May 31, 2023:
The following changes have been made:
- libmaxminddb{,-devel}-1.7.1-1.amzn2.x86_64.rpm -
Libmaxminddb provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind.
- bellsoft-jdk8u372+7-linux-amd64-full.rpm -
Bellsoft Java was installed for Fedora 34, 35, and 36, CentOS/RHEL 7, 8, and 9, and Amazon Linux 2 for the x86_64 architecture.
Bellsoft Java 8 is the recommended version of Java for Autopsy.
- bellsoft-jdk8u372+7-linux-aarch64.rpm -
Bellsoft Java was installed for CentOS/RHEL 9 for the aarch64 architecture.
Bellsoft Java 8 is the recommended version of Java for Autopsy.
- libvhdi{,-devel,-python3,-tools}-20221124-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libvhdi{,-devel,-python3,-tools}-20221124-1.el9.{x86_64,aarch64}.rpm, and libvhdi{,-devel,-python36,-tools}-20221124-1.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
- libvmdk{,-devel,-python3,-tools}-20221124-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libvmdk{,-devel,-python3,-tools}-20221124-1.el9.{x86_64,aarch64}.rpm, and libvmdk{,-devel,-python36,-tools}-20221124-1.el7.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
- sleuthkit{,-devel,-libs}-4.12.0-100.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and sleuthkit{,-devel,-libs}-4.12.0-100.el9.{x86_64,aarch64}.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- libbde{,-devel,-python3,-tools}-20221031-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libbde{,-devel,-python3,-tools}-20221031-1.el9.{x86_64,aarch64}.rpm, and libbde{,-devel,-python36,-tools}-20221031-1.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- libevt{,-devel,-python3,-tools}-20221022-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libevt{,-devel,-python3,-tools}-20221022-1.el9.{x86_64,aarch64}.rpm, and libevt{,-devel,-python36,-tools}-20221022-1.el7.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python3,-tools}-20221101-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libevtx{,-devel,-python3,-tools}-20221101-1.el9.{aarch64,x86_64}.rpm, and libevtx{,-devel,-python36,-tools}-20221101-1.el7.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- liblnk{,-devel,-python3,-tools}-20230205-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, liblnk{,-devel,-python3,-tools}-20230205-1.el9.{x86_64,aarch64}.rpm, and liblnk{,-devel,-python36,-tools}-20230205-1.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- libmsiecf{,-devel,-python3,-tools}-20221024-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libmsiecf{,-devel,-python3,-tools}-20221024-1.el9.{x86_64,aarch64}.rpm, and libmsiecf{,-devel,-python36,-tools}-20221024-1.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
- libolecf{,-devel,-python3,-tools}-20221024-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libolecf{,-devel,-python3,-tools}-20221024-1.el9.{x86_64,aarch64}.rpm, and libolecf{,-devel,-python36,-tools}-20221024-1.el7.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
- libbfio{,-devel,-python3}-20221025-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libbfio{,-devel,-python3}-20221025-1.el9.{x86_64,aarch64}.rpm, and libbfio{,-devel,-python36}-20221025-1.el7.x86_64.rpm -
Libbfio is a library that provides basic file input/output abstraction.
Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff.
It is used to chain I/O to support file-in-file access.
- libpff{,-devel,-python3,-tools}-20211114-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libpff{,-devel,-python3,-tools}-20211114-1.el9.{x86_64,aarch64}.rpm, and libpff{,-devel,-python36,-tools}-20211114-1.el7.x86_64.rpm -
Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format.
- libqcow{,-devel,-python3,-tools}-20221124-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libqcow{,-devel,-python3,-tools}-20221124-1.el9.{x86_64,aarch64}.rpm, and libqcow{,-devel,-python36,-tools}-20221124-1.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
- libregf{,-devel,-python3,-tools}-20230319-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libregf{,-devel,-python3,-tools}-20230319-1.el9.{x86_64,aarch64}.rpm, and libregf{,-devel,-python36,-tools}-20230319-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows Registry File files.
- libsmdev{,-devel,-python3,-tools}-20221028-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libsmdev{,-devel,-python3,-tools}-20221028-1.el9.{x86_64,aarch64}.rpm, and libsmdev{,-devel,-python36,-tools}-20221028-1.el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- libsmraw{,-devel,-python3,-tools}-20230320-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, and libsmraw{,-devel,-python3,-tools}-20230320-1.el9.{x86_64,aarch64}.rpm, and libsmraw{,-devel,-python36,-tools}-20230320-1.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
- libvshadow{,-devel,-python3,-tools}-20221030-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libvshadow{,-devel,-python3,-tools}-20221030-1.el9.{x86_64,aarch64}.rpm, and libvshadow{,-devel,-python36,-tools}-20221030-1.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
- msghack-0.21-19.0.20220203.el8.noarch.rpm -
Msghack is a program that is used used to alter .po files in ways no sane mind would.
- gettext{,-devel,-envsubst,-libs,-runtime}-0.21-19.0.20220203.el8.x86_64.rpm, gettext-common-devel-0.21-19.0.20220203.el8.noarch.rpm, and emacs-gettext-0.21-19.0.20220203.el8.noarch.rpm -
Gettext is a set of utilities that provides a framework within which other free packages may produce multi-lingual messages.
- autoconf-2.71-3.{fc35,el8,el9}.noarch.rpm
Autoconf is an extensible package of M4 macros that produce shell scripts to automatically configure software source code packages.
- libmdmp{,-devel,-tools}-20230321-1.{fc35,fc36,el8}.x86_64.rpm and libmdmp{,-devel,-tools}-20230321-1.el9.{x86_64,aarch64}.rpm -
Libmdmp is a library to access the Windows Minidump (MDMP) format.
Note that this project currently only focuses on the analysis of the format.
- libhibr{,-devel,-tools}-20230321-1.{fc35,fc36,el8}.x86_64.rpm and libhibr{,-devel,-tools}-20230321-1.el9.{x86_64,aarch64}.rpm -
libhibr is a lbrary and tools to access the Windows Hibernation File (hiberfil.sys) format.
Note that this project currently only focuses on the analysis of the format.
- libmodi{,-devel,-python3,-tools}-20221023-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libmodi{,-devel,-python3,-tools}-20221023-1.el9.{x86_64,aarch64}.rpm, and libmodi{,-devel,-python36,-tools}-20221023-1.el7.x86_64.rpm -
Libmodi is a library and tools to access the Mac OS disk image formats.
- libnk2{,-devel,-python3,-tools}-20221122-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libnk2{,-devel,-python3,-tools}-20221122-1.el9.{x86_64,aarch64}.rpm, and libnk2{,-devel,-python36,-tools}-20221122-1.el7.x86_64.rpm
Libnk2 is a library and tools to access Microsoft Outlook Nickfile (NK2) format files.
- libphdi{,-devel,-python3,-tools}-20221025-1.{fc35,fc36,el8,amzn2}.x86_64.rpm , and libphdi{,-devel,-python3,-tools}-20221025-1.el9.{x86_64,aarch64}.rpm, and libphdi{,-devel,-python36,-tools}-20221025-1.el7.x86_64.rpm -
Libphdi is a library to access the Parallels Hard Disk image format.
- libexe{,-devel,-python3,-tools}-20230318-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libexe{,-devel,-python3,-tools}-20230318-1.el9.{x86_64,aarch64}.rpm, and libexe{,-devel,-python36,-tools}-20230318-1.el7.x86_64.rpm -
Libexe is a library and tools to access the executable (EXE) format.
- libwtcdb{,-devel,-tools}-20230129-1.{fc35,fc36,el8}.x86_64.rpm and libwtcdb{,-devel,-tools}-20230129-1.el9.{x86_64,aarch64}.rpm -
Libwtcdb is a library and tools to access the Windows (Vista/7) Explorer thumbnail cache database format (thumbcache.db).
- libfplist{,-devel}-20220116-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and libfplist{,-devel}-20220116-1.el9.{x86_64,aarch64}.rpm -
Libfplist is a library for plist formats. Note: this is a library only - there are no tools provided by these packages.
- libfwevt{,-devel}-20230410-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and libfwevt{,-devel}-20230410-1.el9.{x86_64,aarch64}.rpm -
Libfwevt is a library for Windows XML Event Log (EVTX) data types.
Note: this is a library only - there are no tools provided by these packages.
- libfdata{,-devel,-static}-20220111-1.{el7,amzn2}.x86_64.rpm -
Libfdata is a library to provide generic file data functions.
- libagdb{,-devel,-tools}-20230319-1.{fc35,fc36,el8}.x86_64.rpm and libagdb{,-devel,-tools}-20230319-1.el9.{x86_64,aarch64}.rpm -
Libagdb is a library to access the SuperFetch database format.
- libagdb{,-devel,-tools}-20201023-1.{el7,amzn2}.x86_64.rpm -
Libagdb is a library to access the SuperFetch database format.
- libcreg{,-devel,-python3,-tools}-20221022-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libcreg{,-devel,-python3,-tools}-20221022-1.el9.{x86_64,aarch64}.rpm, and libcreg{,-devel,-python36,-tools}-20221022-1.el7.x86_64.rpm -
Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
- libwrc{,-devel,-python3,-tools}-20230318-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libwrc{,-devel,-python3,-tools}-20230318-1.el9.{x86_64,aarch64}.rpm, libwrc{,-devel,-python36,-tools}-20230318-1.el7.x86_64.rpm -
Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
- libvsgpt{,-devel,-python3,-tools}-20221029-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, and libvsgpt{,-devel,-python3,-tools}-20221029-1.el9.{x86_64,aarch64}.rpm, and libvsgpt{,-devel,-python36,-tools}-20221029-1.el7.x86_64.rpm -
Libvsgpt is a library and tools used to access the GUID Partition Table (GPT) volume system.
- winevtrc-20220106-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and winevtrc-20220106-1.el9.{x86_64,aarch64}.rpm -
Winevt-kb is a project to build a Windows Event Log knowledge base.
winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources.
Note that this package also provides winevt-kb.
- dtfabric-20221218-1.{fc35,fc36,el8,amzn2}.x86_64.rpm and dtfabric-20221218-1.el9.{x86_64,aarch64}.rpm -
Dtfabric is a project to manage data types and structures, as used in the libyal projects.
- libhmac{,-devel,-python3,-static,-tools}-20230407-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libhmac{,-devel,-python36,-static,-tools}-20230407-1.el7.x86_64.rpm and libhmac{,-devel,-python3,-static,-tools}-20230407-1.el9.{x86_64,aarch64}.rpm -
Libhmac is a library to support various Hash-based Message Authentication Codes (HMAC).
- dfimagetools-tools-20220312-1.{fc35,fc36,el7,el8,el9,amzn2}.noarch.rpm, python3-dfimagetools-20220312-1.{fc35,fc36,el8,el9,amzn2}.noarch.rpm, and python36-dfimagetools-20220312-1.el7.noarch.rpm -
DFImageTools is a collection of tools to process storage media images.
- libfcrypto{,-devel,-python3,-static}-20221230-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libfcrypto{,-devel,-python36,-static}-20221230-1.el7.x86_64.rpm, and libfcrypto{,-devel,-python3,-static}-20221230-1.el9.{x86_64,aarch64}.rpm -
Libfcrypto is a library for encryption formats.
- winregrc-20230205-1.{fc35,fc36,el8,amzn2}.x86_64.rpm and winregrc-20230205-1.el9.{x86_64,aarch64}.rpm -
Winreg-kb winreg-kb is a project to build a Windows Registry Knowledge Base.
winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources.
Note that this package also provides winreg-kb.
- dfwinreg-20221218-1.{fc35,fc36,el8,amzn2}.x86_64.rpm and dfwinreg-20221218-1.el9.{x86_64,aarch64}.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
- 2hash-0.2-2.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and 2hash-0.2-2.el9.{x86_64,aarch64}.rpm -
2hash is a tool to calculate the md5 and sha1 hashes of a file in a single read.
If you’re regularly checking/calculating hashes of large files this’ll save you a lot of disk I/O.
- libfixbuf{,-devel,-ipfixDump}-2.4.2-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and libfixbuf{,-devel,-ipfixDump}-2.4.2-1.el9.{x86_64,aarch64}.rpm -
Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-3.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-3.el9.{x86_64,aarch64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
This package was rebuilt for libfixbuf-2.4.2.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-4.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-4.el9.{x86_64,aarch64}.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
This package was rebuilt for libfixbuf-2.4.2.
- libschemaTools{,-devel}-1.4-3.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and libschemaTools{,-devel}-1.4-3.el9.{x86_64,aarch64}.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrieve data, and to know the structure of the records.
This package was rebuilt for libfixbuf-2.4.2.
- analysis-pipeline-5.11.4-3.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and analysis-pipeline-5.11.4-3.el9.{x86_64,aarch64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt for libfixbuf-2.4.2.
- analyzeMFT-3.0.1-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and analyzeMFT-3.0.1-1.el9.{x86_64,aarch64}.rpm -
AnalyzeMFT is a tool that fully parses
the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.
See here for the changes since the previously installed version 2.0.19.1.
Note: This version uses Python 3.
- autopsy-4.20.0-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and autopsy-4.20.0-1.el9.{x86_64,aarch64}.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Notes:
- This version uses Java 8 from Bellsoft.
- This version was tested on Fedora 32 through 35 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata.
Those archives were correctly parsed and the EXIF data verified.
- If you wish to run
autopsy on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical.
Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
[ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp)
sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload
sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini
sudo systemctl stop xrdp
sudo systemctl start xrdp
- exfat-utils-1.4.0-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and exfat-utils-1.4.0-1.el9.{x86_64,aarch64}.rpm -
The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems.
This version was rebuilt to remove the obsoletes directives for exfatprogs and fuse-exfat.
This means that the installer must select the appropriate version for their system if not installing with the CERT-Forensics-Tools meta package.
- unrar-6.2.1-1.{fc35,fc36,el8,el9,amzn2}.x86_64.rpm -
Unrar is a powerful archive manager.
It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format.
See here for a list of changes in this version.
- rar-6.2.1-1.{fc35,fc36,el8,el9,amzn2}.x86_64.rpm -
Rar is a powerful archive manager.
It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format.
See here for a list of changes in this version.
- perl-Parse-Win32Registry-1.1-1.{fc35,fc36,el7,el8,el9,amzn2}.noarch.rpm -
perl-Parse-Win32Registry
is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API.
It provides an object-oriented interface to the keys and values in a registry file.
Registry files are structured as trees of keys, with each key containing further subkeys or values.
The module is intended to be cross-platform, and run on those platforms where Perl will run.
It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition).
It is intended to be used to parse offline registry files.
If a registry file is currently in use, you will not be able to open it.
However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
- fuse-python{2,3}-1.0.5-1.{fc35,fc36,el8,amzn2}.x86_64.rpm and fuse-python3-1.0.5-1.el9.{x86_64,aarch64}.rpm -
Fuse-Python is a Python interface to libfuse,
a simple interface for userspace programs to export a virtual filesystem to the Linux kernel.
- vmfs6-tools-0.2.1-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm, libvmfs6-devel-0.2.1-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm, vmfs6-tools-0.2.1-1.el9.{x86_64,aarch64}.rpm, and libvmfs6-devel-0.2.1-1.el9.{x86_64,aarch64}.rpm -
VMFS6-tools is a collection of command-line tools for operating on VMware's VMFS file system.
Included in this release is limited VMFS version 6 support.
Note: The tools in the vmfs6-tools package are named debugvmfs6, fsck.vmfs6, vmfs6-fuse, vmfs6-lvm.
- libscca{,-devel,-python3,-tools}-20221027-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libscca{,-devel,-python3,-tools}-20221027-1.el9.{x86_64,aarch64}.rpm, and libscca{,-devel,-python36,-tools}-20221027-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- libfwnt{,-devel,-python3}-20220922-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libfwnt{,-devel,-python3}-20220922-1.el9.{x86_64,aarch64}.rpm, and libfwnt{,-devel,-python36}-20220922-1.el7.x86_64.rpm -
LibFWNT is a library for Windows NT data types.
- libfwps{,-devel,-python3}-20230202-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libfwps{,-devel,-python3}-20230202-1.el9.{x86_64,aarch64}.rpm, and libfwps{,-devel,-python36}-20230202-1.el7.x86_64.rpm -
LibFWPS is a library for Windows Property Store data types.
- python3-dfdatetime-20230225-1.{fc35,fc36,el8,el9,amzn2}.noarch.rpm -
dfDateTime, or Digital Forensics Date and Time, provides date and time objects to preserve accuracy and precision.
- python{2,3}-future-0.18.3-4.1.el8.noarch.rpm -
Python-Future is the missing compatibility layer between Python 2 and Python 3.
It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
This package was built to support the packaging of Python-PEFile
which in turn is needed to support the packaging of Volatility-community-plugins.
- python3-pefile-2023.2.7-1.{fc35,fc36,el9}.noarch.rpm -
PEFile is a Portable Executable reader module.
- opensearch-py-2.2.0-1.{fc35,fc36,el7,el8,el9,amzn2}.noarch.rpm -
OpenSearch-PY is a Python client for OpenSearch.
- python3-acstore-20230325-1.{fc35,fc36,el8,el9,amzn2}.noarch.rpm -
ACStore is a library that provides a stand-alone implementation to read and write Attribute Container stores, such as Plaso storage files.
- python3-flor-1.1.3-1.{fc35,fc36,el8,el9,amzn2}.noarch.rpm and python36-flor-1.1.3-1.el7.noarch.rpm -
Flor implements a Bloom filter class that is fully compatible with the Go Bloom filter implementation.
- plaso-20230311-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and plaso-20230311-1.el9.{x86_64,aarch64}.rpm -
Plaso is the Python-based back-end engine used by tools such as
log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
This release removes the version restriction on the pyparsing package.
- libvslvm{,-devel,-python3,-tools}-20221025-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libvslvm{,-devel,-python3,-tools}-20221025-1.el9.{x86_64,aarch64}.rpm, and libvslvm{,-devel,-python36,-tools}-20221025-1.el7.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
- python3-dfvfs-20230408-1.{fc35,fc36,el8,el9,amzn2}.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
- libfsntfs{,-devel,-python3,-tools}-20230427-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libfsntfs{,-devel,-python3,-tools}-20230427-1.el9.{x86_64,aarch64}.rpm, and libfsntfs{,-devel,-python36,-tools}-20230427-1.el7.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- libsigscan{,-devel,-python3,-tools}-20230109-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libsigscan{,-devel,-python3,-tools}-20230109-1.el9.{x86_64,aarch64}.rpm, and libsigscan{,-devel,-python36,-tools}-20230109-1.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
- pytsk3-20230125-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and pytsk3-20230125-1.el9.{x86_64,aarch64}.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- libfwsi{,-devel,-python3}-20230114-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libfwsi{,-devel,-python3}-20230114-1.el9.{x86_64,aarch64}.rpm, and libfwsi{,-devel,-python36}-20230114-1.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- python3-artifacts-20221219-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, artifacts-data-20221219-1.{fc35,fc36,el8,amzn2}.x86_64.rpm , python3-artifacts-20221219-1.el9.{x86_64,aarch64}.rpm, and artifacts-data-20221219-1.el9.{x86_64,aarch64}.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.
- super_mediator-1.9.1-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and super_mediator-1.9.1-1.el9.{x86_64,aarch64}.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for the list of changes.
- acr-2.1.1-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm -
ACR tries to replace autoconf functionality generating a full-compatible 'configure' script (runtime flags).
But using shell-script instead of m4. This means that ACR is faster, smaller and easy to use.
- yaf{,-devel}-2.13.0-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and yaf{,-devel}-2.13.0-1.el9.{x86_64,aarch64}.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 7, 8, and 9 for the x86_64 architecture, yaf has been built to use PF_Ring.
- libluksde{,-devel,-python3,-tools}-20221103-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libluksde{,-devel,-python3,-tools}-20221103-1.el9.{x86_64,aarch64}.rpm, and libluksde{,-devel,-python36,-tools}-20221103-1.el7.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
- libfsapfs{,-devel,-python3,-tools}-20221102-1.{fc35,fc36,el8,amzn2,el8}.x86_64.rpm, libfsapfs{,-devel,-python3,-tools}-20221102-1.el9.{x86_64,aarch64}.rpm, and libfsapfs{,-devel,-python36,-tools}-20221102-1.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- jdk-20_linux-{x64,aarch64}_bin.rpm -
Java Platform Standard Edition Development Kit is Release 20 of the Java development kit.
This package was installed in support of Ghidra.
- ghidra-10.3-PUBLIC_20230510.1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and ghidra-10.3-PUBLIC_20230510.1.el9.{x86_64,aarch64}.rpm -
Ghidra
is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvements
here.
- apfs-fuse-20230103-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and apfs-fuse-20230103-1.el9.{x86_64,aarch64}.rpm -
APFS-Fuse is a read-only FUSE driver for the new Apple File System.
Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental.
It may not be able to read all files, it may return wrong data, or it may simply crash.
Use at your own risk.
But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far).
Thus, the driver may return compressed files instead of uncompressed ones.
- zeek{,-btest,-btest-data,-client,-core,ctl,-devel,-spicy-devel,-zkg}-5.0.9-1.{fc35,fc36,el7,el8}.x86_64.rpm, libbroker-devel-5.0.9-1.{fc35,fc36,el7,el8}.x86_64.rpm , zeek{,-btest,-btest-data,-client,-core,ctl,-devel,-spicy-devel,-zkg}-5.0.9-1.el9.{x86_64,aarch64}.rpm, and libbroker-devel-5.0.9-1.el9.{x86_64,aarch64}.rpm for CentOS 9 Stream -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well.
Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception.
Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson.
Robin Sommer now leads the project, jointly with a core team of researchers and developers at the
International Computer Science Institute in Berkeley, CA; and the
National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek.
To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- bulk_extractor-2.0.3-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and bulk_extractor-2.0.3-1.el9.{aarch64,x86_64}.rpm -
Bulk_extractor
is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools.
Bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
- mac_apt-1.5.0.dev-3.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and mac_apt-1.5.0.dev-3.el9.{x86_64,aarch64}.rpm -
Mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines)
and extract data/metadata useful for forensic investigation.
It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, etc.).
This package is based on the 2023-03-12 version of the code.
- musl-{clang,devel,filesystem,gcc,libc,libc-static}-1.2.3-1.{el7,el8,amzn2}.x86_64.rpm and musl-{clang,devel,filesystem,gcc,libc,libc-static}-1.2.3-1.el9.{x86_64,aarch64}.rpm -
MUSL is a fully featured lightweight standard C library for Linux.
This package was built to support AVML.
- avml-0.11.3-1.{fc35,fc36}.x86_64.rpm and avml-0.11.3-1.el9.{x86_64,aarch64}.rpm -
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary.
AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori.
No on-target compilation or fingerprinting is needed.
AVML can produce a memory image suitable for processing with
Volatility 2 or Volatility 3 once the appropriate profiles
have been created.
- Volatility3-2.4.2-2.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and Volatility3-2.4.2-2.el9.{aarch64,x86_64}.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
The full documentation for this version of Volatility can be found here.
This release is patched as of 2023-03-09.
- daq{,-devel,-modules}-3.0.11-1.{fc35,fc36,el8}.x86_64.rpm and daq{,-devel,-modules}-3.0.11-1.el9.{aarch64,x86_64}.rpm -
The Data Acquisition Library (Daq) is a library used by snort.
- snort-3.1.62.0-1.{fc35,fc36,el8}.x86_64.rpm and snort-3.1.62.0-1.el9.{x86_64,aarch64}.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol3analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the list of changes.
- maryam-2.5.1-2.{fc35,fc36,el8,amzn2}.x86_64.rpm and maryam-2.5.1-2.el9.{x86_64,aarch64}.rpm -
OWASP Maryam is a modular/optional open-source framework based on OSINT and data gathering.
Maryam is written in the Python programming language and has been designed to provide a powerful environment to harvest data from open sources and search engines and collect data quickly and thoroughly.
See here for documentation on the modules provided for Maryam.
Note that Maryam is not available for CentOS/RHEL 7 at this time.
- EVTXtract-0.2.4-4.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and EVTXtract-0.2.4-4.el9.{aarch64,x86_64}.rpm -
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
- zui-1.0.1.x86_64.rpm -
Zui (formerly known as Brim) is an open source desktop application for security and network specialists,
and was installed for Fedora 34, 35, and 36, CentOS/RHEL 7, 8, and 9, and Amazon Linux 2 repositories for the x86_64 architecture.
Zui makes it easy to search and analyze data from:
- packet captures, like those created by Wireshark, and
- structured logs, especially from the Zeek network analysis framework.
Zui is especially useful to security and network operators that need to handle large packet captures, especially those that are cumbersome for Wireshark, tshark, or other packet analyzers.
- mmc-utils-0.1-2.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and mmc-utils-0.1-2.el9.{aarch64,x86_64}.rpm -
MMC-Utils is a tool for configuring MMC storage devices from userspace.
This version is patched as of 2023-03-12.
- libfixbuf{,-devel,-tools}-3.0.0.alpha2-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and libfixbuf{,-devel,-tools}-3.0.0.alpha2-1.el9.{aarch64,x86_64}.rpm -
Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
These packages are installed in the forensics-test repository.
Please address any comments on these packages to netsa-help@cert.org.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-103.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-103.el9.{aarch64,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha2.
Please address any comments on these packages to netsa-help@cert.org.
- libschemaTools{,-devel}-1.4-4.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and libschemaTools{,-devel}-1.4-4.el9.{aarch64,x86_64}.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha2.
Please address any comments on these packages to netsa-help@cert.org.
- analysis-pipeline-5.11.4-4.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and analysis-pipeline-5.11.4-4.el9.{aarch64,x86_64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package is installed in the forensics-test repository.
This package was rebuilt to use libfixbuf 3.0.0.alpha2.
Please address any comments on these packages to netsa-help@cert.org.
- super_mediator-2.0.0.alpha2-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and super_mediator-2.0.0.alpha2-1.el9.{aarch64,x86_64}.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for the list of changes.
This package is installed in the forensics-test repository.
This package was rebuilt to use libfixbuf 3.0.0.alpha1 and silk 3.19.2.
Please address any comments on these packages to netsa-help@cert.org.
- yaf{,-devel}-3.0.0.alpha2-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and yaf{,-devel}-3.0.0.alpha2-1.el9.{aarch64,x86_64}.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 7 and 8 systems, yaf has been built to use PF_Ring.
See here for the list of changes.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha2.
Please address any comments on these packages to netsa-help@cert.org.
- libesedb{,-devel,-python3,-tools}-20230318-1.{fc35,fc36,el8,amzn2}.x86_64.rpm, libesedb{,-devel,-python36,-tools}-20230318-1.el7.x86_64.rpm, and libesedb{,-devel,-python3,-tools}-20230318-1.el9.{x86_64,aarch64}.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
- hindsight-2023.03-1.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and hindsight-2023.03-1.el9.{x86_64,aarch64}.rpm -
Hindsight is a free tool for analyzing web artifacts.
It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications.
Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords,
preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies).
Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.
- CERT-Forensics-Tools-1.0-103.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and CERT-Forensics-Tools-1.0-103.el9.{aarch64,x86_64}.rpm -
The following changes were made:
- winregrc replaces winreg-kb
- winevtrc replaces winevt-kb
- libfixbuf-ipfixDump was added
- zeek was removed for Fedora 38 for now
- mmc-utils was removed for Fedora 38
- libvsmbr{,-devel,-python3,-tools}-20230318-1.{fc35,fc36,el8}.x86_64.rpm and libvsmbr{,-devel,-python3,-tools}-20230318-1.el9.{aarch64,x86_64}.rpm -
Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system.
- python3-oletools-0.60.1-2.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm , python-oletools-doc-0.60.1-2.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm, python3-oletools-0.60.1-2.el9.{aarch64,x86_64}.rpm, and python-oletools-doc-0.60.1-2.el9.{aarch64,x86_64}.rpm -
Python-Oletools is a package of python tools from Philippe Lagadec to analyze Microsoft OLE2 files (also called
Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for
malware analysis, forensics and debugging.
It is based on the olefile parser.
- wdpassport-utils-0.2-4.{fc35,fc36,el7,el8,amzn2}.x86_64.rpm and wdpassport-utils-0.2-4.el9.{aarch64,x86_64}.rpm -
WDPassPort-Utils is a utility used to lock, unlock, and reset passwords on Western Digital's Passport drives.
This version was rebuilt to correctly set the permissions on the
python executable.
- GeoIP{,-devel}-1.6.12-5.el9.{x86_64,aarch64}.rpm -
GeoIP is a library for country/city/organization to IP address or hostname mapping.
- pfring-8.5.0-{8169,8194,8197,8211,8232,8235,8241,8253,8265,8279,8305}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
These packages wer installed in the CentOS/RHEL 7 and 8 Stream.
- pfring-dkms-8.5.0.{8169,8194,8197,8211,8232,8235,8241,8253,8265,8279,8305}-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
These packages were installed in the CentOS/RHEL 7 and 8 Stream.
- ndpi-4.7.0-{4142,4160,4163,4175,4183,4187,4190,4196,4206,4218,4230,4241}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
These packages were installed in the CentOS/RHEL 7 and 8 Stream.
- pfring-8.5.0-{8225,8232,8235,8241,8253,8265,8279,8305}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
These packages were installed in the CentOS/RHEL 9 Stream.
- pfring-dkms-8.5.0.{8225,8232,8235,8241,8253,8265,8279,8305}-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
These packages were installed in the CentOS/RHEL 9 Stream.
- ndpi-4.7.0-{4183,4187,4190,4196,4206,4218,4230,4241}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
These packages were installed in the CentOS/RHEL 9 Stream.
- pfring-8.5.0-{8169,8194,8197,8211,8225}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
These packages were installed in the Amazon Linux 2 repositories for the x86_64 architecture.
- pfring-dkms-8.5.0.{8169,8194,8197,8211,8225}-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
These packages were installed in the Amazon Linux 2 repositories for the x86_64 architecture.
- ndpi-4.7.0-{4142,4160,4163,4175,4183}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
These packages were installed in the Amazon Linux 2 repositories for the x86_64 architecture.
- fmem-kernel-modules-1.6-1.25.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 37 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-25.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 37 x86_64 architecture was added.
- Fedora 37 - The repository now supports Fedora 37
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 37:
- fmem-kernel-modules-1.6-1.26.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 38 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-26.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 38 x86_64 architecture was added.
- Fedora 38 - The repository now supports Fedora 38
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 38:
- lime-kernel-modules-fc38-x86_64-1.9.1-2.noarch.rpm -
Support for the following kernels were added for LiME:
- 6.2.15-300 for FC38
- 6.2.14-300 for FC38
- 6.2.13-300 for FC38
- fmem-kernel-modules-fc38-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- 6.2.15-300 for FC38
- 6.2.14-300 for FC38
- 6.2.13-300 for FC38
- lime-kernel-modules-fc37-x86_64-1.9.1-2.noarch.rpm -
Support for the following kernels were added for LiME:
- 6.2.15-200 for FC37
- 6.2.14-200 for FC37
- 6.2.13-200 for FC37
- 6.2.12-200 for FC37
- 6.2.11-200 for FC37
- 6.2.10-200 for FC37
- 6.2.9-200 for FC37
- 6.2.8-200 for FC37
- 6.2.7-200 for FC37
- 6.1.18-200 for FC37
- fmem-kernel-modules-fc37-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- 6.2.15-200 for FC37
- 6.2.14-200 for FC37
- 6.2.13-200 for FC37
- 6.2.12-200 for FC37
- 6.2.11-200 for FC37
- 6.2.10-200 for FC37
- 6.2.9-200 for FC37
- 6.2.8-200 for FC37
- 6.2.7-200 for FC37
- 6.1.18-200 for FC37
- lime-kernel-modules-fc36-x86_64-1.9.1-18.noarch.rpm -
Support for the following kernels were added for LiME:
- 6.2.15-100 for FC36
- 6.2.14-100 for FC36
- 6.2.13-100 for FC36
- 6.2.12-100 for FC36
- 6.2.11-100 for FC36
- 6.2.10-100 for FC36
- 6.2.9-100 for FC36
- 6.2.8-100 for FC36
- 6.2.7-100 for FC36
- 6.1.18-100 for FC36
- 6.1.15-100 for FC36
- 6.1.14-100 for FC36
- 6.1.13-100 for FC36
- 6.1.12-100 for FC36
- 6.1.11-100 for FC36
- 6.1.10-100 for FC36
- 6.1.9-100 for FC36
- 6.1.8-100 for FC36
- 6.1.7-100 for FC36
- 6.1.6-100 for FC36
- 6.1.5-100 for FC36
- 6.0.18-200 for FC36
- 6.0.17-200 for FC36
- 6.0.16-200 for FC36
- 6.0.15-200 for FC36
- 6.0.14-200 for FC36
- 6.0.12-200 for FC36
- 6.0.11-200 for FC36
- 6.0.10-200 for FC36
- 6.0.9-200 for FC36
- 6.0.8-200 for FC36
- 6.0.7-200 for FC36
- 6.0.5-200 for FC36
- 5.19.16-200 for FC36
- 5.19.15-201 for FC36
- 5.19.14-200 for FC36
- 5.19.13-200 for FC36
- 5.19.12-200 for FC36
- fmem-kernel-modules-fc36-x86_64-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem:
- 6.2.15-100 for FC36
- 6.2.14-100 for FC36
- 6.2.13-100 for FC36
- 6.2.12-100 for FC36
- 6.2.11-100 for FC36
- 6.2.10-100 for FC36
- 6.2.9-100 for FC36
- 6.2.8-100 for FC36
- 6.2.7-100 for FC36
- 6.1.18-100 for FC36
- 6.1.15-100 for FC36
- 6.1.14-100 for FC36
- 6.1.13-100 for FC36
- 6.1.12-100 for FC36
- 6.1.11-100 for FC36
- 6.1.10-100 for FC36
- 6.1.9-100 for FC36
- 6.1.8-100 for FC36
- 6.1.7-100 for FC36
- 6.1.6-100 for FC36
- 6.1.5-100 for FC36
- 6.0.18-200 for FC36
- 6.0.17-200 for FC36
- 6.0.16-200 for FC36
- 6.0.15-200 for FC36
- 6.0.14-200 for FC36
- 6.0.12-200 for FC36
- 6.0.11-200 for FC36
- 6.0.10-200 for FC36
- 6.0.9-200 for FC36
- 6.0.8-200 for FC36
- 6.0.7-200 for FC36
- 6.0.5-200 for FC36
- 5.19.16-200 for FC36
- 5.19.15-201 for FC36
- 5.19.14-200 for FC36
- 5.19.13-200 for FC36
- 5.19.12-200 for FC36
- lime-kernel-modules-fc35-x86_64-1.9.1-42.noarch.rpm -
Support for the following kernels were added for LiME:
- 6.0.12-100 for FC35
- 6.0.11-100 for FC35
- 6.0.10-100 for FC35
- 6.0.9-100 for FC35
- 6.0.8-100 for FC35
- 6.0.7-100 for FC35
- 6.0.5-100 for FC35
- 5.19.16-100 for FC35
- 5.19.15-101 for FC35
- 5.19.14-100 for FC35
- 5.19.13-100 for FC35
- 5.19.12-100 for FC35
- fmem-kernel-modules-fc35-x86_64-1.6-1.42.noarch.rpm -
Support for the following kernels were added for Fmem:
- 6.0.12-100 for FC35
- 6.0.11-100 for FC35
- 6.0.10-100 for FC35
- 6.0.9-100 for FC35
- 6.0.8-100 for FC35
- 6.0.7-100 for FC35
- 6.0.5-100 for FC35
- 5.19.16-100 for FC35
- 5.19.15-101 for FC35
- 5.19.14-100 for FC35
- 5.19.13-100 for FC35
- 5.19.12-100 for FC35
- fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.15.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures:
- 5.14.0-167 for EL9
- 5.14.0-168 for EL9
- 5.14.0-171 for EL9
- 5.14.0-174 for EL9
- 5.14.0-176 for EL9
- 5.14.0-177 for EL9
- 5.14.0-183 for EL9
- 5.14.0-191 for EL9
- 5.14.0-196 for EL9
- 5.14.0-197 for EL9
- 5.14.0-200 for EL9
- 5.14.0-202 for EL9
- 5.14.0-205 for EL9
- 5.14.0-206 for EL9
- 5.14.0-210 for EL9
- 5.14.0-214 for EL9
- 5.14.0-226 for EL9
- 5.14.0-229 for EL9
- 5.14.0-234 for EL9
- 5.14.0-239 for EL9
- 5.14.0-247 for EL9
- 5.14.0-252 for EL9
- 5.14.0-267 for EL9
- 5.14.0-274 for EL9
- 5.14.0-282 for EL9
- 5.14.0-283 for EL9
- 5.14.0-285 for EL9
- 5.14.0-289 for EL9
- 5.14.0-293 for EL9
- 5.14.0-295 for EL9
- 5.14.0-299 for EL9
- 5.14.0-302 for EL9
- 5.14.0-305 for EL9
- 5.14.0-307 for EL9
- 5.14.0-311 for EL9
- 5.14.0-312 for EL9
- 5.14.0-313 for EL9
- 5.14.0-315 for EL9
- 5.14.0-316 for EL9
- lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-15.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
- 5.14.0-167 for EL9
- 5.14.0-168 for EL9
- 5.14.0-171 for EL9
- 5.14.0-174 for EL9
- 5.14.0-176 for EL9
- 5.14.0-177 for EL9
- 5.14.0-183 for EL9
- 5.14.0-191 for EL9
- 5.14.0-196 for EL9
- 5.14.0-197 for EL9
- 5.14.0-200 for EL9
- 5.14.0-202 for EL9
- 5.14.0-205 for EL9
- 5.14.0-206 for EL9
- 5.14.0-210 for EL9
- 5.14.0-214 for EL9
- 5.14.0-226 for EL9
- 5.14.0-229 for EL9
- 5.14.0-234 for EL9
- 5.14.0-239 for EL9
- 5.14.0-247 for EL9
- 5.14.0-252 for EL9
- 5.14.0-267 for EL9
- 5.14.0-274 for EL9
- 5.14.0-282 for EL9
- 5.14.0-283 for EL9
- 5.14.0-285 for EL9
- 5.14.0-289 for EL9
- 5.14.0-293 for EL9
- 5.14.0-295 for EL9
- 5.14.0-299 for EL9
- 5.14.0-302 for EL9
- 5.14.0-305 for EL9
- 5.14.0-307 for EL9
- 5.14.0-311 for EL9
- 5.14.0-312 for EL9
- 5.14.0-313 for EL9
- 5.14.0-315 for EL9
- 5.14.0-316 for EL9
- fmem-kernel-modules-el8-x86_64-1.6-1.36.noarch.rpm -
Support for the following kernels were added for Fmem:
- 4.18.0-408 for EL8
- 4.18.0-448 for EL8
- 4.18.0-481 for EL8
- 4.18.0-483 for EL8
- 4.18.0-485 for EL8
- 4.18.0-486 for EL8
- 4.18.0-488 for EL8
- 4.18.0-489 for EL8
- 4.18.0-490 for EL8
- 4.18.0-492 for EL8
- lime-kernel-modules-el8-x86_64-1.9.1-36.noarch.rpm -
Support for the following kernels were added for LiME:
- 4.18.0-408 for EL8
- 4.18.0-448 for EL8
- 4.18.0-481 for EL8
- 4.18.0-483 for EL8
- 4.18.0-485 for EL8
- 4.18.0-486 for EL8
- 4.18.0-488 for EL8
- 4.18.0-489 for EL8
- 4.18.0-490 for EL8
- 4.18.0-492 for EL8
- fmem-kernel-modules-el7-x86_64-1.6-1.89.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1160.90.1 for EL7
- 3.10.0-1160.88.1 for EL7
- 3.10.0-1160.83.1 for EL7
- 3.10.0-1160.81.1 for EL7
- 3.10.0-1160.80.1 for EL7
- lime-kernel-modules-el7-x86_64-1.9.1-89.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1160.90.1 for EL7
- 3.10.0-1160.88.1 for EL7
- 3.10.0-1160.83.1 for EL7
- 3.10.0-1160.81.1 for EL7
- 3.10.0-1160.80.1 for EL7
- fmem-kernel-modules-1.6-1.27.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the CentOS/RHEL 9 aarch64 architecture was added.
- lime-kernel-modules-1.1.r17-27.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the CentOS/RHEL 9 aarch64 architecture was added.
|
|