3.10.0-229.1.2
3.10.0-229.11.1
3.10.0-229
3.10.0-123.9.3 3.10.0-123.9.2
3.10.0-123.8.1
3.10.0-123.6.3
3.10.0-123.4.4
3.10.0-123.4.2
3.10.0-123.20.1
3.10.0-123.13.2
3.10.0-123.13.1
3.10.0-123.1.2
3.10.0-123

fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.59.noarch.rpm - No additional modules were added for Fmem. This package was only updates for revision number equality with LiME.

lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-59.noarch.rpm - Support for the following kernels were added for LiME:

2.6.32-754.23.1
2.6.32-754.22.1
2.6.32-754.18.2
2.6.32-754.17.1
2.6.32-754.15.3
2.6.32-754.14.2
2.6.32-754.12.1
2.6.32-754.11.1
2.6.32-754.10.1
2.6.32-754.9.1
2.6.32-754.6.3
2.6.32-754.3.5
2.6.32-754.2.1
2.6.32-754 2.6.32-696.30.1
2.6.32-696.28.1
2.6.32-696.23.1
2.6.32-696.20.1
2.6.32-696.18.7
2.6.32-696.16.1
2.6.32-696.13.2
2.6.32-696.10.3
2.6.32-696.10.2
2.6.32-696.10.1
2.6.32-696.6.3
2.6.32-696.3.2
2.6.32-696.3.1
2.6.32-696.1.1 2.6.32-696
2.6.32-642.15.1
2.6.32-642.13.2
2.6.32-642.13.1
2.6.32-642.11.1
2.6.32-642.6.2
2.6.32-642.6.1
2.6.32-642.4.2
2.6.32-642.3.1
2.6.32-642.1.1
2.6.32-642
2.6.32-573.26.1
2.6.32-573.22.1
2.6.32-573.18.1 2.6.32-573.12.1
2.6.32-573.8.1
2.6.32-573.7.1
2.6.32-573.3.1
2.6.32-573.1.1
2.6.32-573
2.6.32-504.30.3
2.6.32-504.23.4
2.6.32-504.16.2
2.6.32-504.12.2
2.6.32-504.8.1
2.6.32-504.3.3
2.6.32-504.1.3
2.6.32-504 2.6.32-431.29.2
2.6.32-431.23.3
2.6.32-431.20.5
2.6.32-431.20.3
2.6.32-431.17.1
2.6.32-431.11.2
2.6.32-431.5.1
2.6.32-431.3.1
2.6.32-431.1.2.0.1
2.6.32-431
2.6.32-358.23.2
2.6.32-358.18.1
2.6.32-358.14.1
2.6.32-358.11.1 2.6.32-358.6.2
2.6.32-358.6.1
2.6.32-358.2.1
2.6.32-358.0.1
2.6.32-358
2.6.32-279
2.6.32-220
2.6.32-131.0.15
2.6.32-71.29.1
2.6.32-71.24.1
2.6.32-71.18.2
2.6.32-71.18.1
2.6.32-71.14.1
2.6.32-71.7.1
2.6.32-71

lime-kernel-modules-common-1.1.r17-5.noarch.rpm - LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page. The changes are the following:
- LiME code up to date as of October 21, 2019.
- CaptureMemoryWithLime fixes an error where the image file name contained spaces.
fmem-kernel-modules-common-1.6-1.4.noarch.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This package contains the source code for making the FMEM kernel modules and the install-fmem script. The changes are the following:
- Fmem code up to date as of October 21, 2019.
- install-mem fixes an error where the path to the kernel modules was wrong.
pfring-7.4.0-2734.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2734.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-2002.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}-distorm3-3.4.1-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python2-distorm3-3.4.1-2.el6.{i386,x86_64}.rpm, python{2,36}-distorm3-3.4.1-2.el7.x86_64.rpm, and python{2,3}-distorm3-3.4.1-2.el8.x86_64.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework.

October 18, 2019: The following changes have been made:

libfwsi{,-devel,-python2,-python3}-20191012-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191012-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191012-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191012-1.el8.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
ADIA - This item is the VMware and Virtual Box-based appliances built with CentOS 7.7.1908 for the x86_64 architecture. See here for more details. The release consists of the following:
- The latest CERT Forensics Key is installed.
- All packages have been updated as of October 16, 2019.
- SElinux is disabled.
- Mate Desktop is the defaut desktop.
python{2,3}-xlsxwriter-1.2.2-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.2-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
pfring-7.4.0-2710.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2710.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-1979.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.3.6-200 for FC30
- 5.3.5-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 5.3.6-200 for FC30
- 5.3.5-200 for FC30
fmem-kernel-modules-el8-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.0-80.11.2 for EL8
- 4.18.0-80.11.1 for EL8
- 4.18.0-80.7.2 for EL8
- 4.18.0-80.7.1 for EL8
- 4.18.0-80.4.2 for EL8
- 4.18.0-80.1.2 for EL8
lime-kernel-modules-el8-x86_64-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.0-80.11.2 for EL8
- 4.18.0-80.11.1 for EL8
- 4.18.0-80.7.2 for EL8
- 4.18.0-80.7.1 for EL8
- 4.18.0-80.4.2 for EL8
- 4.18.0-80.1.2 for EL8

October 11, 2019: The following changes have been made:

CentOS 8 - The repository now supports CentOS 8 for the x86_64 CPU architecture. Here is the list of tools provided for CentOS 8:

2hash
acr
adns
aeskeyfind
afflib
analysis-pipeline
analyzeMFT
antiword
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
biplist
bro
CERT-Forensics-Tools
cert-forensics-tools-release
certifi
construct
crunch
cryptcat
cutter
daq
dc3dd
dcfldd
dcp
dd_rescue
ddrescue
ddrutility
dfdatetime
dfvfs
dfwinreg
dislocker
distorm3
dpkt
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
foremost
fundl
fuse-python

galleta
gengetopt
GeoIP
GeoIP-GeoLite-data
ghidra
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
httplib2
jafat
lame
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi
libpst

libqcow
libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libtomcrypt
libtommath
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
luajit
lz4
mac-robber
md5deep
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
ntfs-3g
openpgm
packetexaminer
partclone
pasco
pefile
perl-DateTime-Format-WindowsFileTime
perl-Image-ExifTool
perl-Parse-Win32Registry
plaso
prism
protobuf-c
pstotext
ptfinder
pyfixbuf
pyparsing
python-crypto
python-enum
python-psutil
python-registry
python-yara
pytsk3
qtmltfs

rar
reglookup
regripper
regripper-plugins
rekall-forensics
rifiuti2
rifiuti
scalpel
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
sox
ssdeep
ssldump
stegdetect
super_mediator
tcpflow
tcpxtract
testdisk
tln_tools
tre
umit
undbx
unrar
untex
videosnarf
vmfs6-tools
vmfs-tools
Volatility
winevt-kb
winreg-kb
xlsxwriter
xmount
xplico
xva-img
yaf
yara
zeromq3
zeromq
zmq

The following tools have been provided for CentOS/RHEL 7 but are unavailable for CentOS/RHEL 8 at this time:

Here are the other changes this week:

lime-kernel-modules-1.1.r17-17.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for CentOS/RHEL 8 x86_64 architecture was added.
fmem-kernel-modules-1.6-1.17.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for CentOS/RHEL 8 x86_64 architecture was added.
ghostpdl-9.27-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and ghostpdl-9.27-1.{el7,el8}.x86_64.rpm - Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages. Ghostpdl is used by Xplico.
python{2,3}-elasticsearch-7.0.5-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.0.5-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.0.5-1.el8.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
libfwsi{,-devel,-python2,-python3}-20191006-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191006-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191006-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191006-1.el8.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
liblnk{,-devel,-python2,-python3,-tools}-20191006-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191006-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191006-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3,-tools}-20191006-1.el8.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libsigscan{,-devel,-python2,-python3,-tools}-20191006-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20191006-1.el6.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-python36,-tools}-20191006-1.el7.x86_64.rpm, and libsigscan{,-devel,-python2,-python3,-tools}-20191006-1.el8.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning.
libpst{,-devel,-devel-doc,-doc,-libs,-python}-0.6.72-1.{fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libpst{,-devel,-devel-doc,-doc,-libs,-python36}-0.6.72-1.el7.x86_64.rpm, and libpst{,-devel,-devel-doc,-doc,-libs,-python3}-0.6.72-1.el8.x86_64.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.
ntfs-3g{,-devel}-2017.3.23-11.el6.{i686,x86_64}.rpm and ntfs-3g{,-devel}-2017.3.23-11.{el7,el8}.x86_64.rpm - NTFS-3g is a stable, full-featured, read-write NTFS driver for Linux, Android, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku, and other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and Windows 10 NTFS file systems.
snort-2.9.15-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15-1.el7.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
snort-sample-rules-2.9.15-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.15-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15-1.el7.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
pfring-7.4.0-2707.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2707.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-3.0.0-1978.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.18-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.18-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.18-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.18-100 for FC29

October 4, 2019: The following changes have been made:

pfring-7.4.0-2700.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2700.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1951.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.17-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.17-100 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.56.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-1062.1.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-56.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-1062.1.2 for EL7

September 27, 2019: The following changes have been made:

pfring-7.4.0-2682.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2682.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1885.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.17-200 for FC30
- 5.2.16-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.17-200 for FC30
- 5.2.16-200 for FC30

September 20, 2019: The following changes have been made:

python{2,3}-xlsxwriter-1.2.1-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.1-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
analysis-pipeline-5.11.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes.
pfring-7.4.0-2675.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2675.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1875.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.15-200 for FC30
- 5.2.14-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.15-200 for FC30
- 5.2.14-200 for FC30
fmem-kernel-modules-el7-x86_64-1.6-1.55.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-1062.1.1 for EL7
- 3.10.0-1062 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-55.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-1062.1.1 for EL7
- 3.10.0-1062 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.57.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.22.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-57.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.22.1 for EL6

September 13, 2019: The following changes have been made:

libvslvm{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. Note: This is a repackaging of the libvslvm tools version 20160110.
certifi-2019.9.11-1.{fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
pfring-7.4.0-2658.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2658.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1848.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.13-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.13-200 for FC30

September 6, 2019: The following changes have been made:

ADIA - This item is the VMware and Virtual Box-based appliances built with CentOS 7.6.1810 for the x86_64 architecture. See here for more details. The release consists of the following:
- The latest CERT Forensics Key is installed.
- All packages have been updated as of September 3, 2019.
- SElinux is disabled.
- Mate Desktop is the defaut desktop.
pfring-7.4.0-2643.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2643.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1820.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.11-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.11-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.11-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.11-100 for FC29

August 30, 2019: The following changes have been made:

python{2,3}-xlsxwriter-1.2.0-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.0-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
CERT-Forensics-Tools-1.0-86.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-86.el7.x86_64.rpm - Removed the dependency of the kernel-PAE-modules-extra package for Fedora 28 and beyond.
libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf{,-devel,-tools,-python2,-tools}-20160718-20140806.4.el6.{i686,x86_64}.rpm, and libewf{,-devel,-tools,-python2,-python36,-tools}-20160718-20140806.4.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806). This release obsoletes (which causes the removal of) the ewftools package which is provided by Fedora.
libfixbuf{,-devel}-2.4.0-1.{,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libfixbuf{,-devel}-2.4.0-1.el7.x86_64.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-1.el7.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. See here for a list of changes in this version.
libschemaTools{,-devel}-1.3-6.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.3-6.el7.x86_64.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. This package was rebuilt to use libfixbuf 2.4.0.
python{2,3}-pyfixbuf-0.8.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python2-pyfixbuf-0.8.0-1.el6.{i686,x86_64}.rpm, and python{2,36}-pyfixbuf-0.8.0-1.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
analysis-pipeline-5.11.2-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.2-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.4.0.
super_mediator-1.7.0-4.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-4.el7.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use libfixbuf 2.4.0.
yaf{,-devel}-2.11.0-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-3.el7.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring. This package was rebuilt to use libfixbuf 2.4.0.
pfring-7.4.0-2623.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2623.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1797.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.

August 23, 2019: The following changes have been made:

jdk-12.0.2_linux-x64_bin.rpm - JDK is the Java SE Development Kit 12.0.2 from Oracle. This package has been installed in the Fedora 25 and 26 and CentOS/RHEL 7 repositories for the x86_64 architecture.
ghidra-9.0.4-PUBLIC_20190516.3.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.0.4-PUBLIC_20190516.3.{fc25,fc26,el7}.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
Note: this release no longer requires JDK from Oracle for Fedora 27 through 30, relying instead on the latest version of OpenJDK provided by Fedora, specified as java-latest for Fedora 28 and beyond and java-11 for Fedora 27. However, for Fedora 25 and 26 and CentOS/RHEL 7, JDK Version 11 or higher is required and this package has been added to the appropriate repositories. In addition, this release also contains a ghidra.desktopfile that supports the GNOME and Mate Window managers.
sleuthkit{,-devel,-libs}-4.6.7-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.7-1.1.el7.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
jdk-8u221-linux-x64.rpm - JDK is the Java SE Development Kit 8, Update 221 from Oracle. This package has been installed in the CentOS/RHEL 7 repository for the x86_64 architecture and in the CentOS/RHEL 6 repoositories for the i386 and x86_64 architectures.
autopsy-4.12.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and autopsy-4.12.0-1.el7.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora. However, for CentOS/RHEL 6 and 7, the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories. In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers.
python{2,3}-xlsxwriter-1.1.9-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.9-1.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
bro{,-core,ctl,-debugsource,-devel,-libcaf-devel}-2.6.3-0.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-2.6.3-0.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, bro{,-core,ctl,-debugsource,-devel,-libcaf-devel}-2.6.3-0.el7.x86_64.rpm, and libbroker-devel-2.6.3-0.el7.x86_64.rpm - Bro (nee Zeek) is a powerful network analysis framework that is much different from the typical IDS you may know. (Zeek is the new name for the long-established Bro system. Note that parts of the system retain the "Bro" name, and it also often appears in the documentation and distributions.)
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: bro packages install files in /opt/bro. To use these files, add the following to your ~/.bashrc file:
      [[ -d /opt/bro/bin && ! "$PATH" =~ /opt/bro/bin ]] && PATH=$PATH:/opt/bro/bin
      [[ -d /opt/bro/share/man && ! "$MANPATH" =~ /opt/bro/share/man ]] && MANPATH=$MANPATH:/opt/bro/share/man
Then run:
      . ~/.bashrc
python{2,3}-elasticsearch-7.0.4-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.4-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
pfring-7.4.0-2612.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2612.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1770.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem: 5.2.9-200 for FC30 5.2.8-200 for FC30 5.2.7-200 for FC30 5.2.6-200 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME: 5.2.9-200 for FC30 5.2.8-200 for FC30 5.2.7-200 for FC30 5.2.6-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem: 5.2.7-100 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME: 5.2.7-100 for FC29
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.56.noarch.rpm - Support for the following kernels were added for Fmem: 2.6.32-754.18.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-56.noarch.rpm - Support for the following kernels were added for LiME: 2.6.32-754.18.2 for EL6

August 8, 2019: The following changes have been made:

libregf{,-devel,-python2,-python3,-tools}-20190805-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190805-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190805-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
snort-2.9.14.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.14.1-1.el7.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
snort-sample-rules-2.9.14.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.14.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.14.1-1.el7.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
ghidra-9.0.4-PUBLIC_20190516.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.0.4-PUBLIC_20190516.el7.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
Please note that you must install the JDK for Ghidra to work. In testing, The Java Development Kit (JDK) version 11.0.2 was used and worked successfully. Ghidra expects a program named java to be available in the directories named in the PATH variable.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.2.5-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 5.2.5-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.21-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.21-200 for FC29
- 5.1.18-200 for FC29

August 2, 2019: The following changes have been made:

python{2,3}-pyparsing-2.4.2-1.{fc26,fc27,fc28,fc29}.noarch.rpm, python2-pyparsing-2.4.2-1.el6.noarch.rpm, and pyparsing-doc-2.4.2-1.{fc26,fc27,fc28,fc29,el6}.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
python-yara-3.9.0-2.{i386,x86_64}.el6.rpm - Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
fmem-kernel-modules-el7-x86_64-1.6-1.54.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.27.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-54.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.27.2 for EL7

July 31, 2019: The following changes have been made:

python{2,3}-dfvfs-20190714-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190714-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
libregf{,-devel,-python2,-python3,-tools}-20190714-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190714-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190714-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
plaso-20190708-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190708-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
testdisk-7.1-1.1.el6.{i686,x86_64}.rpm and qphotorec-7.0-4.1.el6.{i386,x86_64}.rpm - Testdisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. These releases were built to use the latest version of libewf that is installed in this repository.
analysis-pipeline-5.11.2-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.2-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
apfs-fuse-20190723-1.{fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm and apfs-fuse-20190723-1.el7.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
cutter-1.8.3-20190701.fc30.{i686,x86_64}.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. This version is built with the source code that is available on 2019-05-14. Note that this release is only available for Fedora 30 because it relies on Qt version 5.12.
python{2,3}-dfwinreg-20190714-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dfwinreg-20190714-1.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
libguytools-2.1.0-1.{fc25,fc26,fc27,fc28,fc28,fc30}.{i686,x86_64}.rpm and libguytools-2.1.0-1.el7.x86_64,rpm - Libguytools is a package of subroutines and header files needed to build and operate guymager. The changes are:
- Cleaned up for C++14, some minor prototype changes to ensure same bit widths on different architectures
- Some debugging (handling user errors in configuration files)
- Understands # at beginning of line (first non-blank char) for remarks (REM still remains valid)
guymager-0.8.11-1.{fc25,fc26,fc27,fc28.fc29,fc30,el6}.{i686,x86_64}.rpm and guymager-0.8.11-1.el7.x86_64.rpm - Guymager is a forensic imaging package. See here for the list of changes.
libmodi{,-devel,-python2,-python3,-tools}-20190513-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmodi{,-devel,-python2,-tools}-20190513-1.el6.{i686,x86_64}.rpm, and libmodi{,-devel,-python2,-python36,-tools}-20190513-1.el7.x86_64.rpm - Libmodi is a lbrary and tools to access the Mac OS disk image formats.
libphdi{,-devel,-python,-python3,-tools}-20190506-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libphdi{,-devel,-python,-tools}-20190506-1.el6.{i686,x86_64}.rpm, and libphdi{,-devel,-python,-python36,-tools}-20190506-1.el7.x86_64.rpm - Libphdi is a library to access the Parallels Hard Disk image format.
Volatility-2.6.1-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-3.el7.x86_64.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6.1 that has been patched to July 29, 2019. You can read about this version here.
To install this update on Fedora 25 and CentOS/RHEL 6 and 7, you must first do the following:
sudo rpm -ev yara-python --nodeps
Volatility-community-plugins-20190729-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/ and to use them you need to specify this location on the command line thusly:
volatility --plugins=/usr/share/volatility/plugins/community ... Note: The following plugins were removed all systems: AlexanderTarasenko, ThomasWhite, ProcessFuzzyHash, AFF4, JavierVallejo, PeterCasey, LorenzLiebler, Citronneur, AlizHammon, and TranVienHa, and the following were also removed for el6: BartoszInglot, DaveLasalle, ESET_Browserhooks, FrankBlock, LoicJaquemet, PhilipHuppert, ThomasChopitea, TranVienHa, and YingLi.
pfring-7.4.0-2604.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2604.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1753.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.20-300 for FC30
- 5.1.19-300 for FC30
- 5.1.18-300 for FC30
- 5.1.17-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.20-300 for FC30
- 5.1.19-300 for FC30
- 5.1.18-300 for FC30
- 5.1.17-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.20-200 for FC29
- 5.1.18-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.20-200 for FC29
- 5.1.18-200 for FC29

July 12, 2019: The following changes have been made:

pfring-7.4.0-2598.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2598.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1645.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.16-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.16-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.16-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.16-200 for FC29

July 3, 2019: The following changes have been made:

libsigscan{,-devel,-python2,-python3,-tools}-20190629-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20190629-1.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python2,-python36,-tools}-20190629-1.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning.
libevtx{,-devel,-python2,-python3,-tools}-20190619-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20190619-1.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python36,-tools}-20190619-1.el7.x86_65.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libbde{,-devel,-python2,-python3,-tools}-20190701-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190701-1.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python36,-tools}-20190701-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
pfring-7.4.0-2595.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2595.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1641.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
rifiuti2-0.7.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-2.el7.x86_64.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.15-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.15-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.15-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.15-200 for FC29
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.55.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.17.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-55.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.17.1 for EL6

June 28, 2019: The following changes have been made:

libewf-experimental{,-devel,-tools,-python2,-python3,-tools}-20190317-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf-experimental{,-devel,-tools,-python2,-tools}-20190317-1.el6.{i686,x86_64}.rpm, and libewf-experimental{,-devel,-tools,-python2,-python36,-tools}-20190317-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr. Further, the Libewf-Experimental packages have been installed in the forensics-test repository. You will need to enable this repository with this command for Fedora:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL:
sudo yum-config-manager --enable forensics-test
pfring-7.4.0-2580.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2580.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1619.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.12-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.12-300 for FC30

June 21, 2019: The following changes have been made:

certifi-2019.6.16-1.{fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
python{2,3}-dfvfs-20190609-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190609-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-1.el7.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.11.1-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.1-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). Note: This release was built to add JSON alerting capabilities.
prism-1.2-6.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-6.el7.x86_64.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This package was rebuilt to use silk 3.18.2.
super_mediator-1.7.0-3.{fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-3.el7.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use libfixbuf 3.18.2.
plaso-20190531-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190531-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
snort-2.9.13-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.13-1.el7.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for .the changes in this version. This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
snort-sample-rules-2.9.13-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.13-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.13-1.el7.x86_64.rpm - This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort. See here for more details. See the OpenAppId Detector Developer Guide for more information. To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
pfring-7.4.0-2567.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2567.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1601.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.11-300 for FC30
- 5.1.9-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.11-300 for FC30
- 5.1.9-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.11-200 for FC29
- 5.1.9-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.11-200 for FC29
- 5.1.9-200 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.53.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.21.3 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-53.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.21.3 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.54.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.15.3 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-54.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.15.3 for EL6

June 14, 2019: The majority of changes made in this announcement rename packages for CentOS/RHEL to conform to the CentOS/RHEL standard of Python 3 packages including the Python version in the package name. For example, where the package for Fedora 30 is named python3-artifacts, the CentOS/RHEL version is named python36-artifacts. For version and release consistency, the Fedora packages have been updated even though they contain no new functionality. With this release, Plaso is now provided as conventional package rather than as a Python virtual environment for CentOS/RHEL 7 and Fedora 26.

In addition, the CentOS/RHEL repositories were audited and packages that are provided by CentOS/RHEL, EPEL, or are no longer needed have been archived. These packages have been removed from the CentOS/RHEL repository as the result of an audit:

aff{lib,lib-devel,tools}-3.7.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
bokken-1.8-3.el7.x86_64.rpm - Removed: No longer needed.
capstone{,-python2,-python3}-3.0.4-6.el7.x86_64.rpm - Removed: Provided by EPEL.
catdoc-0.94.2-6.el7.x86_64.rpm - Removed: Provided by EPEL.
daemonize-1.7.3-7.el7.x86_64.rpm - Removed: Provided by EPEL.
dcfldd-1.3.4.1-2.el7.x86_64.rpm - Removed: Provided by EPEL.
dd_rescue-1.99.8-1.el7.x86_64.rpm - Removed: Provided by EPEL.
dino-1.5-2.el7.noarch.rpm - Removed: Provided by EPEL.
dislocker{,-libs}-0.7.1-1.el7.x86_64.rpm and fuse-dislocker-0.7.1-1.el7.86_64.rpm - Removed: Provided by EPEL.
dummy-1.0-2.el7.x86_64.rpm - Removed: No longer needed.
efilter-1-1.5-1.el7.x86_64.rpm - Removed: No longer needed.
fontawesome-fonts-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
fontawesome-fonts-web-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
fred-0.1.1-1.el7.x86_64.rpm - Removed: No longer needed.
fuse-exfat-1.0.1-1.el7.x86_64.rpm - Removed: No longer needed.
fuseext2-0.3-1.el7.x86_64.rpm - Removed: No longer needed.
ghex{,-devel,-libs}-3.18.0-1.el7.x86_64.rpm - Removed: No longer needed.
hashcat-3.00-1.el7.x86_64.rpm - Removed: No longer needed.
jansson{,-devel,-devel-doc}-2.9-1.el7.x86_64.rpm - Removed: No longer needed.
lame{,-devel,-libs,-mp3x}-3.99.5-1.el7.x86_64.rpm - Removed: Provided by EPEL.
LogAnalysisToolKit-1.7-1.el7.noarch.rpm - Removed: No longer needed.
luajit{,-devel}-2.0.2-9.el7.x86_64.rpm - Removed: Provided by EPEL.
mac-robber-1.02-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
mathjax-2.2-4.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
md5deep-4.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
mdbtools{,-devel,-gui,-libs}-0.7-43.13.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
null-package-1.0-4.el7.noarch.rpm - Removed: No longer needed.
partclone-0.3.6-2.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
perl-Alien-wxWidgets-0.67-6.el7.x86_64.rpm - Removed: No longer needed.
perl-Carp-Assert-0.20-4.el7.noarch.rpm - Removed: Provided by EPEL.
perl-Digest-CRC-0.16-1.el7.x86_64.rpm - Removed: Provided by EPEL.
perl-Digest-Crc32-0.01-1.el7.noarch.rpm - Removed: No longer needed.
perl-Image-ExifTool-8.50-1.el7.noarch.rpm - Removed: Provided by EPEL.
perl-Net-Pcap-0.16-2.el7.x86_64.rpm - Removed: Provided by EPEL.
protobuf-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-compiler-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-lite-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-lite-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-lite-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-python-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
protobuf-vim-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-c{,-devel}-0.15-2.1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
pyew-2.3.0.0-2.el7.x86_64.rpm - Removed: No longer needed.
pygtksourceview{,-devel,-doc}-2.8.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
pyparsing{,-doc}-2.4.0-1.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
pyPdf-1.12-4.el7.noarch.rpm - Removed: No longer needed.
python2-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
python2-efilter-1.5-1.el7.noarch.rpm - Removed: No longer needed.
python2-elasticsearch5-5.5.5-2.el7.x86_64.rpm - Removed: No longer needed.
python2-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
python2-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
python3-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
python3-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
python3-psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
python3-pyparsing-2.4.0-1.el7.noarch.rpm - Removed: No longer needed.
python3-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
python3shim-1.0-1.el7.noarch.rpm - Removed: No longer needed.
python-dpkt-1.8-2.el7.noarch.rpm - Removed: No longer needed.
python-elasticsearch5-5.5.5-1.el7.x86_64.rpm - Removed: No longer needed.
python-httplib2-0.7.7-3.el7.noarch.rpm - Removed: No longer needed.
python-ipython-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-console-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-doc-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-gui-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-notebook-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-sphinx-2.2.0-1.el7.noarch.rpm - Removed: No longer needed
python-ipython-tests-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-M2Crypto-0.26.0-0.x86_64.rpm - Removed: No longer needed.
python-path-3.0.1-2.el7.noarch.rpm - Removed: No longer needed.
python-prettytable-0.7.2-4.el7.noarch.rpm - Removed: No longer needed.
python-psycopg2{,-doc}-2.5.1-3.el7.x86_64.rpm - Removed: No longer needed.
python-radare-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
python-radare2-2.9.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
python-tidy-0.2-1.1.el7.noarch.rpm - Removed: No longer needed.
python-tornado{,-doc}-3.2.1-3.el7.x86_64.rpm - Removed: No longer needed.
pytsk-20150406-4.el7.x86_64.rpm - Removed: Removed - replaced by pytsk3.
radare{,-devel,-extras}-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
radare2{,-common,-devel}-2.9.0-1.el7.x86_64.rpm - Removed: No longer needed.
scalpel-2.0-2.el7.x86_64.rpm - Removed: Provided by EPEL.
socat-1.7.3.2-1.1.el7.x86_64.rpm - Removed: Provided by EPEL.
ssdeep-2.14.1-1.el7.x86_64.rpm - Removed: Provided by EPEL.
tcpflow-1.4.4-12.el7.x86_64.rpm - Removed: Provided by EPEL.
tcpxtract-1.0.1-10.el7.2.x86_64.rpm - Removed: Provided by EPEL.
ttembed-1.1-3.el7.x86_64.rpm - Removed: Provided by EPEL.
testdisk-6.14-3.3.el7.x86_64.rpm - Removed: Provided by EPEL.
umview-0.8.2-1.1.el7.x86_64.rpm - Removed: No longer needed.
valabind-0.10.0-4.el7.x86_64.rpm - Removed: No longer needed.
xapian-core{,-devel,-libs}-1.2.7-2.el7.x86_64.rpm - Removed: No longer needed.
xmount-0.7.6-3.el7.x86_64.rpm - Removed: Provided by EPEL.
xrdp-0.5.0-0.13.el7.x86_64.rpm - Removed: Provided by EPEL.
yara{,-devel,-doc}-3.5.0-7.1.el7.x86_64.rpm - Removed: Provided by EPEL.
zeromq{,-devel}-2.2.0-4.el7.x86_64.rpm - Removed: Provided by EPEL.

These changes were also made:

python{2,3}-artifacts-20190320-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20190320-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python{2,36}-artifacts-20190320-2.el7.x86_64.rpm, and artifacts-data-20190320-2.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-artifacts and python36-artifacts. The package names for Fedora are unchanged.
python{2,3}-bencode-2.1.0-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-bencode-2.1.0-1.el7.noarch.rpm - Bencode re-packages the existing bencoding and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-bencode and python36-bencode. The package names for Fedora are unchanged.
python{2,3}-biplist-1.0.3-3.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-biplist-1.0.3-3.el7.x86_64.rpm - Biplist is a library for reading/writing binary plists. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-biplist and python36-biplist. The package names for Fedora are unchanged.
python{2,3}-chardet-3.0.4-3.fc26.{i686,x86_64}.rpm and python{2,36}-chardet-3.0.4-3.el7.x86_64.rpm - Chardet is a universal character encoding detector. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-chardet and python36-chardet. The package names for Fedora are unchanged.
python{2,3}-dfdatetime-20190517-2.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfdatetime-20190517-2.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dfdatetime and python36-dfdatetime. The package names for Fedora are unchanged.
python{2,3}-dfvfs-20190511-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190511-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. Note: The package for CentOS/RHEL 7 are named python2-dfvfs and python36-dfvfs.
python{2,3}-dfwinreg-20190517-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dfwinreg-20190329-2.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dfwinreg and python36-dfwinreg. The package names for Fedora are unchanged.
python{2,3}-dpkt-1.9.2-2.fc26.{i686,x86_64}.rpm and python{2,36}-dpkt-1.9.2-2.el7.x86_64.rpm - Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dpkt and python36-dpkt. The package names for Fedora are unchanged.
python{2,3}-dtfabric-20190120-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dtfabric-20190120-3.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dtfabric and python36-dtfabric. The package names for Fedora are unchanged.
python{2,3}-elasticsearch-7.0.2-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.2-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-elasticsearch and python36-elasticsearch. The package names for Fedora are unchanged.
libbde{,-devel,-python2,-python3,-tools}-20190317-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190317-3.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python36,-tools}-20190317-3.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libbde and python36-libbde. All other package names are unchanged.
libesedb{,-devel,-python2,-python3,-tools}-20181229-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20181229-5.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python2,-python36,-tools}-20181229-5.el7.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libesedb and python36-libesedb. All other package names are unchanged.
libevt{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevt and python36-libevt. All other package names are unchanged.
libevtx{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_65.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx. All other package names are unchanged.
libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf{,-devel,-tools,-python2,-tools}-20160718-20140806.3.el6.{i686,x86_64}.rpm, and libewf{,-devel,-tools,-python2,-python36,-tools}-20160718-20140806.3.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx. All other package names are unchanged.
libfsapfs{,-devel,-python2,-python3,-tools}-20190510-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190510-2.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python2,-python36,-tools}-20190510-2.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsapfs and python36-libfsapfs. All other package names are unchanged.
libfsntfs{,-devel,-python2,-python3,-tools}-20190104-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20190104-5.el6.{i686,x86_64}.rpm, and libfsntfs{,-devel,-python2,-python36,-tools}-20190104-5.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsntfs and python36-libfsntfs. All other package names are unchanged.
libfvde{,-devel,-python2,-python3,-tools}-20190104-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20190104-4.el6.{i686,x86_64}.rpm, and libfvde{,-devel,-python2,-python36,-tools}-20190104-4.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfvde and python36-libfvde. All other package names are unchanged.
libfwnt{,-devel,-python2,-python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20181227-4.el6.{i686,x86_64}.rpm and libfwnt{,-devel,-python2,-python36}-20181227-4.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwnt and python36-libfwnt. All other package names are unchanged.
libfwsi{,-devel,-python2,-python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20181227-4.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python2,-python36}-20181227-4.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwsi and python36-libfwsi. All other package names are unchanged.
liblnk{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-liblnk and python36-liblnk. All other package names are unchanged.
libmsiecf{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libmsiecf and python36-libmsiecf. All other package names are unchanged.
libolecf{,-devel,-python2,-python3,-tools}-20181231-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20181231-4.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python2,-python36,-tools}-20181231-4.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libolecf and python36-libolecf. All other package names are unchanged.
libqcow{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libqcow and python36-libqcow. All other package names are unchanged.
libregf{,-devel,-python2,-python3,-tools}-20190303-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190303-3.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190303-3.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libregf and python36-libregf. All other package names are unchanged.
libscca{,-devel,-python2,-python3,-tools}-20190605-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libscca{,-devel,-python2,-tools}-20190605-1.el6.{i686,x86_64}.rpm, and libscca{,-devel,-python2,-python36,-tools}-20190605-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. Note: The package for CentOS/RHEL 7 are named python2-libscca and python36-libscca.
libsigscan{,-devel,-python2,-python3,-tools}-20190103-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20190103-4.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python2,-python36,-tools}-20190103-4.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libsigscan and python36-libsigscan. All other package names are unchanged.
libsmdev{,-devel,-python2,-python3,-tools}-20190315-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20190315-3.el6.{i686,x86_64}.rpm, and libsmdev{,-devel,-python2,-python36,-tools}-20190315-23el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmdev and python36-libsmdev. All other package names are unchanged.
libsmraw{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmraw and python36-libsmraw. All other package names are unchanged.
libvhdi{,-devel,-python2,-python3,-tools}-20181227-5.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm and libvhdi{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvhdi and python36-libvhdi. All other package names are unchanged.
libvmdk{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvmdk and python36-libvmdk. All other package names are unchanged.
libvshadow{,-devel,-python2,-python3,-tools}-20190323-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20190323-3.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python2,-python36,-tools}-20190323-3.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvshadow and python36-libvshadow. All other package names are unchanged.
libvslvm{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvslvm and python36-libvslvm. All other package names are unchanged.
python{2,3}-pefile-2019.4.18-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-pefile-2019.4.18-2.el7.noarch.rpm - PEFile is a Portable Executable reader module. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-pefile and python36-pefile. The package names for Fedora are unchanged.
python36-urllib3-1.24.1-1.el7.x86_64.rpm - Python-urllib3 is a powerful, sanity-friendly HttP client for Python. Much of the Python ecosystem already uses urllib3. urllib3 brings many critical features that are missing from the Python standard libraries:
- Thread safety.
- Connection pooling.
- Client-side SSL/TLS verification.
- File uploads with multipart encoding.
- Helpers for retrying requests and dealing with HttP redirects.
- Support for gzip and deflate encoding.
- Proxy support for HttP and SOCKS.
- 100% test coverage.
This package was built to support plaso.
python{2,36}-lz4-0.10.0-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-lz4 and python36-lz4. The package names for Fedora are unchanged.
python{2,36}-psutil-5.4.3-4.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-psutil and python36-psutil.
python{2,3}-pytsk3-20190507-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python2-pytsk3-20190507-2.el6.{i686,x86_64}.rpm, and python{2,36}-pytsk3-20190507-2.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
python{2,3}-requests-2.22.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
python{2,3}-xlsxwriter-1.1.8-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.8-2.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-xlsxwriter and python36-xlsxwriter. The package names for Fedora are unchanged.
plaso-20190429-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190429-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
Finally, for CentOS/RHEL 7, plaso no longer relies on a Python Virtual Environment.
sleuthkit{,-devel,-libs}-4.6.6-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.6-1.1.el7.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This version was built with a higher revision than that provided by Fedora.
winreg-kb-20190507-1.el7.x86_64.rpm - Winreg-kb-kb winreg-kb is a project to build a Windows Registry Knowledge Base. winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources. See these scripts that make use of package.
winevt-kb-20190507-1.el7.x86_64.rpm - Winevt-kb is a project to build a Windows Event Log knowledge base. winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources. See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them. This version uses Python 3.
libwrc{,-devel,-python2,-python3,-tools}-20181203-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libwrc{,-devel,-python2,-tools}-20181203-4.el6.{i686,x86_64}.rpm, and libwrc{,-devel,-python2,-python36,-tools}-20181203-3.el7.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libwrc and python36-libwrc. All other package names are unchanged.
libexe{,-devel,-python2,-python3,-tools}-20181128-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libexe{,-devel,-python2,-tools}-20181128-4.el6.{i686,x86_64}.rpm, and libexe{,-devel,-python2,-python36,-tools}-20181128-4.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libexe and python36-libexe. All other package names are unchanged.
python{2,3}-construct-2.5.2-4.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm, python2-construct-2.5.2-4.el6.noarch.rpm, and python{2,36}-construct-2.5.2-4.el7.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data.
rekall-forensics-1.7.2.rc1-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and rekall-forensics-1.7.2.rc1-1.el7.x86_64.rpm - Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers. The program to run is named rekall.py.
Please note that the installation of all of these ancillary packages neede by rekall use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
vmfs-tools-0.2.5-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, vmfs-tools-0.2.5-3.el7.x86_64.rpm, libvmfs-devel-0.2.5-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, and libvmfs-devel-0.2.5-3.el7.x86_64.rpm - VMfs-tools is a collection of command-line tools for operating on VMware's VMFS file system. Included in this release is limited VMFS version 5 support. Note: The tools in the vmfs-tools package are named debugvmfs, fsck.vmfs, vmfs-fuse, vmfs-lvm. The tools installed are also named debugvmfs5, fsck.vmfs5, vmfs5-fuse, vmfs5-lvm.
vmfs6-tools-0.0.0.844.1195-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, vmfs6-tools-0.0.0.844.1195-1.el7.x86_64.rpm, libvmfs6-devel-0.0.0.844.1195-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, and libvmfs6-devel-0.0.0.844.1195-1.el7.x86_64.rpm - VMFS6-tools is a collection of command-line tools for operating on VMware's VMFS file system. Included in this release is limited VMFS version 6 support. Note: The tools in the vmfs6-tools package are named debugvmfs6, fsck.vmfs6, vmfs6-fuse, vmfs6-lvm.
xva-img-1.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and xva-img-1.3-1.el7.x86_64.rpm - XVA-IMG is a tool for working with Citrix XEN disk images. Citrix Xen uses a custom virtual appliance format for import/export called "XVA". It's basically a strangely crafted tar-file. You don't need this program to unpack this tar-file, just use your favourite tar unpacker (tar, gtar, bsdtar). Once unpacked you will end up with a lot of different files, ova.xml (which contains the settings for the virtual appliance, think VMware vmx) and a number of folders called Ref:/, this is your disks. Each of these folders contain hundreds of files named 00000000, 00000001 with a accompanying .CHECKSUM file (SHA1). Each file is a 1MB slice of the disk, but some of the files in the sequence will probably be missing this is because XVA do not use compression; instead it will exclude slices of the disk that only contains zeros (are empty). This tool can assemble the disk for you (you will end up with a RAW disk) that can easily be mounted and modified. It can then also split the file again and generate checksum. Once ready, you will probably want to use the "package" command to rebuild the XVA file.
CERT-Forensics-Tools-1.0-85.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-85.el7.x86_64.rpm - The changes since the last release (1.0-84) are the following:
- Added: qtmltfs
- Added: VMFS6-tools
- Added: Rekall Forensics (not on CentOS/RHEL 6)
- Added: xva-img
cert-forensics-tools-release-{25,26,27,28,29,30,6,7}-14.noarch.rpm - cert-forensics-tools-release is the package that connects a Fedora-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR). This package has been changed to require either a Fedora release or a Generic release to be able to install this package.
autopsy-4.11.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and autopsy-4.11.0-1.el7.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
In addition, the Java™ Platform, Standard Edition Development Kit (JDK™) from Oracle also needs to be installed before running autopsy. That package can be found here. Testing has been verified to work with JDK 11.0.2.
pfring-7.4.0-2553.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2553.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1596.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.8-300 for FC30
- 5.1.7-300 for FC30
- 5.1.6-300 for FC30
- 5.1.5-300 for FC30
- 5.0.17-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.8-300 for FC30
- 5.1.7-300 for FC30
- 5.1.6-300 for FC30
- 5.1.5-300 for FC30
- 5.0.17-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.6-200 for FC29
- 5.0.19-200 for FC29
- 5.0.17-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.6-200 for FC29
- 5.0.19-200 for FC29
- 5.0.17-200 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.52.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.21.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-52.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.21.2 for EL7
Fedora 24 - Updates to Fedora 24 for both the i686 and x86_64 CPU architectures has ceased.

May 17, 2019: There are two types of packages in LiFTER: packages installed as the result of installing the CERT-Forensics-Tools metapackage and packages used to build the packages that are installed as the result of installing the CERT-Forensics-Tools metapackage. An audit of the Fedora 25 through 30 repositories (Fedora 24 was not audited given its imminent retirement from LiFTeR) with the goal of retiring packages that do not fit into either of these categories. The idea is to contract the size of and therefore the effort required to maintain LiFTeR. The packages listed below have been archived and they can be retrieved if needed. Please also note that an audit of package for CentOS/RHEL 6 and 7 will be carried out in June, 2019.

These packages have been archived as the result of the audit:

aff{lib,lib-devel,tools}-3.7.4-1.fc25.{i686,x86_64}.rpm - Removed: Provided by Fedora.
artifacts-20190320-1.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
bencode-2.0.0-2.fc25.noarch.rpm - Removed: No longer needed.
biplist-1.0.3-2.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
bloom-1.4.6-2.fc26.686,x86_64}.rpm - Removed: No longer needed.
bokken-1.8-3.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
certifi-2019.3.9-2.fc25.noarch.rpm - Removed: No longer needed.
dc3dd-7.2.646-1.{fc27,fc28}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
dcfldd-1.3.4.1-2.fc29.{i686,x86_64}.rpm - Removed: Provided by Fedora.
dd_rescue-1.99.8-1.{fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
disktype-9-19.1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
dislocker{,-libs}-0.7.1-1.el7.x86_64.rpm and fuse-dislocker-0.7.1-1.el7.86_64.rpm - Removed: Provided by EPEL.
efilter-1.5-1.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm - Removed: No longer needed.
elasticsearch5-5.5.5-2.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
elasticsearch-6.3.1-2.{fc25,fc30}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
fuse-exfat-1.0.1-1.{fc25,fc26}.{i686,x86_64}.rpm - Removed: No longer needed.
ip4r-2.0.2-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
libiconv{,-devel,-static,-utils}-1.15-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
libp0f-2.0.8-1.{fc25,fc26}.{i686,x86_64}.rpm - Removed: No longer needed.
libpst-0.6.71-1.1.fc27.{i686,x86_64}.rpm - Removed: No longer needed.
libscca{,-devel,-python2,-python3,-tools}-20181227-3.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
md5deep-4.4-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
mdbtools{,-devel,-gui}-0.7-43.13.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
pefile-2019.4.18-1.fc25.noarch.rpm - Removed: No longer needed.
protobuf-c-1.3.0-1.fc29.{i686,x86_64}.rpm - Removed: Provided by Fedora.
pyparsing{,-doc}-2.4.0-1.{fc25,fc30}.{i386,x86_64}.rpm - Removed: Provided by Fedora.
pyew-2.3.0.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
python-apsw-3.19.3-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
python-biplist-1.0.3-1.{fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm - Removed: No longer needed.
python-certifi-2018.11.29-1.{fc26,fc27,fc28,fc29}.src.rpm - Removed: No longer needed.
python-construct-2.5.2-1.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm - Removed: No longer needed.
python-elasticsearch5-5.5.5-2.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
python-lz4-0.10.0-1.fc25.{i386,x86_64}.rpm - Removed: No longer needed.
python-pefile-2018.8.8-1.{fc25,fc26,fc27,fc28,fc29}.src.rpm - Removed: - No longer needed.
python{2,3}-psutil-5.4.3-4.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
python-radare-2.1.6.0-1.{fc26,fc27}.{i686,x86_64}.rpm - Removed: No longer needed.
python-radare2-2.9.0-1.{fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
python-rarfile-3.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
radare{,-devel}-2.1.6.0-1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
radare2{,-devel,-common}-2.7.0-1.{fc26,fc27,fc28}.{i386,x86_64}.rpm Provided by Fedora.
radare2{,-devel,-common}-2.9.0-1.fc29.{i386,x86_64}.rpm Provided by Fedora.
requests-2.21.0-1.{fc25,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Removed - suitable version provided by Fedora.
python{2,3}-scapy-2.4.0-4.fc25.noarch.rpm - Removed: Provided by Fedora.
ssdeep-2.14.1-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
vala{,-devel,-doc,-tools}-0.20-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and emacs-vala-0.20-1.{fc29,fc30}.{i686,x86_64}.rpm . No longer needed.
valabind-0.10.0-4.{fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm - Removed: No longer needed.
xmount-0.7.6-3.{fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
yara-python-3.6.3-1.,fc25.{i686,x86_64}.rpm - Removed: Provided by Fedora.
zeromq3-3.2.5-3.fc28.{i686,x86_64}.rpm - Removed: Provided by Fedora.

These changes additional have been made:

cutter-1.8.1-20190514.fc30.{i686,x86_64}.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. This version is built with the source code that is available on 2019-05-14. Note that this release is only available for Fedora 30 because it relies on Qt version 5.12.
pfring-7.4.0-2519.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2519.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1571.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}-dfdatetime-20190517-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python{2,3}-dfwinreg-20190517-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python{2,3}-dfwinreg-20190329-1.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.16-300 for FC30
- 5.0.14-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.16-300 for FC30
- 5.0.14-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.16-200 for FC29
- 5.0.14-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.16-200 for FC29
- 5.0.14-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.16-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.16-100 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.51.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.12.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-51.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.12.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.53.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.14.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-53.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.14.2 for EL6

May 10, 2019: The following changes have been made:

Fedora 30 - The repository now supports Fedora 30 for the x86_64 and i386 CPU architectures. Here is the list of tools provided for Fedora 30:

2hash
acr
aeskeyfind
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
biplist
CERT-Forensics-Tools
cert-forensics-tools-release
certifi
construct
crunch
cryptcat
cutter
daq
dcp
ddrescue
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
distorm3
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
galleta
ghidra
ghostpdl

grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
jafat
KHracker
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi

libqcow
libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
missidentify
mount_ewf
nDPI
netsa-python
packetexaminer
pasco
pefile
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
pyfixbuf
pyparsing
python-apsw
python-CFPropertyList
python-colorama
python-construct
python-dpapick
python-haystack
python-ioc_writer
python-pycoin

python-rarfile
python-registry
python-sqlite3dbm
python-ssdeep
python-unicodecsv
python-yara
pytsk3
qtmltfs
rar
registrydecoder
reglookup
regripper
regripper-plugins
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
stegdetect
super_mediator
tln_tools
unrar
untex
vala
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xlsxwriter
xplico
yaf

lime-kernel-modules-1.1.r17-16.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 30 x86_64 and i386 architectures was added.
fmem-kernel-modules-1.6-1.16.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 30 x86_64 and i386 architectures was added.
CERT-Forensics-Tools-1.0-84.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-84.el7.x86_64.rpm - The changes since the last release (1.0-83) are the following:
- The dff package is not installed on Fedora 30.
- The kracked package is not installed on Fedora 30.
python{2,3}-xlsxwriter-1.1.8-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.7).
libfsapfs{,-devel,-python2,-python3,-tools}-20190510-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190510-1.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python2,-python3,-tools}-20190510-1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
sleuthkit{,-devel,-libs}-4.6.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.6-1.el7.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.6.5) released to this repository.
pytsk3-20190507-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and pytsk3-20190507-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
python{2,3}-dpkt-1.9.2-1.fc26.{i686,x86_64}.rpm - Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python. This package was built to support plaso.
plaso-20190331-2.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190331-2.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.
Please note that for Fedora 24 and 25 and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
winreg-kb-20190507-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Winreg-kb-kb winreg-kb is a project to build a Windows Registry Knowledge Base. winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources. See these scripts that make use of package. Note that winreg-kb is not available for CentOS/RHEL 6 because of the old version of Python 2. This version uses Python 3.
winevt-kb-20190507-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Winevt-kb is a project to build a Windows Event Log knowledge base. winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources. See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them. This version uses Python 3.
daq{,-devel,-modules}-2.0.6-7.1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.6-7.1.el7.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort.
pfring-7.4.0-2504.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2504.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1564.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
guymager-0.8.8-2.{fc24,fc25,fc26,fc27,fc28.fc29,fc30,el6}.{i686,x86_64}.rpm and guymager-0.8.8-2.el7.x86_64.rpm - Guymager is a forensic imaging package. See here for the list of changes. This release contains no new functionality and was rebuilt to include a patch for GCC 8 which is standard on Fedora 28, 29, and 30.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.13-300 for FC30
- 5.0.11-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.13-300 for FC30
- 5.0.11-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.13-200 for FC29
- 5.0.11-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.13-200 for FC29
- 5.0.11-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.13-100 for FC28
- 5.0.11-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.13-100 for FC28
- 5.0.11-100 for FC28

May 3, 2019: The following changes have been made:

httplib2-0.12.3-1.el7.noarch.rpm - Httpib2 is comprehensive HttP client library, httplib2 supports many features left out of other HttP libraries. This package was installed for CentOS/RHEL 7 to support xplico. Please note that for CentOS/RHEL 7, this package was built incorrectly and was not usable. These build problems have been fixed in this release.
nDPI{,-devel}-2.9.0-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and nDPI{,-devel}-2.9.0-1.el7.x86_64.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.
nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
See here for the list of supported protocols.
xplico-1.2.2-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and xplico-1.2.2-2.el7.x86_64.rpm - xplico is an Internet traffic decoder. The changes include:
- CakePHP updated to 2.10.17
- Migration from GeoIP to GeoIP2
- nDPI updated to 2.9
ghidra-9.0.2-PUBLIC_20190403.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and ghidra-9.0.2-PUBLIC_20190403.el7.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.
Please note that you must install the JDK for Ghidra to work. In testing, The Java Development Kit (JDK) version 11.0.2 was used and worked successfully. Ghidra expects a program named java to be available in the directories named in the PATH variable.
python{2,3}-bencode-2.0.0-2.el7.noarch.rpm - Bencode re-packages the existing bencoding
python{2,3}-biplist-1.0.3-2.el7.x86_64.rpm - Biplist is a library for reading/writing binary plists. Binary Property List (plist) files provide a faster and smaller serialization format for property lists on OS X. This is a library for generating binary plists which can be read by OS X, iOS, or other clients.
python{2,3}-dfdatetime-20190116-2.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python{2,3}-dfwinreg-20190329-1.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
python2-dtfabric-20190120-2.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
python{2,3}-elasticsearch-6.3.1-2.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
idna-2.5-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".

April 26, 2019: The following changes have been made:

python{2,3}-dfvfs-20190301-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python2-dfvfs-20190301-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
python{2,3}-xlsxwriter-1.1.7-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.5).
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.9-200 for FC29
- 5.0.8-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.9-200 for FC29
- 5.0.8-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.8-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.8-100 for FC28

April 19, 2019: The following changes have been made:

pfring-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
To install this package, you must first do the following:
sudo rpm -ev pfring pfring-dkms --nodeps
followed by:
sudo yum -y install pfring pfring-dkms
ndpi-2.8.0-1540.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}-pefile-2019.4.18-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - PEFile is a Portable Executable reader module.
python{2,3}-artifacts-20190320-1.el7.x86_64.rpm and artifacts-data-20190320-1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libfixbuf{,-devel}-2.3.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libfixbuf{,-devel}-2.3.1-1.el7.x86_64.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-3.el7.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This package was rebuilt to use libfixbuf 2.3.1.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-4.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This package was rebuilt to use libfixbuf 2.3.1.
libschemaTools{,-devel}-1.3-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.3-5.el7.x86_64.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. This package was rebuilt to use libfixbuf 2.3.1.
pyfixbuf-0.7.0-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pyfixbuf-0.7.0-2.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases. This package was rebuilt to use libfixbuf 2.3.1.
analysis-pipeline-5.10-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.10-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.3.1.
super_mediator-1.7.0-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-2.el7.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use libfixbuf 2.3.1.
yaf{,-devel}-2.11.0-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-2.el7.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring. This package was rebuilt to use libfixbuf 2.3.1.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.7-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.7-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.7-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.7-100 for FC28

April 12, 2019: The bulk of the changes this week deal with the release of Python 3.6 in the Extra Packages for Enterprise Linux (EPEL) repository for CentOS/RHEL 7. This release is the preferred package which obsoletes Python 3.3.2 that was previously provided in LiFTeR. To that end, Python 3.3.2 was removed from LiFTeR and most of the following packages have been rebuilt to use Python 3.6 for CentOS/RHEL 7. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality. The following changes have been made:

pfring-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1537.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
capstone{,-devel}-3.0.5-1.el6.{i386,x86_64}.rpm and python2-capstone-3.0.5-1.el6.{i386,x86_64}.rpm - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. See here for the list of changes and future features. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
pyew-2.3.0.0-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pyew-2.3.0.0-2.el7.x86_64.rpm - Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool. This package was rebuilt for CentOS/RHEL 6 because of the new capstone package. The other systems were rebuilt to maintain release numbering consistency.
libcreg{,-devel,-python2,-python3,-tools}-20181101-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libcreg{,-devel,-python2,-tools}-20181101-2.el6.{i686,x86_64}.rpm, and libcreg{,-devel,-python2,-python3,-tools}-20181101-2.el7}.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libesedb{,-devel,-python2,-python3,-tools}-20181229-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20181229-4.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python2,-python3,-tools}-20181229-3.el7}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libevt{,-devel,-python2,-python3,-tools}-20181227-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python2,-python3,-tools}-20181227-4.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libevtx{,-devel,-python2,-python3,-tools}-20181227-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python3,-tools}-20181227-5.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libewf{,-devel,-tools,-python2,-tools}-20160718-20140806.2.el6.{i686,x86_64}.rpm, and libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.2.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libexe{,-devel,-python2,-python3,-tools}-20181128-3.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libexe{,-devel,-python2,-tools}-20181128-3.el6.{i686,x86_64}.rpm, and libexe{,-devel,-python2,-python3,-tools}-20181128-3.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfsapfs{,-devel,-python2,-python3,-tools}-20190210-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190210-3.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python2,-python3,-tools}-20190210-3.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfsext{,-devel,-python2,-python3,-tools}-20190115-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsext{,-devel,-python2,-tools}-20190115-2.el6.{i686,x86_64}.rpm, and libfsext{,-devel,-python2,-python3,-tools}-20190115-2.el7.x86_64.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT). Note that this project currently only focuses on the analysis of the format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libfshfs{,-devel,-python2,-python3,-tools}-20181101-4.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm, libfshfs{,-devel,-python2,-tools}-20181101-4.el6.{i686,x86_64}.rpm, and libfshfs{,-devel,-python2,-python3,-tools}-20181101-3.el7.x86_64.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfsntfs{,-devel,-python2,-python3,-tools}-20190104-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20190104-4.el6.{i686,x86_64}.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20190104-4.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfvde{,-devel,-python2,-python3,-tools}-20190104-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20190104-3.el6.{i686,x86_64}.rpm, and libfvde{,-devel,-python2,-python3,-tools}-20190104-3.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfwnt{,-devel,-python2,-python3}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20181227-3.el6.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20181227-3.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
liblnk{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libluksde{,-devel,-python2,-python3,-tools}-20180514-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-python3,-tools}-20180514-1.el7.x86_64.rpm, and libluksde{,-devel,-python,-tools}-20180514-1.el6.{i686,x86_64}.rpm - Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes. See here for the list of changes. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libmodi{,-devel,-python2,-python3,-tools}-20181101-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libmodi{,-devel,-python2,-tools}-20181101-2.el6.{i686,x86_64}.rpm, and libmodi{,-devel,-python2,-python3,-tools}-20181101-2.el7.x86_64.rpm - Libmodi is a lbrary and tools to access the Mac OS disk image formats. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libnk2{,-devel,-python2,-python3,-tools}-20181101-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libnk2{,-devel,-python2,-tools}-20181101-2.el6.{i686,x86_64}.rpm, and libnk2{,-devel,-python2,-python3,-tools}-20181101-2.el7.x86_64.rpm - Libnk2 is a lbrary and tools to access Microsoft Outlook Nickfile (NK2) format files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libpff{,-devel,-python2,-python3,-tools}-20180714-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libpff{,-devel,-python2,-tools}-20180714-4.{i686,x86_64}.rpm, and libpff{,-devel,-python2,-python3,-tools}-20180714-4.el7.x86_64.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libphdi{,-devel,-python2,-python3,-tools}-20181101-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libphdi{,-devel,-python2,-tools}-20181101-1.el6.{i686,x86_64}.rpm, and libphdi{,-devel,-python2,-python3,-tools}-20181101-2.el7.x86_64.rpm - Libphdi is a library to access the Parallels Hard Disk image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libqcow{,-devel,-python2,-python3,-tools}-20181227-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python2,-python3,-tools}-20181227-4.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libregf{,-devel,-python2,-python3,-tools}-20190303-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,-devel,-python2,-tools}-20190303-2.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python3,-tools}-20190303-2.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libscca{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libscca{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libsigscan{,-devel,-python2,-python3,-tools}-20190103-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20190103-3.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python2,-python3,-tools}-20190103-3.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libsmdev{,-devel,-python2,-python3,-tools}-20190315-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20190315-2.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20190315-2.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libsmraw{,-devel,-python2,-python3,-tools}-20181227-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm and libsmraw{,-devel,-python2,-python3,-tools}-20181227-4.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvhdi{,-devel,-python2,-python3,-tools}-20181227-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20181227-4.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvmdk{,-devel,-python2,-python3,-tools}-20181227-4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python2,-python3,-tools}-20181227-4.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvshadow{,-devel,-python2,-python3,-tools}-20190323-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20190323-2.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python2,-python3,-tools}-20190323-2.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvslvm{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvsmbr{,-devel,-python2,-python3,-tools}-20180731-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvsmbr{,-devel,-python2,-tools}-20180731-2.el6.{i686,x86_64}.rpm, and libvsmbr{,-devel,-python2,-python3,-tools}-20180731-2.el7.x86_64.rpm - Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libwrc{,-devel,-python2,-python3,-tools}-20181203-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libwrc{,-devel,-python2,-tools}-20181203-3.el6.{i686,x86_64}.rpm, and libwrc{,-devel,-python2,-python3,-tools}-20181203-3.el7.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
certifi-2019.3.9-2.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
python{2,3}-construct-2.5.2-3.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm, python2-construct-2.5.2-3.el6.noarch.rpm, and python{2,36}-construct-2.5.2-3.el7.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
python{2,3}-pefile-2018.8.8-2.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - PEFile is a Portable Executable reader module. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
pyparsing{,-doc}-2.4.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.noarch.rpm, python3-pyparsing-2.4.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm, pyparsing{,-doc}-2.4.0-1.el7.noarch.rpm, python3-pyparsing-2.4.0-1.el7.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
pytsk3-20190316-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pytsk3-20190316-2.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
python{2,3}-xlsxwriter-1.1.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.5). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.6-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.6-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.6-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.6-100 for FC28
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.52.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.12.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-52.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.12.1 for EL6

April 8, 2019: The following changes have been made:

EMERGENCY RELEASE: CentOS/RHEL 7 now includes Python 3.6 in the EPEL library for CentOS and RHEL. To install the changes noted below, the following must be done first:
sudo rpm -ev python3 python3-libs --nodeps
httplib2-0.12.1-1.el7.noarch.rpm - Httpib2 is comprehensive HttP client library, httplib2 supports many features left out of other HttP libraries. This package was installed for CentOS/RHEL 7 to support xplico. Note: the packages installed are named python2-httplib2 and python3-httplib2.
psycopg2{,-debug,-docs}-2.8.1-1.el7.x86_64.rpm - Python-psycopg2 is a PostgreSQL adapter for the Python programming language. At its core it fully implements the Python DB API 2.0 specifications. Several extensions allow access to many of the features offered by PostgreSQL. This package was installed for CentOS/RHEL 7 to support xplico. Note: the packages installed are named python2-psycopg2 and python3-psycopg2.
xplico-1.2.1-2.el7.x86_64.rpm - xplico is an Internet traffic decoder. This package was rebuilt because of the inclusion of Python 3.6 in the EPEL library.
libfwsi{,-devel,-python2,-python3}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20181227-3.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python2,-python3}-20181227-3.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. This release fixes a package revision error.
liblnk{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. This release fixes a package revision error.
libmsiecf{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. This release fixes a package revision error.
libolecf{,-devel,-python2,-python3,-tools}-20181231-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20181231-3.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python2,-python3,-tools}-20181231-3.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. This release fixes a package revision error.
scapy-2.4.0-5.el7.noarch.rpm - Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc. This package was rebuilt because of the inclusion of Python 3.6 in the EPEL library.

April 5, 2019: The following changes have been made:

pfring-7.4.0-2483.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2483.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1534.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}-dfwinreg-20190329-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
certifi-2019.3.9-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Note: the packages installed are named python2-certifi and python3-certifi for Fedora 24 through 29 and CentOS/RHEL 7.
python{2,3}-requests-2.21.0-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
Volatility-2.6.1-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-2.el7.x86_64.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6.1 that has been patched to April 3, 2019. You can read about this version here
plaso-20190331-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20190331-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. The changes to this release are noted here.
Please note that for Fedora 24, 25, and 26, and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 24, 25, 26, and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
For Fedora 27, 28, and 29, this version of plaso no longer requires either elasticsearch5 or efilter. They may be safely removed with the following:
sudo dnf remove python{,2}-elasticsearch5 python{,2}-efilter
Note that for Fedora 24, 25, 26 and CentOS/RHEL 7, these packages are automatically removed from the Python Virtual Environment.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.5-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.5-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.5-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.5-100 for FC28

March 29, 2019: The following changes have been made:

libbde{,-devel,-python2,-python3,-tools}-20190317-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190317-1.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python3,-tools}-20190317-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libsmdev{,-devel,-python2,-python3,-tools}-20190315-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20190315-1.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20190315-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
pytsk3-20190316-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pytsk3-20190316-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit. Note: the packages installed are named python2-pytsk3 and python3-pytsk3 for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
pfring-7.4.0-2468.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2468.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1527.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}-artifacts-20190320-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm and artifacts-data-20190320-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libvshadow{,-devel,-python2,-python3,-tools}-20190323-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20190323-1.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python2,-python3,-tools}-20190323-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
libfixbuf{,-devel}-2.3.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libfixbuf{,-devel}-2.3.0-1.el7.x86_64.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
pyfixbuf-0.7.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pyfixbuf-0.7.0-1.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-1.el7.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
libschemaTools{,-devel}-1.3-4.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.3-4.el7.x86_64.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 2.3.0.
analysis-pipeline-5.10-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.10-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes.
super_mediator-1.7.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-1.el7.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
yaf{,-devel}-2.11.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-1.el7.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
dcp-1.0.6-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and dcp-1.0.6-1.el7.x86_64.rpm - Dcp combines cp, stat, md5sum and shasum to streamline mirroring and gathering information about all the files copied. All information gathered is written to an output file. The output file can be fed back into dcp when copying snapshots of a directory, this allows only files which differ in location or hash to be copied.
femto-1.3.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and femto-1.3.0-1.el7.x86_64.rpm - FEMTO is an indexing and search system for queries on sequences of bytes. FEMTO stands for the FM-index for External Memory with Throughput Optimizations. This tool supports building large indexes in parallel with MPI and then searching large indexes with a multithreaded server.
ghidra-9.0-PUBLIC_20190228.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and ghidra-9.0-PUBLIC_20190228.el7.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
Please note that you must install the JDK for Ghidra to work. In testing, The Java Development Kit (JDK) version 11.0.2 was used and worked successfully. Ghidra expects a program named java to be available in the directories named in the PATH variable.
CERT-Forensics-Tools-1.0-83.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-83.el7.x86_64.rpm - The changes since the last release (1.0-82) are the following:
- The dcp package is installed except for CentOS/RHEL 6.
- The femto package is installed.
- The ghidra package is installed except for CentOS/RHEL 6.
examiner-tooldocumentation-1.18-10.el7.noarch.rpm - The following packages were updated to added to the documetation suite found on the desktop:
- dcp
- ghidra
- femto_index
- femto_search
- appcompatcache.py
- application_identifiers.py
- mru.py
- msie_zone_info.py
- process_tree.py
- profiles.py
- programscache.py
- sam.py
- services.py
- shellfolders.py
- srum_extensions.py
- sysinfo.py
- task_cache.py
- type_libraries.py
- userassist.py
Once this package has been updated, run the following command:
sudo manage-examiner-login -S -v
to install these changes in the examiner's desktop.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.4-200 for FC29
- 5.0.3-200 for FC29
- 4.20.16-200 for FC29
- 4.20.15-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.4-200 for FC29
- 5.0.3-200 for FC29
- 4.20.16-200 for FC29
- 4.20.15-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.17-100 for FC28
- 4.20.16-100 for FC28
- 4.20.15-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.17-100 for FC28
- 4.20.16-100 for FC28
- 4.20.15-100 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.49.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.10.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-49.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.10.1 for EL7

March 15, 2019: The following changes have been made:

python{2,3}-dfvfs-20190301-1.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm and python2-dfvfs-20190301-1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
python{2,3}-dfwinreg-20190311-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python2-dfwinreg-20190329-2.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
pfring-7.4.0-2456.{el6,el7}.x86_64.rpm -