April 24, 2020:
The following changes have been made:
- libesedb{,-devel,-python2,-python3}-20200418-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2}-20200418-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36}-20200418-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3}-20200418-1.{fc31,el8}.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- libevt{,-devel,-python2,-python3}-20200418-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20200418-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20200418-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20200418-1.{fc31,el8}.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python2,-python3}-20200419-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20200419-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20200419-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20200419-1.{fc31,el8}.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libfsntfs{,-devel,-python3}-20200416-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200416-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200416-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200416-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- pfring-7.6.0-2926.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2926.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2411.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.20.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-20.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
April 17, 2020:
The following changes have been made:
- daq{,-devel,-modules}-2.0.7-10.1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.7-10.1.{fc31,el7,el8}.x86_64.rpm -
The Data Acquisition Library (Daq) is a library used by snort.
This release differs from daq provided by Fedora and EPEL because it contains the static libraries required by snort.
- snort-2.9.16-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.16-1.{fc31,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- snort-sample-rules-2.9.16-1.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.1.16-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.16-1.{fc31,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- bulk_extractor-1.6.0-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-2.{fc31,el7,el8}.x86_64.rpm -
Bulk_extractor
is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools.
Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
This version fixes many issues.
In addition, it also contains the BEViewer GUI front-end for bulk_extractor.
This version was rebuilt to add SQLite and LibXML build dependencies.
- libewf-experimental{,-devel,-tools,-python3,-tools}-20200405-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf-experimental{,-devel,-tools,-python2,-tools}-20200405-1.el6.{i686,x86_64}.rpm,
libewf-experimental{,-devel,-tools,-python36,-tools}-20200405-1.el7.x86_64.rpm, and libewf-experimental{,-devel,-tools,-python3,-tools}-20200405-1.{fc31,el8}.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr.
Further, the Libewf-Experimental packages have been installed in the forensics-test repository.
You will need to enable this repository with this command for Fedora or CentOS/RHEL 8:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL 6 and 7:
sudo yum-config-manager --enable forensics-test
- python{2,36}-psutil-5.7.0-2.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
Note that the Python 2 version is now provided and the Python 3 version no longer obsoletes the Python 2 version.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-1.{fc31,el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.1-2.{fc31,el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- analysis-pipeline-5.11.3-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-4.{fc31,el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0 release 3.
- prism-1.2-9.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-9.{fc31,el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
- super_mediator-1.7.1-3.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-3.{fc31,el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use silk 3.19.0.
- libfsapfs{,-devel,-python2,-python3}-20200416-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20200416-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20200416-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20200416-1.{fc31,el8}.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- pfring-7.6.0-2903.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2903.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2375.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.19.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-19.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.35.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-35.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el8-x86_64-1.6-1.6.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el8-x86_64-1.1.r17-6.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
April 10, 2020:
The following changes have been made:
- python{2,3}-certifi-2020.4.5.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python{2,36}-certifi-2020.4.5.1-1.el7.noarch.rpm -
Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- python{2,3}-pyparsing-2.4.7-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm, python{2,36}-pyparsing-2.4.7-1.el7.noarch.rpm, and pyparsing-doc-2.4.7-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- bulk_extractor-1.6.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and bulk_extractor-1.6.0-1.{fc31,el7,el8}.x86_64.rpm -
Bulk_extractor
is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools.
Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
This version fixes many issues.
In addition, it also contains the BEViewer GUI front-end for bulk_extractor.
- CERT-Forensics-Tools-1.0-89.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-89.{fc31,el7,el8}.x86_64.rpm -
This relese does the following:
- Volatility-community-plugins-20190729-5.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This package was updated to reflect the removal of the python-dpapick dependency for Fedora 31.
No changes were made for any of the other provided systems.
- python2-dpapick-0.3-1.fc31.noarch.rpm -
Python-DPAPick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API).
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- python-CFPropertyList-0.0.1-1.fc31.x86_64.rpm -
Python-CFPropertyList is a Python toolkit to that contains classes to read binary property list files as defined by Apple.
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- python-registry-1.2.0-1.fc31.x86_64.rpm -
Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE.
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- python-unicodecsv-0.14.0-1.fc31.x86_64.rpm -
Python-unicodecsv is a drop-in replacement for Python 2.7’s csv module which supports unicode strings without a hassle.
This package was removed from the Fedora 31 repository for the x86_64 architecture.
- pfring-7.6.0-2900.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2900.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2358.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-18.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el8-x86_64-1.6-1.5.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el8-x86_64-1.1.r17-5.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
April 3, 2020:
The following changes have been made:
- cert-forensics-tools-release-{6,7,8,26,27,28,29,30,31}-15.noarch.rpm -
cert-forensics-tools-release is the package
that connects a Fedora- and CentOS/RHEL-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR).
This package has been changed to include a new Forensics team key which is also available here.
- pfring-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-dkms-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2351.{el6,el7}.x86_64.rpm and ndpi-3.2.0-2340.el8.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.17.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm -
This package has been changed to include a new Forensics team key which is also available here.
- pfring-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2891.{el6,el7}.x86_64.rpm and pfring-dkms-7.6.0-2888.el8.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2351.{el6,el7}.x86_64.rpm and ndpi-3.2.0-2340.el8.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.17.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.13-200 for FC31
- 5.5.11-200 for FC31
|
|
March 27, 2020:
The following changes have been made:
- python{2,3}-elasticsearch-7.6.0-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.6.0-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.6.0-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- python3-zmq{,-tests}-19.0.0-el8.x86_64.rpm -
ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python.
For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
- pfring-7.6.0-2887.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2887.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2340.{el6,el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- yaf{,-devel}-2.11.0-4.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-4.{fc31,el7,el8}.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
- snort-2.9.15.1-2.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15.1-2.{fc31,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- snort-openappid-2.9.1.15-2.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15.1-2.{fc31,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6, 7, and 8 for the x86_64 architecture.
- fmem-kernel-modules-fc31-x86_64-1.6-1.16.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-16.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.34.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-34.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
March 21, 2020:
The following changes have been made:
- ddrescue-1.25-1.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm -
Ddrescue is a data recovery tool.
It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
See here for the changes since the last version (1.24) released to this repository.
- cutter-1.10.1-1.fc30.{i686,x86_64}.rpm and cutter-1.10.1-1.fc31.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
These packages have been removed from the repository because they are now provided by Fedora by a package named cutter-re
- cutter-1.10.1-1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-1.10.1-1.{el7,el8}.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
These packages have been removed from the repository because they are now provided by a package named cutter-re to be consistent with the packages provided by Fedora.
- cutter-re-1.7.3-2.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-re-1.7.3-1.{el7,mel8}.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind.
Cutter is created by reverse engineers for reverse engineers.
This version of cutter is based on the code dated 2019-01-15 which was built to embed radare2 version 2.6.0 in it.
This release provides the same files as cutter-1.7.3-1 except that the package is renamed to be consistent with the packages provided by Fedora.
- CERT-Forensics-Tools-1.0-88.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-88.{fc31,el7,el8}.x86_64.rpm -
This relese does the following:
- Obsoletes cutter.
- Added cutter-re.
- aeskeyfind-1.0-3.{fc31,el7,el8}.x86_64.rpm and aeskeyfind-1.0-3.fc30.{i686,x86_64}.rpm -
Aeskeyfind
illustrates automatic techniques for locating 128-bit and 256-bit AES keys in a captured memory image.
This package has been removed form the repository because it is now provided by Fedora.
- fmem-kernel-modules-fc31-x86_64-1.6-1.15.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-15.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.33.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-33.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.64.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-64.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
|
|
March 13, 2020:
The following changes have been made:
- pfring-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2314.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- pfring-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2867.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2314.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.14.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-14.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.32.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-32.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.63.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-63.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
March 4, 2020:
The following changes have been made:
- python3-dfvfs-20200211-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200211-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
- plaso-20200227-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200227-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- pfring-7.6.0-2853.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2853.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.13.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.7-200 for FC31
- 5.5.6-201 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-13.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.7-200 for FC31
- 5.5.6-201 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.31.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.7-100 for FC30
- 5.5.6-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-31.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.7-100 for FC30
- 5.5.6-100 for FC30
|
|
February 28, 2020:
The following changes have been made:
- libfsntfs{,-devel,-python3}-20200223-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200223-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200223-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200223-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- python3-xlsxwriter-1.2.8-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python36-xlsxwriter-1.2.8-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
Note that the Python 2 version is no longer provided.
- python{2,3}-future-0.18.2-1.{fc31,el8}.noarch.rpm -
Python-Future is the missing compatibility layer between Python 2 and Python 3.
It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support the packaging of Python-PEFile
which in turn is needed to support the packaging of Volatility-community-plugins.
- python3-idna-2.9-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.10-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891.
This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
- python36-psutil-5.7.0-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
Note that the Python 2 version is no longer provided.
- python{2,3}-requests-2.23.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.23.0-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-3.{fc31,el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-4.{fc31,el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
Note: The version of SiLK that was released on 2019-10-24 contained some bugs that were fixed in the version dated 2019-10-28.
This release contains those fixes.
- analysis-pipeline-5.11.3-3.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-3.{fc31,el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0 release 3.
- prism-1.2-8.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-8.{fc31,el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
- super_mediator-1.7.1-2.{fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-2.{fc31,el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use silk 3.19.0.
- fmem-kernel-modules-common-1.6-1.5.noarch.rpm -
Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations.
This package contains the source code for making the FMEM kernel modules and the install-fmem script.
The changes are the following:
- Fmem code up to date as of February 28, 2020 which incorporates changes for Linux 5.5 kernels.
- pfring-7.6.0-2852.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2852.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2295.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.12.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-12.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.30.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-30.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
February 21, 2020:
The following changes have been made:
- cutter-1.10.1-1.fc30.{i686,x86_64}.rpm and cutter-1.10.1-1.fc31.x86_64.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind.
Cutter is created by reverse engineers for reverse engineers.
Note that this release is only available for Fedora 30 and 31 because it relies on Qt version 5.12.
- ghidra-9.1.2-PUBLIC_20200212.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1.2-PUBLIC_20200212.1.{fc26,fc31,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
- pfring-7.6.0-2845.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2845.{el6,el7}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2284.{el6,el7}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.11.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.20-200 for FC31
- 5.4.19-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-11.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.20-200 for FC31
- 5.4.19-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.29.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-29.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
February 17, 2020:
The following changes have been made:
- Volatility-community-plugins-20190729-4.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This package was updated to reflect the removal of python2-simplejson from EPEL for CentOS/RHEL 8.
No changes were made for any of the other provided systems.
|
|
February 14, 2020:
The following changes have been made:
- python3-artifacts-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm,
python36-artifacts-20200118-2.el7.x86_64.rpm, artifacts-data-20200118-2.el7.x86_64.rpm,
python3-artifacts-20200118-2.{fc31,el8}.x86_64.rpm, artifacts-data-20200118-2.{fc31,el8}.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
Note that the Python 2 version is no longer provided.
- python{2,3}-cffi-1.14.0-1.el8.x86_64.rpm and cffi-doc-1.14.0-1.el8.noarch.rpm -
Python-CFFI is a C Foreign Function Interface for Python.
Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
- python3-dfdatetime-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfdatetime-20200121-2.el7.noarch.rpm -
dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
Note that the Python 2 version is no longer provided.
- python3-dfvfs-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200121-2.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
Note that the Python 2 version is no longer provided.
- python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note that the Python 2 version is no longer provided.
- python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note that the Python 2 version is no longer provided.
- python3-dtfabric-20200119-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dtfabric-20200119-2.el7.x86_64.rpm, and python3-dtfabric-20200119-2.{fc31,el8}.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
Note that the Python 2 version is no longer provided.
- libfsntfs{,-devel,-python3}-20200201-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200201-2.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200201-2.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200201-2.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
Note that the Python 2 version is no longer provided.
- zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc31,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.1-0.{fc31,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well.
Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception.
Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson.
Robin Sommer now leads the project, jointly with a core team of researchers and developers at the
International Computer Science Institute in Berkeley, CA; and the
National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek.
To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- python{2,3}-elasticsearch-7.5.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.5.1-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.5.1-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- libluksde{,-devel,-python3,-tools}-20200205-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200205-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python36,-tools}-20200205-1.el7.x86_64.rpm, and libluksde{,-devel,-python3,-tools}-20200205-1.{fc31,el8}.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
Note that the Python 2 version is only provided for CentOS/RHEL 6.
- libsmdev{,-devel,-python3}-20200210-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20200210-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python36}-20200210-1.el7.x86_64.rpm, and libsmdev{,-devel,-python3}-20200210-1.{fc31,el8}.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
Note that the Python 2 version is only provided for CentOS/RHEL 6.
- python36-lz4-3.0.2-1.el7.x86_64.rpm -
LZ4 contains the python bindings for the lz4 compression library.
Note that the Python 2 version is no longer provided.
- sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc31,el7}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
Note that CentOS/RHEL 6 is no longer being udpated.
- autopsy-4.14.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.14.0-1.{fc31,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora.
However, for CentOS/RHEL 7 and 8,the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories.
In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers.
Further, note that CentOS/RHEL 6 is no longer being udpated.
- python3-pytsk3-20200117-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-pytsk3-20200117-1.el7.x86_64.rpm, and python3-pytsk3-20200117-1.{fc31,el8}.x86_64.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- python3-idna-2.8-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.8-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
- python{2,3}-requests-2.22.0-3.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-3.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- plaso-20200121-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200121-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- CERT-Forensics-Tools-1.0-87.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-87.{fc31,el7,el8}.x86_64.rpm -
The registerydecoder package was removed due to its dependence on Python 2.
- pfring-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
Here is the announcement of PF_Ring 7.4.
- pfring-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2242.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.10.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-10.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.28.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-28.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.63.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-63.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.62.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-62.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
January 17, 2020:
The following changes have been made:
- fmem-kernel-modules-fc31-x86_64-1.6-1.9.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-9.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.27.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-27.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el8-x86_64-1.6-1.4.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-147.3.1 for EL8
- 4.18.0-147.0.3 for EL8
- 4.18.0-147 for EL8
- lime-kernel-modules-el8-x86_64-1.1.r17-4.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-147.3.1 for EL8
- 4.18.0-147.0.3 for EL8
- 4.18.0-147 for EL8
|
|
January 10, 2020:
The following changes have been made:
- snort-2.9.15.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.15.1-1.{fc31,el7,el8}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- snort-sample-rules-2.9.15.1-1.{fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.1.15-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.15.1-1.{fc31,el7,el8}.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- pfring-7.4.0-2804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2155.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.8.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.8-200 for FC31
- 5.4.7-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-8.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.8-200 for FC31
- 5.4.7-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.26.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-26.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
January 3, 2020:
The following changes have been made:
- libluksde{,-devel,-python2,-python3,-tools}-20200101-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200101-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-python36,-tools}-20200101-1.el7.x86_64.rpm, and libluksde{,-devel,-python2,-python3,-tools}-20200101-1.{fc31,el8}.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
- libvslvm{,-devel,-python2,-python3}-20200102-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2}-20200102-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20200102-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20200102-1.{fc31,el8}.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
|
|
December 27, 2019:
The following changes have been made:
- libbde{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libbde{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libbde{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- libesedb{,-devel,-python2,-python3}-20192120-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2}-20192120-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36}-20192120-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3}-20192120-1.{fc31,el8}.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- libevt{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libevtx{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libexe{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libexe{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libexe{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libexe{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libexe is a library and tools to access the executable (EXE) format.
- libfsapfs{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- libfsntfs{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- libfvde{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfvde{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
- libfwnt{,-devel,-python2,-python3}-20191222-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191222-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191222-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191222-1.{fc31,el8}.x86_64.rpm -
LibFWNT is a library for Windows NT data types.
- libfwps{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwps{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfwps{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfwps{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
LibFWPS is a library for Windows Property Store data types.
- libfwsi{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- liblnk{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- libmsiecf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
- libolecf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
- libqcow{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
- libregf{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- libsigscan{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsigscan{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
- libsmdev{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- libsmraw{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libsmraw{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
- libvhdi{,-devel,-python2,-python3,-tools}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20191221-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20191221-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
- libvmdk{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
- libvshadow{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvshadow{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
- libvslvm{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
- libwrc{,-devel,-python2,-python3}-20191221-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libwrc{,-devel,-python2}-20191221-1.el6.{i686,x86_64}.rpm, libwrc{,-devel,-python2,-python36}-20191221-1.el7.x86_64.rpm, and libwrc{,-devel,-python2,-python3}-20191221-1.{fc31,el8}.x86_64.rpm -
Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
- plaso-20191203-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20191203-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- python{2,3}-xlsxwriter-1.2.7-1.{fc26,fc27,fc28,fc29,fc30,el8}.noarch.rpm and python{2,36}-xlsxwriter-1.2.7-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- libscca{,-devel,-python2,-python3,-tools}-20191222-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20191222-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20191222-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20191222-1.{fc31,el8}.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- python{2,3}-pyparsing-2.4.6-1.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm, python{2,36}-pyparsing-2.4.6-1.el7.noarch.rpm, and pyparsing-doc-2.4.6-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- pfring-7.4.0-2795.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2795.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2144.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.61.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-61.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
December 20, 2019:
The following changes have been made:
- libfwnt{,-devel,-python2,-python3}-20191219-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191219-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191219-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191219-1.{fc31,el8}.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
- libfsntfs{,-devel,-python2,-python3,-tools}-20191218-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20191218-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36,-tools}-20191218-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20191218-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- fmem-kernel-modules-fc31-x86_64-1.6-1.7.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-7.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.25.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-25.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.62.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1062.9.1 for EL7
- 3.10.0-1062.7.1 for EL7
- 3.10.0-1062.4.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-62.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1062.9.1 for EL7
- 3.10.0-1062.7.1 for EL7
- 3.10.0-1062.4.2 for EL7
|
|
December 12, 2019:
The following changes have been made:
- liblnk{,-devel,-python2,-python3,-tools}-20191209-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191209-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191209-1.el7.x86_64.rpm, liblnk{,-devel,-python2,-python3,-tools}-20191209-1.{fc31,el8}.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- pfring-7.4.0-2780.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2780.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2120.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.6.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-6.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.24.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.15-200 for FC30
- 5.3.14-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-24.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.15-200 for FC30
- 5.3.14-200 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.61.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-61.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
December 7, 2019:
The following changes have been made:
- pfring-7.4.0-2774.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2774.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2104.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
|
|
December 6, 2019:
The following changes have been made:
- certifi-2019.11.28-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- libfsntfs{,-devel,-python2,-python3,-tools}-20191201-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20191201-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-python36,-tools}-20191201-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20191201-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- liblnk{,-devel,-python2,-python3,-tools}-20191203-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191203-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191203-1.el7.x86_64.rpm, liblnk{,-devel,-python2,-python3,-tools}-20191203-1.{fc31,el8}.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- fmem-kernel-modules-fc31-x86_64-1.6-1.5.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.14-300 for FC31
- 5.3.13-300 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-5.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.14-300 for FC31
- 5.3.13-300 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.23.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-23.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.60.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-60.noarch.rpm -
Support for the following kernels were added for LiME:
- Fedora 25 - Updates to Fedora 25 for both the i686 and x86_64 CPU architectures has ceased.
|
|
November 27, 2019:
The following changes have been made:
- python{2,3}-psutil-5.6.7-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
- pfring-7.4.0-2768.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2768.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2086.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.4.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-4.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.22.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-22.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
November 22, 2019:
The following changes have been made:
- python{2,3}-elasticsearch-7.1.0-1.i{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.1.0-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.1.0-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- python{2,3}-xlsxwriter-1.2.6-1.{fc26,fc27,fc28,fc29,fc30,el7,el8}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- python3-zmq{,-tests}-18.1.1-el8.x86_64.rpm and zmq{,-tests}-18.1.1-el8.x86_64.rpm -
ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python.
For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
- python2-haystack-0.42-3.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
- libffi{,-devel}-3.1-19.el8.x86_64.rpm -
Libffi is a portable foreign function interface library.
This package was built to support the packaging of python-cffi.
- python{2,3}-ply-3.11-2.el8.noarch.rpm -
Python-PLY is an implementation of lex and yacc parsing tools for Python.
This package was built to support the packaging of Python-PYCParser.
- python{2,3}-pycparser-2.14-18.el8.noarch.rpm -
Python-PYCParser is a complete C99 parser in pure Python.
This package was built to support the packaging of Python-CFFI.
- python{2,3}-cffi-1.11.5-7.el8.x86_64.rpm and python-cffi-doc-1.11.5-7.el8.noarch.rpm -
Python-CFFI is a C Foreign Function Interface for Python.
Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
This package was built to support the packaging of python-ssdeep.
- python{2,3}-ssdeep-3.2-1.el8.x86_64.rpm -
Python-SSDeep is a Python wrapper for SSDeep fuzzy hashing library.
This package was built to support the packaging of Volatility-community-plugins.
- python2-dpapick-0.3-1.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-DPAPick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API).
This package was built to support the packaging of Volatility-community-plugins.
- python2-ioc_writer-0.3.3-1.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-IOCWriter is a Python library that provides a limited CRUD for manipulating OpenIOC formatted Indicators of Compromise.
This package was built to support the packaging of Volatility-community-plugins.
- python2-pycoin-0.77-0.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,fc31,el6,el7,el8}.noarch.rpm -
Python-PYCoin is a Python library implements many of utilities useful when dealing with bitcoin and some bitcoin-like alt-coins.
It has been tested with Python 2.7, 3.6 and 3.7.
This package was built to support the packaging of Volatility-community-plugins.
- python2-colorama-0.3.9-4.el8.noarch.rpm -
Python-Colorama is a Python library that makes ANSI escape character sequences (for producing colored terminal text and cursor positioning) work under MS Windows.
This package was built to support the packaging of Volatility-community-plugins.
- python{2,3}-m2crypto-0.30.1-2.el8.x86_64.rpm -
M2Crypto is a Python library that allows you to call OpenSSL functions from Python 2 and 3 scripts.
This package was built to support the packaging of Python-Typing.
- python2-typing-3.6.2-4.el8.noarch.rpm -
Python-Typing is a Python library that defines a standard notation for type annotations.
This package was built to support the packaging of Volatility-community-plugins.
- python{2,3}-future-0.16.0-4.el8.noarch.rpm -
Python-Future is the missing compatibility layer between Python 2 and Python 3.
It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support the packaging of Python-PEFile
which in turn is needed to support the packaging of Volatility-community-plugins.
- Volatility-community-plugins-20190729-3.el8.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This packages was added to CentOS/RHEL 8.
- python{2,3}-pyfixbuf-0.8.1-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python2-pyfixbuf-0.8.1-1.el6.{i686,x86_64}.rpm, python{2,36}-pyfixbuf-0.8.1-1.el7.x86_64.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
See this page for a list of problems fixed in this and all releases.
- ghidra-9.1-PUBLIC_20191023.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1-PUBLIC_20191023.1.{fc25,fc26,fc31,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
- python{2,3}-requests-2.22.0-2.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-2.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
In this release, the dependencies for urllib3 were updated.
- plaso-20190916-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190708-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python
Virtual Environment.
Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found
here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon.
Note that this updates the dependent packages but not plaso.
The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
|
|
November 15, 2019:
The following changes have been made:
- python{2,3}-xlsxwriter-1.2.5-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- python{2,3}-pyparsing-2.4.5-1.{fc26,fc27,fc28,fc29,el8}.noarch.rpm, python2-pyparsing-2.4.4-1.el6.noarch.rpm, and pyparsing-doc-2.4.4-1.{fc26,fc27,fc28,fc29,el6,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- libesedb{,-devel,-python2,-python3,-tools}-20191111-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20191111-1.el6.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-python36,-tools}-20191111-1.el7.x86_64.rpm, and libesedb{,-devel,-python2,-python3,-tools}-20191111-1.el8.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- libsmdev{,-devel,-python2,-python3,-tools}-20191112-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20191112-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36,-tools}-20191112-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20191112-1.el8.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- pfring-7.4.0-2751.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2751.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2057.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.3.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.11-300 for FC31
- 5.3.9-300 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-3.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.11-300 for FC31
- 5.3.9-300 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.21.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-21.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.37.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-37.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.59.noarch.rpm -
Support for the following kernels were added for Fmem:
- 3.10.0-1062.4.3 for EL7
- 3.10.0-1062.4.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-59.noarch.rpm -
Support for the following kernels were added for LiME:
- 3.10.0-1062.4.3 for EL7
- 3.10.0-1062.4.2 for EL7
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.60.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.32-754.23.3 for EL6
- 2.6.32-754.23.2 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-60.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.32-754.23.3 for EL6
- 2.6.32-754.23.2 for EL6
|
|
November 8, 2019:
The following changes have been made:
- daq{,-devel,-modules}-2.0.6-8.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.6-8.1.{el7,el8}.x86_64.rpm -
The Data Acquisition Library (Daq) is a library used by snort.
- libregf{,-devel,-python2,-python3,-tools}-20191102-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libregf{,-devel,-python2,-tools}-20191102-1.el6.{i686,x86_64}.rpm, libregf{,-devel,-python2,-python36-tools}-20191102-1.el7.x86_64.rpm, and libregf{,-devel,-python2,-python3-tools}-20191102-1.el8.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- libsmdev{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- libsmraw{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libsmraw{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
- libvshadow{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libvshadow{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
- libqcow{,-devel,-python2,-python3,-tools}-20191103-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20191103-1.el6.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-python36,-tools}-20191103-1.el7.x86_64.rpm, and libqcow{,-devel,-python2,-python3,-tools}-20191103-1.el8.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
- libfsapfs{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libfsapfs{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- libfvde{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-python36,-tools}-20191104-1.el7.6_64.rpm, and libfvde{,-devel,-python2,-python3,-tools}-20191104-1.el7.6_64.rpm -
Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
- libfwnt{,-devel,-python2,-python3}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20191104-1.el6.{i686,x86_64}.rpm, libfwnt{,-devel,-python2,-python36}-20191104-1.el7.x86_64.rpm, and libfwnt{,-devel,-python2,-python3}-20191104-1.el8.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
- libmsiecf{,-devel,-python2,-python3,-tools}-29101104-1.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-29101104-1.el6.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-python36,-tools}-29101104-1.el7.x86_64.rpm, and libmsiecf{,-devel,-python2,-python3,-tools}-29101104-1.el8.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
- libolecf{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libolecf{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
- libscca{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, ibscca{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libscca{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libscca{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- libvhdi{,-devel,-python2,-python3,-tools}-20191104-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
- libvmdk{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvmdk{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
- libbde{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, , libbde{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libbde{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- libevt{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libevt{,-devel,-python2,-python36,-tools}-20191104-5.el7.x86_64.rpm, and libevt{,-devel,-python2,-python3,-tools}-20191104-5.el8.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_65.rpm, and libevtx{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_65.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libvslvm{,-devel,-python2,-python3,-tools}-20191104-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20191104-1.el6.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-python36,-tools}-20191104-1.el7.x86_64.rpm, and libvslvm{,-devel,-python2,-python3,-tools}-20191104-1.el8.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
- Volatility-community-plugins-20190729-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
This package was updated to change dependencies.
- python2-haystack-0.42-2.{fc25,fc26,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
- rifiuti2-0.7.0-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-3.el7.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
This package was updated to avoid a conflict with the rifiuti package.
- python{2,3}-pyparsing-2.4.4-1.{fc26,fc27,fc28,fc29,el8}.noarch.rpm, python2-pyparsing-2.4.4-1.el6.noarch.rpm, and pyparsing-doc-2.4.4-1.{fc26,fc27,fc28,fc29,el6,el8}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- python{2,3}-psutil-5.6.5-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
- python{2,3}-xlsxwriter-1.2.3-1.{fc26,fc27,fc28,fc29,fc30,el7,el8}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- pfring-7.4.0-2741.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2741.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2048.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc31-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc31-x86_64-1.1.r17-2.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.20.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-20.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-1.6-1.18.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for Fedora 31 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-18.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for Fedora 31 x86_64 architecture was added.
- Fedora 31 - The repository now supports Fedora 31
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 31:
|
|
November 1, 2019:
The following changes have been made:
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-1.{el7,el8}.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
- libipa{,-devel,python}-0.5.2-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libipa{,-devel,python}-0.5.2-3.{el6,el7,el8}.x86_64.rpm -
LibIPA an IP address annotation system.
IPA provides a flexible and efficient repository of IP address information, tools for querying and maintaining the data, and shared libraries and modules for data access.
For more information, read the IPA documentation.
Note: this release provides no new functionality.
This package was rebuild to change the name from ipa to libipa to address a conflict with CentOS/RHEL 8.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.0-2.{el6,el7,el8}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
- analysis-pipeline-5.11.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-2.{el7,el8}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use silk 3.19.0.
- prism-1.2-7.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-7.{el7,el8}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.19.0.
- super_mediator-1.7.1-1.{fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.1-1.{el7,el8}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for a list of changes in this version.
- libfwsi{,-devel,-python2,-python3}-20191025-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191025-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191025-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python36}-20191025-1.el8.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- liblnk{,-devel,-python2,-python3,-tools}-20191027-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20191027-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el7.x86_64.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20191027-1.el8.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- python{2,3}-yara-3.11.0-1.{i386,x86_64}.fc30.rpm, python2-yara-3.11.0-1.{i386,x86_64}.el6.rpm, and python{2,3}-yara-3.11.0-1.x86_64.el8.rpm -
Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
- libregf{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20191029-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36-tools}-20191029-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- libscca{,-devel,-python2,-python3,-tools}-20191029-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and libscca{,-devel,-python2,-python36,-tools}-20191029-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- pfring-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2011.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.19.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-19.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.36.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-36.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.58.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-58.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
October 25, 2019:
The following changes have been made:
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.18.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-18.noarch.rpm -
Modules for the following kernels were rebuilt to use the latest version of LiME:
5.3.6-200
5.3.5-200
5.2.18-200
5.2.17-200
|
5.2.16-200
5.2.15-200
5.2.14-200
5.2.13-200
|
5.2.11-200
5.2.9-200
5.2.8-200
5.2.7-200
|
5.2.6-200
5.2.5-200
5.1.20-300
5.1.19-300
|
5.1.18-300
5.1.17-300
5.1.16-300
5.1.15-300
|
5.1.12-300
5.1.11-300
5.1.9-300
5.1.8-300
|
5.1.7-300
5.1.6-300
5.1.5-300
5.0.17-300
|
5.0.16-300
5.0.14-300
5.0.13-300
5.0.11-300
|
5.0.10-300
5.0.9-301
|
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.35.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-35.noarch.rpm -
Support for the following kernels were added for LiME:
5.2.7-100
5.2.18-100
5.2.17-100
5.2.11-100
5.1.9-200
5.1.8-200
|
5.1.6-200
5.1.21-200
5.1.20-200
5.1.18-200
5.1.16-200
5.1.15-200
|
5.1.11-200
5.0.9-200
5.0.8-200
5.0.7-200
5.0.6-200
5.0.5-200
|
5.0.4-200
5.0.3-200
5.0.19-200
5.0.17-200
5.0.16-200
5.0.14-200
|
5.0.13-200
5.0.11-200
5.0.10-200
4.20.8-200
4.20.7-200
4.20.6-200
|
4.20.5-200
4.20.4-200
4.20.3-200
4.20.16-200
4.20.15-200
4.20.14-200
|
4.20.13-200
4.20.12-200
4.20.11-200
4.20.10-200
4.19.9-300
4.19.8-300
|
4.19.7-300
4.19.6-300
4.19.5-300
4.19.4-300
4.19.3-300
4.19.2-301
|
4.19.2-300
4.19.15-300
4.19.14-300
4.19.13-300
4.19.12-301
4.19.10-300
|
4.18.18-300
4.18.17-300
4.18.16-300
4.18.14-300
|
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.42.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-42.noarch.rpm -
Support for the following kernels were added for LiME:
5.0.9-100
5.0.8-100
5.0.7-100
5.0.6-100
5.0.5-100
5.0.16-100
5.0.13-100
|
5.0.11-100
4.20.8-100
4.20.7-100
4.20.6-100
4.20.5-100
4.20.4-100
4.20.17-100
|
4.20.16-100
4.20.15-100
4.20.14-100
4.20.11-100
4.19.8-200
4.19.7-200
4.19.6-200
|
4.19.5-200
4.19.4-200
4.19.3-200
4.19.2-200
4.19.16-200
4.19.15-200
4.19.14-200
|
4.19.13-200
4.19.12-200
4.19.10-200
4.18.9-200
4.18.8-200
4.18.7-200
4.18.5-200
|
4.18.18-200
4.18.17-200
4.18.16-200
4.18.14-200
4.18.13-200
4.18.12-200
4.18.10-200
|
4.17.9-200
4.17.7-200
4.17.6-200
4.17.5-200
4.17.4-200
4.17.3-200
4.17.2-200
|
4.17.19-200
4.17.18-200
4.17.17-200
4.17.14-202
4.17.12-200
4.17.11-200
4.16.9-300
|
4.16.8-300
4.16.7-300
4.16.6-302
4.16.5-300
4.16.3-301
4.16.16-300
4.16.15-300
|
4.16.14-300
4.16.13-300
4.16.12-300
4.16.11-300
4.16.10-300
|
- fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.44.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-44.noarch.rpm -
Support for the following kernels were added for LiME:
4.18.9-100
4.18.7-100
4.18.19-100
4.18.18-100
4.18.16-100
4.18.15-100
4.18.13-100
|
4.18.12-100
4.18.10-100
4.17.9-100
4.17.7-100
4.17.6-100
4.17.5-100
4.17.3-100
|
4.17.2-100
4.17.19-100
4.17.17-100
4.17.14-102
4.17.12-100
4.17.11-100
4.16.9-200
|
4.16.7-200
4.16.6-202
4.16.5-200
4.16.4-200
4.16.3-200
4.16.16-200
4.16.15-200
|
4.16.14-200
4.16.13-200
4.16.12-200
4.16.11-200
4.15.9-300
4.15.8-300
4.15.7-300
|
4.15.6-300
4.15.4-300
4.15.3-300
4.15.17-300
4.15.16-300
4.15.15-300
4.15.14-300
|
4.15.13-300
4.15.12-301
4.15.10-300
4.14.8-300
4.14.7-300
4.14.6-300
4.14.5-300
|
4.14.3-300
4.14.18-300
4.14.16-300
4.14.14-300
4.14.13-300
4.14.11-300
4.13.9-300
|
4.13.16-302
4.13.16-300
4.13.15-300
4.13.13-300
4.13.12-300
|
- fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.38.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-38.noarch.rpm -
Support for the following kernels were added for LiME:
4.16.7-100
4.16.11-100
4.15.9-200
4.15.7-200
4.15.6-200
|
4.15.4-200
4.15.3-200
4.15.17-200
4.15.16-200
4.15.15-200
|
4.15.14-200
4.15.12-201
4.15.10-200
4.14.8-200
4.14.6-200
|
4.14.5-200
4.14.4-200
4.14.18-200
4.14.16-200
4.14.14-200
|
4.14.13-200
4.14.11-200
4.13.9-200
4.13.8-200
4.13.5-200
|
4.13.4-200
4.13.16-202
4.13.16-200
4.13.15-200
4.13.13-200
|
4.13.12-200
4.13.11-200
4.13.10-200
4.12.9-300
4.12.8-300
|
4.12.5-300
4.12.14-300
4.12.13-300
4.12.12-300
4.12.11-300
|
4.11.9-300
4.11.8-300
4.11.11-300
4.11.10-300
|
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.50.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-50.noarch.rpm -
Support for the following kernels were added for LiME:
4.13.16-100
4.13.15-100
4.13.13-100
4.13.12-100
4.13.11-100
|
4.13.10-100
4.13.8-100
4.13.5-100
4.12.14-200
4.12.13-200
|
4.12.11-200
4.12.9-200
4.12.8-200
4.11.12-200
4.11.11-200
|
4.11.10-200
4.11.9-200
4.11.8-200
4.11.7-200
4.11.6-201
|
4.11.5-200
4.11.4-200
4.11.3-200
4.11.3-202
4.10.17-200
|
4.10.16-200
4.10.15-200
4.10.10-200
4.10.9-200
4.10.8-200
|
4.10.6-200
4.10.5-200
4.9.14-200
4.9.13-200
4.9.13-201
|
4.9.12-200
4.9.11-200
4.9.10-200
4.9.9-200
4.9.8-201
|
4.9.7-201
4.9.6-200
4.9.5-200
4.9.4-201
4.9.3-200
|
4.8.16-300
4.8.15-300
4.8.14-300
4.8.13-300
4.8.12-300
|
4.8.11-300
4.8.10-300
4.8.8-300
4.8.6-300
|
- fmem-kernel-modules-el8-x86_64-1.6-1.3.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-el8-x86_64-1.1.r17-3.noarch.rpm -
Support for the following kernels were added for LiME:
4.18.0-80.11.2
|
4.18.0-80.11.1
|
4.18.0-80.7.2
|
4.18.0-80.7.1
|
4.18.0-80.4.2
|
4.18.0-80.1.2
|
4.18.0-80
|
- fmem-kernel-modules-el7-x86_64-1.6-1.57.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-el7-x86_64-1.1.r17-57.noarch.rpm -
Support for the following kernels were added for LiME:
3.10.0-1062.1.2
3.10.0-1062.1.1
3.10.0-1062
3.10.0-957.5.1
3.10.0-957.27.2
3.10.0-957.21.3
3.10.0-957.21.2
3.10.0-957.1.3
3.10.0-957.12.2
3.10.0-957.12.1
3.10.0-957.10.1
3.10.0-957
|
3.10.0-862.3.3
3.10.0-862.9.1
3.10.0-862.6.3
3.10.0-862.3.2
3.10.0-862.2.3
3.10.0-862.14.4
3.10.0-862.11.6
3.10.0-862
3.10.0-693.5.2
3.10.0-693.2.2
3.10.0-693.21.1
3.10.0-693.2.1
|
3.10.0-693.17.1
3.10.0-693.11.6
3.10.0-693.11.1
3.10.0-693.1.1
3.10.0-693
3.10.0-514.6.2
3.10.0-514.6.1
3.10.0-514.26.2
3.10.0-514.26.1
3.10.0-514.2.2
3.10.0-514.21.2
3.10.0-514.21.1
|
3.10.0-514.16.1
3.10.0-514.10.2
3.10.0-514
3.10.0-327.4.5
3.10.0-327.4.4
3.10.0-327.36.3
3.10.0-327.36.2
3.10.0-327.36.1
3.10.0-327.3.1
3.10.0-327.28.3
3.10.0-327.28.2
3.10.0-327.22.2
|
3.10.0-327.18.2
3.10.0-327.13.1
3.10.0-327.10.1
3.10.0-327
3.10.0-229.7.2
3.10.0-229.4.2
3.10.0-229.20.1
3.10.0-229.14.1
3.10.0-229.1.2
3.10.0-229.11.1
3.10.0-229
3.10.0-123.9.3
|
3.10.0-123.9.2
3.10.0-123.8.1
3.10.0-123.6.3
3.10.0-123.4.4
3.10.0-123.4.2
3.10.0-123.20.1
3.10.0-123.13.2
3.10.0-123.13.1
3.10.0-123.1.2
3.10.0-123
|
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.59.noarch.rpm -
No additional modules were added for Fmem.
This package was only updates for revision number equality with LiME.
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-59.noarch.rpm -
Support for the following kernels were added for LiME:
2.6.32-754.23.1
2.6.32-754.22.1
2.6.32-754.18.2
2.6.32-754.17.1
2.6.32-754.15.3
2.6.32-754.14.2
2.6.32-754.12.1
2.6.32-754.11.1
2.6.32-754.10.1
2.6.32-754.9.1
2.6.32-754.6.3
2.6.32-754.3.5
2.6.32-754.2.1
2.6.32-754
|
2.6.32-696.30.1
2.6.32-696.28.1
2.6.32-696.23.1
2.6.32-696.20.1
2.6.32-696.18.7
2.6.32-696.16.1
2.6.32-696.13.2
2.6.32-696.10.3
2.6.32-696.10.2
2.6.32-696.10.1
2.6.32-696.6.3
2.6.32-696.3.2
2.6.32-696.3.1
2.6.32-696.1.1
|
2.6.32-696
2.6.32-642.15.1
2.6.32-642.13.2
2.6.32-642.13.1
2.6.32-642.11.1
2.6.32-642.6.2
2.6.32-642.6.1
2.6.32-642.4.2
2.6.32-642.3.1
2.6.32-642.1.1
2.6.32-642
2.6.32-573.26.1
2.6.32-573.22.1
2.6.32-573.18.1
|
2.6.32-573.12.1
2.6.32-573.8.1
2.6.32-573.7.1
2.6.32-573.3.1
2.6.32-573.1.1
2.6.32-573
2.6.32-504.30.3
2.6.32-504.23.4
2.6.32-504.16.2
2.6.32-504.12.2
2.6.32-504.8.1
2.6.32-504.3.3
2.6.32-504.1.3
2.6.32-504
|
2.6.32-431.29.2
2.6.32-431.23.3
2.6.32-431.20.5
2.6.32-431.20.3
2.6.32-431.17.1
2.6.32-431.11.2
2.6.32-431.5.1
2.6.32-431.3.1
2.6.32-431.1.2.0.1
2.6.32-431
2.6.32-358.23.2
2.6.32-358.18.1
2.6.32-358.14.1
2.6.32-358.11.1
|
2.6.32-358.6.2
2.6.32-358.6.1
2.6.32-358.2.1
2.6.32-358.0.1
2.6.32-358
2.6.32-279
2.6.32-220
2.6.32-131.0.15
2.6.32-71.29.1
2.6.32-71.24.1
2.6.32-71.18.2
2.6.32-71.18.1
2.6.32-71.14.1
2.6.32-71.7.1
2.6.32-71
|
- lime-kernel-modules-common-1.1.r17-5.noarch.rpm - LiME is a
Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android.
This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page.
The changes are the following:
- LiME code up to date as of October 21, 2019.
- CaptureMemoryWithLime fixes an error where the image file name contained spaces.
- fmem-kernel-modules-common-1.6-1.4.noarch.rpm - Fmem is kernel module that creates
device /dev/fmem, similar to /dev/mem but without limitations.
This package contains the source code for making the FMEM kernel modules and the install-fmem script.
The changes are the following:
- Fmem code up to date as of October 21, 2019.
- install-mem fixes an error where the path to the kernel modules was wrong.
- pfring-7.4.0-2734.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2734.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2002.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- python{2,3}-distorm3-3.4.1-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python2-distorm3-3.4.1-2.el6.{i386,x86_64}.rpm, python{2,36}-distorm3-3.4.1-2.el7.x86_64.rpm, and python{2,3}-distorm3-3.4.1-2.el8.x86_64.rpm -
Distorm3 is a lightweight, easy-to-use and fast decomposer library.
It disassembles instructions in 16, 32 and 64 bit modes.
Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX.
Distorm3 is used by The Volatility Framework.
|
|
October 18, 2019:
The following changes have been made:
- libfwsi{,-devel,-python2,-python3}-20191012-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20191012-1.el6.{i686,x86_64}.rpm, libfwsi{,-devel,-python2,-python36}-20191012-1.el7.x86_64.rpm, and libfwsi{,-devel,-python2,-python3}-20191012-1.el8.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- ADIA -
This item is the VMware and Virtual Box-based appliances built with CentOS 7.7.1908 for the x86_64 architecture.
See here for more details.
The release consists of the following:
- python{2,3}-xlsxwriter-1.2.2-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.2-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- pfring-7.4.0-2710.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2710.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-1979.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.17.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.3.6-200 for FC30
- 5.3.5-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-17.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.3.6-200 for FC30
- 5.3.5-200 for FC30
- fmem-kernel-modules-el8-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-80.11.2 for EL8
- 4.18.0-80.11.1 for EL8
- 4.18.0-80.7.2 for EL8
- 4.18.0-80.7.1 for EL8
- 4.18.0-80.4.2 for EL8
- 4.18.0-80.1.2 for EL8
- lime-kernel-modules-el8-x86_64-1.1.r17-2.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-80.11.2 for EL8
- 4.18.0-80.11.1 for EL8
- 4.18.0-80.7.2 for EL8
- 4.18.0-80.7.1 for EL8
- 4.18.0-80.4.2 for EL8
- 4.18.0-80.1.2 for EL8
|
|
|
October 11, 2019:
The following changes have been made:
|
|
October 4, 2019:
The following changes have been made:
- pfring-7.4.0-2700.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2700.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1951.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.33.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-33.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el7-x86_64-1.6-1.56.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-56.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
|
September 27, 2019:
The following changes have been made:
- pfring-7.4.0-2682.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2682.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1885.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.15.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.2.17-200 for FC30
- 5.2.16-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-15.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.2.17-200 for FC30
- 5.2.16-200 for FC30
|
|
September 20, 2019:
The following changes have been made:
- python{2,3}-xlsxwriter-1.2.1-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.1-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- analysis-pipeline-5.11.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.3-1.el7.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
See here for the list of changes.
- pfring-7.4.0-2675.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2675.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1875.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.14.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.2.15-200 for FC30
- 5.2.14-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-14.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.2.15-200 for FC30
- 5.2.14-200 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.55.noarch.rpm -
Support for the following kernels were added for Fmem:
- 3.10.0-1062.1.1 for EL7
- 3.10.0-1062 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-55.noarch.rpm -
Support for the following kernels were added for LiME:
- 3.10.0-1062.1.1 for EL7
- 3.10.0-1062 for EL7
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.57.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-57.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
September 13, 2019:
The following changes have been made:
- libvslvm{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
Note: This is a repackaging of the libvslvm tools version 20160110.
- certifi-2019.9.11-1.{fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm -
Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- pfring-7.4.0-2658.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2658.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1848.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.13.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-13.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
September 6, 2019:
The following changes have been made:
- ADIA -
This item is the VMware and Virtual Box-based appliances built with CentOS 7.6.1810 for the x86_64 architecture.
See here for more details.
The release consists of the following:
- pfring-7.4.0-2643.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2643.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1820.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.12.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-12.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.32.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-32.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
August 30, 2019:
The following changes have been made:
- python{2,3}-xlsxwriter-1.2.0-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.2.0-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- CERT-Forensics-Tools-1.0-86.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-86.el7.x86_64.rpm -
Removed the dependency of the kernel-PAE-modules-extra package for Fedora 28 and beyond.
- libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf{,-devel,-tools,-python2,-tools}-20160718-20140806.4.el6.{i686,x86_64}.rpm, and
libewf{,-devel,-tools,-python2,-python36,-tools}-20160718-20140806.4.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718)
and the release number changed to include the source code release date (20140806).
This release obsoletes (which causes the removal of) the ewftools package which is provided by Fedora.
- libfixbuf{,-devel}-2.4.0-1.{,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libfixbuf{,-devel}-2.4.0-1.el7.x86_64.rpm -
Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-1.el7.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-2.{fc25,fc26,fc27,fc28,fc29,fc30,fc30}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.3-2.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
See here for a list of changes in this version.
- libschemaTools{,-devel}-1.3-6.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.3-6.el7.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
This package was rebuilt to use libfixbuf 2.4.0.
- python{2,3}-pyfixbuf-0.8.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python2-pyfixbuf-0.8.0-1.el6.{i686,x86_64}.rpm, and python{2,36}-pyfixbuf-0.8.0-1.el7.x86_64.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
See this page for a list of problems fixed in this and all releases.
- analysis-pipeline-5.11.2-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.2-2.el7.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt to use libfixbuf 2.4.0.
- super_mediator-1.7.0-4.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-4.el7.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use libfixbuf 2.4.0.
- yaf{,-devel}-2.11.0-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.11.0-3.el7.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
This package was rebuilt to use libfixbuf 2.4.0.
- pfring-7.4.0-2623.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2623.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1797.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
|
|
August 23, 2019:
The following changes have been made:
- jdk-12.0.2_linux-x64_bin.rpm -
JDK is the Java SE Development Kit 12.0.2 from Oracle.
This package has been installed in the Fedora 25 and 26 and CentOS/RHEL 7 repositories for the x86_64 architecture.
- ghidra-9.0.4-PUBLIC_20190516.3.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.0.4-PUBLIC_20190516.3.{fc25,fc26,el7}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
Note: this release no longer requires JDK from Oracle for Fedora 27 through 30, relying instead on the latest version of OpenJDK provided by Fedora, specified as java-latest for Fedora 28 and beyond and java-11 for Fedora 27.
However, for Fedora 25 and 26 and CentOS/RHEL 7, JDK Version 11 or higher is required and this package has been added to the appropriate repositories.
In addition, this release also contains a ghidra.desktopfile that supports the GNOME and Mate Window managers.
- sleuthkit{,-devel,-libs}-4.6.7-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.7-1.1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- jdk-8u221-linux-x64.rpm -
JDK is the Java SE Development Kit 8, Update 221 from Oracle.
This package has been installed in the CentOS/RHEL 7 repository for the x86_64 architecture and in the CentOS/RHEL 6 repoositories for the i386 and x86_64 architectures.
- autopsy-4.12.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and autopsy-4.12.0-1.el7.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora.
However, for CentOS/RHEL 6 and 7, the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories.
In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers.
- python{2,3}-xlsxwriter-1.1.9-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.9-1.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
- bro{,-core,ctl,-debugsource,-devel,-libcaf-devel}-2.6.3-0.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-2.6.3-0.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, bro{,-core,ctl,-debugsource,-devel,-libcaf-devel}-2.6.3-0.el7.x86_64.rpm, and libbroker-devel-2.6.3-0.el7.x86_64.rpm -
Bro (nee Zeek) is a powerful network analysis framework that is much different from the typical IDS you may know.
(Zeek is the new name for the long-established Bro system. Note that parts of the system retain the "Bro" name, and it also often appears in the documentation and distributions.)
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well.
Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception.
Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson.
Robin Sommer now leads the project, jointly with a core team of researchers and developers at the
International Computer Science Institute in Berkeley, CA; and the
National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: bro packages install files in /opt/bro.
To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/bro/bin && ! "$PATH" =~ /opt/bro/bin ]] && PATH=$PATH:/opt/bro/bin
[[ -d /opt/bro/share/man && ! "$MANPATH" =~ /opt/bro/share/man ]] && MANPATH=$MANPATH:/opt/bro/share/man
Then run:
. ~/.bashrc
- python{2,3}-elasticsearch-7.0.4-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.4-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- pfring-7.4.0-2612.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2612.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1770.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.11.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.2.9-200 for FC30
- 5.2.8-200 for FC30
- 5.2.7-200 for FC30
- 5.2.6-200 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-11.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.2.9-200 for FC30
- 5.2.8-200 for FC30
- 5.2.7-200 for FC30
- 5.2.6-200 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.31.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-31.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.56.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-56.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
|
August 8, 2019:
The following changes have been made:
|
|
August 2, 2019:
The following changes have been made:
- python{2,3}-pyparsing-2.4.2-1.{fc26,fc27,fc28,fc29}.noarch.rpm, python2-pyparsing-2.4.2-1.el6.noarch.rpm, and pyparsing-doc-2.4.2-1.{fc26,fc27,fc28,fc29,el6}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code.
- python-yara-3.9.0-2.{i386,x86_64}.el6.rpm -
Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
- fmem-kernel-modules-el7-x86_64-1.6-1.54.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-54.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
July 31, 2019:
The following changes have been made:
- python{2,3}-dfvfs-20190714-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190714-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
- libregf{,-devel,-python2,-python3,-tools}-20190714-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190714-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190714-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- plaso-20190708-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190708-1.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python
Virtual Environment.
Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found
here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon.
Note that this updates the dependent packages but not plaso.
The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
- testdisk-7.1-1.1.el6.{i686,x86_64}.rpm and qphotorec-7.0-4.1.el6.{i386,x86_64}.rpm - Testdisk is powerful free
data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused
by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a
file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo
Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file
system has been severely damaged or reformatted.
These releases were built to use the latest version of libewf that is installed in this repository.
- analysis-pipeline-5.11.2-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.2-1.el7.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
- apfs-fuse-20190723-1.{fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm and apfs-fuse-20190723-1.el7.x86_64.rpm -
APFS-Fuse is a read-only FUSE driver for the new Apple File System.
Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental.
It may not be able to read all files, it may return wrong data, or it may simply crash.
Use at your own risk.
But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far).
Thus, the driver may return compressed files instead of uncompressed ones.
Although most of the time it should just report an error.
- cutter-1.8.3-20190701.fc30.{i686,x86_64}.rpm -
Cutter is a Qt and C++
GUI for radare2 reverse engineering framework.
Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind.
Cutter is created by reverse engineers for reverse engineers.
This version is built with the source code that is available on 2019-05-14.
Note that this release is only available for Fedora 30 because it relies on Qt version 5.12.
- python{2,3}-dfwinreg-20190714-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dfwinreg-20190714-1.el7.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
- libguytools-2.1.0-1.{fc25,fc26,fc27,fc28,fc28,fc30}.{i686,x86_64}.rpm and libguytools-2.1.0-1.el7.x86_64,rpm -
Libguytools is a package of subroutines and header files needed to
build and operate guymager.
The changes are:
- Cleaned up for C++14, some minor prototype changes to ensure same bit widths on different architectures
- Some debugging (handling user errors in configuration files)
- Understands # at beginning of line (first non-blank char) for remarks (REM still remains valid)
- guymager-0.8.11-1.{fc25,fc26,fc27,fc28.fc29,fc30,el6}.{i686,x86_64}.rpm and guymager-0.8.11-1.el7.x86_64.rpm -
Guymager is a forensic imaging package.
See here for the list of changes.
- libmodi{,-devel,-python2,-python3,-tools}-20190513-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmodi{,-devel,-python2,-tools}-20190513-1.el6.{i686,x86_64}.rpm, and libmodi{,-devel,-python2,-python36,-tools}-20190513-1.el7.x86_64.rpm -
Libmodi is a lbrary and tools to access the Mac OS disk image formats.
- libphdi{,-devel,-python,-python3,-tools}-20190506-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libphdi{,-devel,-python,-tools}-20190506-1.el6.{i686,x86_64}.rpm, and libphdi{,-devel,-python,-python36,-tools}-20190506-1.el7.x86_64.rpm -
Libphdi is a library to access the Parallels Hard Disk image format.
- Volatility-2.6.1-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-3.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to July 29, 2019.
You can read about this version here.
To install this update on Fedora 25 and CentOS/RHEL 6 and 7, you must first do the following:
sudo rpm -ev yara-python --nodeps
- Volatility-community-plugins-20190729-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community.
Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun.
Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation.
These plugins are installed in /usr/share/volatility/plugins/community/ and to use them you need to specify this location on the command line thusly:
volatility --plugins=/usr/share/volatility/plugins/community ...
Note: The following plugins were removed all systems: AlexanderTarasenko, ThomasWhite, ProcessFuzzyHash, AFF4, JavierVallejo, PeterCasey, LorenzLiebler, Citronneur, AlizHammon, and TranVienHa,
and the following were also removed for el6: BartoszInglot, DaveLasalle, ESET_Browserhooks, FrankBlock, LoicJaquemet, PhilipHuppert, ThomasChopitea, TranVienHa, and YingLi.
- pfring-7.4.0-2604.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2604.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1753.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.9.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.20-300 for FC30
- 5.1.19-300 for FC30
- 5.1.18-300 for FC30
- 5.1.17-300 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-9.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.20-300 for FC30
- 5.1.19-300 for FC30
- 5.1.18-300 for FC30
- 5.1.17-300 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.29.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.20-200 for FC29
- 5.1.18-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-29.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.20-200 for FC29
- 5.1.18-200 for FC29
|
|
July 12, 2019:
The following changes have been made:
- pfring-7.4.0-2598.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2598.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1645.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.8.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-8.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.28.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-28.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
July 3, 2019:
The following changes have been made:
- libsigscan{,-devel,-python2,-python3,-tools}-20190629-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20190629-1.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python2,-python36,-tools}-20190629-1.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
- libevtx{,-devel,-python2,-python3,-tools}-20190619-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20190619-1.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python36,-tools}-20190619-1.el7.x86_65.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libbde{,-devel,-python2,-python3,-tools}-20190701-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190701-1.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python36,-tools}-20190701-1.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- pfring-7.4.0-2595.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2595.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1641.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- rifiuti2-0.7.0-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-2.el7.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.7.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-7.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.27.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-27.noarch.rpm -
Support for the following kernels were added for LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.55.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-55.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
June 28, 2019:
The following changes have been made:
- libewf-experimental{,-devel,-tools,-python2,-python3,-tools}-20190317-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf-experimental{,-devel,-tools,-python2,-tools}-20190317-1.el6.{i686,x86_64}.rpm, and
libewf-experimental{,-devel,-tools,-python2,-python36,-tools}-20190317-1.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
See this page for the list of supported and unsupported formats.
Libewf-Experimental installs packages in /usr/local so that it can be optionally installed along with the conventional Libewf packages, where package contents are installed in /usr.
Further, the Libewf-Experimental packages have been installed in the forensics-test repository.
You will need to enable this repository with this command for Fedora:
sudo dnf config-manager --set-enabled forensics-test
or this command for CentOS/RHEL:
sudo yum-config-manager --enable forensics-test
- pfring-7.4.0-2580.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2580.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1619.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.6.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-6.noarch.rpm -
Support for the following kernels were added for LiME:
|
|
June 21, 2019:
The following changes have been made:
- certifi-2019.6.16-1.{fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm -
Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
- python{2,3}-dfvfs-20190609-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190609-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-1.el7.x86_64.rpm and -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm,
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.2-2.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
- analysis-pipeline-5.11.1-2.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.11.1-2.el7.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
Note: This release was built to add JSON alerting capabilities.
- prism-1.2-6.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and prism-1.2-6.el7.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.18.2.
- super_mediator-1.7.0-3.{fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-3.el7.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use libfixbuf 3.18.2.
- plaso-20190531-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190531-1.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python
Virtual Environment.
Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found
here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon.
Note that this updates the dependent packages but not plaso.
The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
- snort-2.9.13-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-2.9.13-1.el7.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for .the changes in this version.
This release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- snort-sample-rules-2.9.13-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6,el7}.noarch.rpm -
These rules are sample rules only and are intended to allow snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
- snort-openappid-2.9.13-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and snort-openappid-2.9.13-1.el7.x86_64.rpm -
This is the snort package built --enable-open-appid option added to the configure script that configures the build of snort.
See here for more details.
See the OpenAppId Detector Developer Guide for more information.
To install snort-openappid on your system, you must first remove snort.
Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi
sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
In addition, this release includes support for PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
- pfring-7.4.0-2567.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2567.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1601.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.5.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.11-300 for FC30
- 5.1.9-300 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-5.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.11-300 for FC30
- 5.1.9-300 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.26.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.11-200 for FC29
- 5.1.9-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-26.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.11-200 for FC29
- 5.1.9-200 for FC29
- fmem-kernel-modules-el7-x86_64-1.6-1.53.noarch.rpm -
Support for the following kernels were added for Fmem:
- lime-kernel-modules-el7-x86_64-1.1.r17-53.noarch.rpm - Support for the following kernels were added for
LiME:
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.54.noarch.rpm - Support for the following kernels were added for
Fmem:
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-54.noarch.rpm - Support for the following kernels were added for
LiME:
|
|
|
June 14, 2019:
The majority of changes made in this announcement rename packages for CentOS/RHEL to conform to the CentOS/RHEL standard of Python 3 packages including
the Python version in the package name.
For example, where the package for Fedora 30 is named python3-artifacts, the CentOS/RHEL version is named python36-artifacts.
For version and release consistency, the Fedora packages have been updated even though they contain no new functionality.
With this release, Plaso is now provided as conventional package rather than as a Python virtual environment for CentOS/RHEL 7 and
Fedora 26.
In addition, the CentOS/RHEL repositories were audited and packages that are provided by CentOS/RHEL, EPEL, or are no longer needed have been archived.
These packages have been removed from the CentOS/RHEL repository as the result of an audit:
- aff{lib,lib-devel,tools}-3.7.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- bokken-1.8-3.el7.x86_64.rpm - Removed: No longer needed.
- capstone{,-python2,-python3}-3.0.4-6.el7.x86_64.rpm - Removed: Provided by EPEL.
- catdoc-0.94.2-6.el7.x86_64.rpm - Removed: Provided by EPEL.
- daemonize-1.7.3-7.el7.x86_64.rpm - Removed: Provided by EPEL.
- dcfldd-1.3.4.1-2.el7.x86_64.rpm - Removed: Provided by EPEL.
- dd_rescue-1.99.8-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- dino-1.5-2.el7.noarch.rpm - Removed: Provided by EPEL.
- dislocker{,-libs}-0.7.1-1.el7.x86_64.rpm and fuse-dislocker-0.7.1-1.el7.86_64.rpm - Removed: Provided by EPEL.
- dummy-1.0-2.el7.x86_64.rpm - Removed: No longer needed.
- efilter-1-1.5-1.el7.x86_64.rpm - Removed: No longer needed.
- fontawesome-fonts-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
- fontawesome-fonts-web-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
- fred-0.1.1-1.el7.x86_64.rpm - Removed: No longer needed.
- fuse-exfat-1.0.1-1.el7.x86_64.rpm - Removed: No longer needed.
- fuseext2-0.3-1.el7.x86_64.rpm - Removed: No longer needed.
- ghex{,-devel,-libs}-3.18.0-1.el7.x86_64.rpm - Removed: No longer needed.
- hashcat-3.00-1.el7.x86_64.rpm - Removed: No longer needed.
- jansson{,-devel,-devel-doc}-2.9-1.el7.x86_64.rpm - Removed: No longer needed.
- lame{,-devel,-libs,-mp3x}-3.99.5-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- LogAnalysisToolKit-1.7-1.el7.noarch.rpm - Removed: No longer needed.
- luajit{,-devel}-2.0.2-9.el7.x86_64.rpm - Removed: Provided by EPEL.
- mac-robber-1.02-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- mathjax-2.2-4.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
- md5deep-4.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- mdbtools{,-devel,-gui,-libs}-0.7-43.13.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- null-package-1.0-4.el7.noarch.rpm - Removed: No longer needed.
- partclone-0.3.6-2.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- perl-Alien-wxWidgets-0.67-6.el7.x86_64.rpm - Removed: No longer needed.
- perl-Carp-Assert-0.20-4.el7.noarch.rpm - Removed: Provided by EPEL.
- perl-Digest-CRC-0.16-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- perl-Digest-Crc32-0.01-1.el7.noarch.rpm - Removed: No longer needed.
- perl-Image-ExifTool-8.50-1.el7.noarch.rpm - Removed: Provided by EPEL.
- perl-Net-Pcap-0.16-2.el7.x86_64.rpm - Removed: Provided by EPEL.
- protobuf-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-compiler-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-lite-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-lite-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-lite-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-python-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- protobuf-vim-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-c{,-devel}-0.15-2.1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
- pyew-2.3.0.0-2.el7.x86_64.rpm - Removed: No longer needed.
- pygtksourceview{,-devel,-doc}-2.8.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- pyparsing{,-doc}-2.4.0-1.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
- pyPdf-1.12-4.el7.noarch.rpm - Removed: No longer needed.
- python2-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
- python2-efilter-1.5-1.el7.noarch.rpm - Removed: No longer needed.
- python2-elasticsearch5-5.5.5-2.el7.x86_64.rpm - Removed: No longer needed.
- python2-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
- python2-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
- python3-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
- python3-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
- python3-psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
- python3-pyparsing-2.4.0-1.el7.noarch.rpm - Removed: No longer needed.
- python3-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
- python3shim-1.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-dpkt-1.8-2.el7.noarch.rpm - Removed: No longer needed.
- python-elasticsearch5-5.5.5-1.el7.x86_64.rpm - Removed: No longer needed.
- python-httplib2-0.7.7-3.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-console-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-doc-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-gui-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-notebook-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-sphinx-2.2.0-1.el7.noarch.rpm - Removed: No longer needed
- python-ipython-tests-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-M2Crypto-0.26.0-0.x86_64.rpm - Removed: No longer needed.
- python-path-3.0.1-2.el7.noarch.rpm - Removed: No longer needed.
- python-prettytable-0.7.2-4.el7.noarch.rpm - Removed: No longer needed.
- python-psycopg2{,-doc}-2.5.1-3.el7.x86_64.rpm - Removed: No longer needed.
- python-radare-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
- python-radare2-2.9.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- python-tidy-0.2-1.1.el7.noarch.rpm - Removed: No longer needed.
- python-tornado{,-doc}-3.2.1-3.el7.x86_64.rpm - Removed: No longer needed.
- pytsk-20150406-4.el7.x86_64.rpm - Removed: Removed - replaced by pytsk3.
- radare{,-devel,-extras}-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
- radare2{,-common,-devel}-2.9.0-1.el7.x86_64.rpm - Removed: No longer needed.
- scalpel-2.0-2.el7.x86_64.rpm - Removed: Provided by EPEL.
- socat-1.7.3.2-1.1.el7.x86_64.rpm - Removed: Provided by EPEL.
- ssdeep-2.14.1-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- tcpflow-1.4.4-12.el7.x86_64.rpm - Removed: Provided by EPEL.
- tcpxtract-1.0.1-10.el7.2.x86_64.rpm - Removed: Provided by EPEL.
- ttembed-1.1-3.el7.x86_64.rpm - Removed: Provided by EPEL.
- testdisk-6.14-3.3.el7.x86_64.rpm - Removed: Provided by EPEL.
- umview-0.8.2-1.1.el7.x86_64.rpm - Removed: No longer needed.
- valabind-0.10.0-4.el7.x86_64.rpm - Removed: No longer needed.
- xapian-core{,-devel,-libs}-1.2.7-2.el7.x86_64.rpm - Removed: No longer needed.
- xmount-0.7.6-3.el7.x86_64.rpm - Removed: Provided by EPEL.
- xrdp-0.5.0-0.13.el7.x86_64.rpm - Removed: Provided by EPEL.
- yara{,-devel,-doc}-3.5.0-7.1.el7.x86_64.rpm - Removed: Provided by EPEL.
- zeromq{,-devel}-2.2.0-4.el7.x86_64.rpm - Removed: Provided by EPEL.
These changes were also made:
- python{2,3}-artifacts-20190320-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20190320-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm,
python{2,36}-artifacts-20190320-2.el7.x86_64.rpm, and artifacts-data-20190320-2.el7.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-artifacts and python36-artifacts.
The package names for Fedora are unchanged.
- python{2,3}-bencode-2.1.0-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-bencode-2.1.0-1.el7.noarch.rpm -
Bencode re-packages the existing bencoding
and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-bencode and python36-bencode.
The package names for Fedora are unchanged.
- python{2,3}-biplist-1.0.3-3.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-biplist-1.0.3-3.el7.x86_64.rpm -
Biplist is a library for reading/writing binary plists.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-biplist and python36-biplist.
The package names for Fedora are unchanged.
- python{2,3}-chardet-3.0.4-3.fc26.{i686,x86_64}.rpm and python{2,36}-chardet-3.0.4-3.el7.x86_64.rpm -
Chardet is a universal character encoding detector.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-chardet and python36-chardet.
The package names for Fedora are unchanged.
- python{2,3}-dfdatetime-20190517-2.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfdatetime-20190517-2.el7.noarch.rpm -
dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dfdatetime and python36-dfdatetime.
The package names for Fedora are unchanged.
- python{2,3}-dfvfs-20190511-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190511-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
Note: The package for CentOS/RHEL 7 are named python2-dfvfs and python36-dfvfs.
- python{2,3}-dfwinreg-20190517-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dfwinreg-20190329-2.el7.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dfwinreg and python36-dfwinreg.
The package names for Fedora are unchanged.
- python{2,3}-dpkt-1.9.2-2.fc26.{i686,x86_64}.rpm and python{2,36}-dpkt-1.9.2-2.el7.x86_64.rpm -
Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dpkt and python36-dpkt.
The package names for Fedora are unchanged.
- python{2,3}-dtfabric-20190120-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dtfabric-20190120-3.el7.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dtfabric and python36-dtfabric.
The package names for Fedora are unchanged.
- python{2,3}-elasticsearch-7.0.2-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.2-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for
Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python;
because of this it tries to be opinion-free and very extendable.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-elasticsearch and python36-elasticsearch.
The package names for Fedora are unchanged.
- libbde{,-devel,-python2,-python3,-tools}-20190317-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190317-3.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python36,-tools}-20190317-3.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libbde and python36-libbde.
All other package names are unchanged.
- libesedb{,-devel,-python2,-python3,-tools}-20181229-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20181229-5.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python2,-python36,-tools}-20181229-5.el7.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libesedb and python36-libesedb.
All other package names are unchanged.
- libevt{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libevt and python36-libevt.
All other package names are unchanged.
- libevtx{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_65.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx.
All other package names are unchanged.
- libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf{,-devel,-tools,-python2,-tools}-20160718-20140806.3.el6.{i686,x86_64}.rpm, and
libewf{,-devel,-tools,-python2,-python36,-tools}-20160718-20140806.3.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718)
and the release number changed to include the source code release date (20140806).
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx.
All other package names are unchanged.
- libfsapfs{,-devel,-python2,-python3,-tools}-20190510-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190510-2.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python2,-python36,-tools}-20190510-2.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsapfs and python36-libfsapfs.
All other package names are unchanged.
- libfsntfs{,-devel,-python2,-python3,-tools}-20190104-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20190104-5.el6.{i686,x86_64}.rpm, and libfsntfs{,-devel,-python2,-python36,-tools}-20190104-5.el7.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsntfs and python36-libfsntfs.
All other package names are unchanged.
- libfvde{,-devel,-python2,-python3,-tools}-20190104-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20190104-4.el6.{i686,x86_64}.rpm, and libfvde{,-devel,-python2,-python36,-tools}-20190104-4.el7.6_64.rpm -
Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfvde and python36-libfvde.
All other package names are unchanged.
- libfwnt{,-devel,-python2,-python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20181227-4.el6.{i686,x86_64}.rpm and libfwnt{,-devel,-python2,-python36}-20181227-4.el7.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwnt and python36-libfwnt.
All other package names are unchanged.
- libfwsi{,-devel,-python2,-python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20181227-4.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python2,-python36}-20181227-4.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwsi and python36-libfwsi.
All other package names are unchanged.
- liblnk{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-liblnk and python36-liblnk.
All other package names are unchanged.
- libmsiecf{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libmsiecf and python36-libmsiecf.
All other package names are unchanged.
- libolecf{,-devel,-python2,-python3,-tools}-20181231-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20181231-4.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python2,-python36,-tools}-20181231-4.el7.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libolecf and python36-libolecf.
All other package names are unchanged.
- libqcow{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libqcow and python36-libqcow.
All other package names are unchanged.
- libregf{,-devel,-python2,-python3,-tools}-20190303-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190303-3.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190303-3.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libregf and python36-libregf.
All other package names are unchanged.
- libscca{,-devel,-python2,-python3,-tools}-20190605-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libscca{,-devel,-python2,-tools}-20190605-1.el6.{i686,x86_64}.rpm, and libscca{,-devel,-python2,-python36,-tools}-20190605-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
Note: The package for CentOS/RHEL 7 are named python2-libscca and python36-libscca.
- libsigscan{,-devel,-python2,-python3,-tools}-20190103-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20190103-4.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python2,-python36,-tools}-20190103-4.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libsigscan and python36-libsigscan.
All other package names are unchanged.
- libsmdev{,-devel,-python2,-python3,-tools}-20190315-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20190315-3.el6.{i686,x86_64}.rpm, and libsmdev{,-devel,-python2,-python36,-tools}-20190315-23el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmdev and python36-libsmdev.
All other package names are unchanged.
- libsmraw{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmraw and python36-libsmraw.
All other package names are unchanged.
- libvhdi{,-devel,-python2,-python3,-tools}-20181227-5.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm and libvhdi{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvhdi and python36-libvhdi.
All other package names are unchanged.
- libvmdk{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvmdk and python36-libvmdk.
All other package names are unchanged.
- libvshadow{,-devel,-python2,-python3,-tools}-20190323-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20190323-3.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python2,-python36,-tools}-20190323-3.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvshadow and python36-libvshadow.
All other package names are unchanged.
- libvslvm{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvslvm and python36-libvslvm.
All other package names are unchanged.
- python{2,3}-pefile-2019.4.18-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-pefile-2019.4.18-2.el7.noarch.rpm -
PEFile is a Portable Executable reader module.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-pefile and python36-pefile.
The package names for Fedora are unchanged.
- python36-urllib3-1.24.1-1.el7.x86_64.rpm -
Python-urllib3 is a powerful, sanity-friendly HttP client for Python.
Much of the Python ecosystem already uses urllib3.
urllib3 brings many critical features that are missing from the Python standard libraries:
- Thread safety.
- Connection pooling.
- Client-side SSL/TLS verification.
- File uploads with multipart encoding.
- Helpers for retrying requests and dealing with HttP redirects.
- Support for gzip and deflate encoding.
- Proxy support for HttP and SOCKS.
- 100% test coverage.
This package was built to support plaso.
- python{2,36}-lz4-0.10.0-1.el7.x86_64.rpm -
LZ4 contains the python bindings for the lz4 compression library.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-lz4 and python36-lz4.
The package names for Fedora are unchanged.
- python{2,36}-psutil-5.4.3-4.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-psutil and python36-psutil.
- python{2,3}-pytsk3-20190507-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python2-pytsk3-20190507-2.el6.{i686,x86_64}.rpm, and python{2,36}-pytsk3-20190507-2.el7.x86_64.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- python{2,3}-requests-2.22.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- python{2,3}-xlsxwriter-1.1.8-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.8-2.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-xlsxwriter and python36-xlsxwriter.
The package names for Fedora are unchanged.
- plaso-20190429-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190429-1.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as
|
|
|