Software Engineering Institute

Linux Forensics Tools Repository: All Announcements

June 14, 2019: The majority of changes made in this announcement rename packages for CentOS/RHEL to conform to the CentOS/RHEL standard of Python 3 packages including the Python version in the package name. For example, where the package for Fedora 30 is named python3-artifacts, the CentOS/RHEL version is named python36-artifacts. For version and release consistency, the Fedora packages have been updated even though they contain no new functionality. With this release, Plaso is now provided as conventional package rather than as a Python virtual environment for CentOS/RHEL 7 and Fedora 26.

In addition, the CentOS/RHEL repositories were audited and packages that are provided by CentOS/RHEL, EPEL, or are no longer needed have been archived. These packages have been removed from the CentOS/RHEL repository as the result of an audit:

aff{lib,lib-devel,tools}-3.7.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
bokken-1.8-3.el7.x86_64.rpm - Removed: No longer needed.
capstone{,-python2,-python3}-3.0.4-6.el7.x86_64.rpm - Removed: Provided by EPEL.
catdoc-0.94.2-6.el7.x86_64.rpm - Removed: Provided by EPEL.
daemonize-1.7.3-7.el7.x86_64.rpm - Removed: Provided by EPEL.
dcfldd-1.3.4.1-2.el7.x86_64.rpm - Removed: Provided by EPEL.
dd_rescue-1.99.8-1.el7.x86_64.rpm - Removed: Provided by EPEL.
dino-1.5-2.el7.noarch.rpm - Removed: Provided by EPEL.
dislocker{,-libs}-0.7.1-1.el7.x86_64.rpm and fuse-dislocker-0.7.1-1.el7.86_64.rpm - Removed: Provided by EPEL.
dummy-1.0-2.el7.x86_64.rpm - Removed: No longer needed.
efilter-1-1.5-1.el7.x86_64.rpm - Removed: No longer needed.
fontawesome-fonts-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
fontawesome-fonts-web-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
fred-0.1.1-1.el7.x86_64.rpm - Removed: No longer needed.
fuse-exfat-1.0.1-1.el7.x86_64.rpm - Removed: No longer needed.
fuseext2-0.3-1.el7.x86_64.rpm - Removed: No longer needed.
ghex{,-devel,-libs}-3.18.0-1.el7.x86_64.rpm - Removed: No longer needed.
hashcat-3.00-1.el7.x86_64.rpm - Removed: No longer needed.
jansson{,-devel,-devel-doc}-2.9-1.el7.x86_64.rpm - Removed: No longer needed.
lame{,-devel,-libs,-mp3x}-3.99.5-1.el7.x86_64.rpm - Removed: Provided by EPEL.
LogAnalysisToolKit-1.7-1.el7.noarch.rpm - Removed: No longer needed.
luajit{,-devel}-2.0.2-9.el7.x86_64.rpm - Removed: Provided by EPEL.
mac-robber-1.02-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
mathjax-2.2-4.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
md5deep-4.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
mdbtools{,-devel,-gui,-libs}-0.7-43.13.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
null-package-1.0-4.el7.noarch.rpm - Removed: No longer needed.
partclone-0.3.6-2.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
perl-Alien-wxWidgets-0.67-6.el7.x86_64.rpm - Removed: No longer needed.
perl-Carp-Assert-0.20-4.el7.noarch.rpm - Removed: Provided by EPEL.
perl-Digest-CRC-0.16-1.el7.x86_64.rpm - Removed: Provided by EPEL.
perl-Digest-Crc32-0.01-1.el7.noarch.rpm - Removed: No longer needed.
perl-Image-ExifTool-8.50-1.el7.noarch.rpm - Removed: Provided by EPEL.
perl-Net-Pcap-0.16-2.el7.x86_64.rpm - Removed: Provided by EPEL.
protobuf-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-compiler-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-lite-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-lite-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-lite-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-python-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
protobuf-vim-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
protobuf-c{,-devel}-0.15-2.1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
pyew-2.3.0.0-2.el7.x86_64.rpm - Removed: No longer needed.
pygtksourceview{,-devel,-doc}-2.8.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
pyparsing{,-doc}-2.4.0-1.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
pyPdf-1.12-4.el7.noarch.rpm - Removed: No longer needed.
python2-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
python2-efilter-1.5-1.el7.noarch.rpm - Removed: No longer needed.
python2-elasticsearch5-5.5.5-2.el7.x86_64.rpm - Removed: No longer needed.
python2-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
python2-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
python3-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
python3-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
python3-psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
python3-pyparsing-2.4.0-1.el7.noarch.rpm - Removed: No longer needed.
python3-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
python3shim-1.0-1.el7.noarch.rpm - Removed: No longer needed.
python-dpkt-1.8-2.el7.noarch.rpm - Removed: No longer needed.
python-elasticsearch5-5.5.5-1.el7.x86_64.rpm - Removed: No longer needed.
python-httplib2-0.7.7-3.el7.noarch.rpm - Removed: No longer needed.
python-ipython-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-console-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-doc-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-gui-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-notebook-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-ipython-sphinx-2.2.0-1.el7.noarch.rpm - Removed: No longer needed
python-ipython-tests-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
python-M2Crypto-0.26.0-0.x86_64.rpm - Removed: No longer needed.
python-path-3.0.1-2.el7.noarch.rpm - Removed: No longer needed.
python-prettytable-0.7.2-4.el7.noarch.rpm - Removed: No longer needed.
python-psycopg2{,-doc}-2.5.1-3.el7.x86_64.rpm - Removed: No longer needed.
python-radare-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
python-radare2-2.9.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
python-tidy-0.2-1.1.el7.noarch.rpm - Removed: No longer needed.
python-tornado{,-doc}-3.2.1-3.el7.x86_64.rpm - Removed: No longer needed.
pytsk-20150406-4.el7.x86_64.rpm - Removed: Removed - replaced by pytsk3.
radare{,-devel,-extras}-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
radare2{,-common,-devel}-2.9.0-1.el7.x86_64.rpm - Removed: No longer needed.
scalpel-2.0-2.el7.x86_64.rpm - Removed: Provided by EPEL.
socat-1.7.3.2-1.1.el7.x86_64.rpm - Removed: Provided by EPEL.
ssdeep-2.14.1-1.el7.x86_64.rpm - Removed: Provided by EPEL.
tcpflow-1.4.4-12.el7.x86_64.rpm - Removed: Provided by EPEL.
tcpxtract-1.0.1-10.el7.2.x86_64.rpm - Removed: Provided by EPEL.
ttembed-1.1-3.el7.x86_64.rpm - Removed: Provided by EPEL.
testdisk-6.14-3.3.el7.x86_64.rpm - Removed: Provided by EPEL.
umview-0.8.2-1.1.el7.x86_64.rpm - Removed: No longer needed.
valabind-0.10.0-4.el7.x86_64.rpm - Removed: No longer needed.
xapian-core{,-devel,-libs}-1.2.7-2.el7.x86_64.rpm - Removed: No longer needed.
xmount-0.7.6-3.el7.x86_64.rpm - Removed: Provided by EPEL.
xrdp-0.5.0-0.13.el7.x86_64.rpm - Removed: Provided by EPEL.
yara{,-devel,-doc}-3.5.0-7.1.el7.x86_64.rpm - Removed: Provided by EPEL.
zeromq{,-devel}-2.2.0-4.el7.x86_64.rpm - Removed: Provided by EPEL.

These changes were also made:

python{2,3}‑artifacts‑20190320‑2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm , artifacts‑data‑20190320‑2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, python{2,36}‑artifacts‑20190320‑2.el7.x86_64.rpm, and artifacts‑data‑20190320‑2.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-artifacts and python36-artifacts. The package names for Fedora are unchanged.
python{2,3}‑bencode‑2.1.0‑1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}‑bencode-2.1.0-1.el7.noarch.rpm - Bencode re-packages the existing bencoding and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-bencode and python36-bencode. The package names for Fedora are unchanged.
python{2,3}‑biplist-1.0.3-3.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}‑biplist-1.0.3-3.el7.x86_64.rpm - Biplist is a library for reading/writing binary plists. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-biplist and python36-biplist. The package names for Fedora are unchanged.
python{2,3}‑chardet-3.0.4-3.fc26.{i686,x86_64}.rpm and python{2,36}‑chardet-3.0.4-3.el7.x86_64.rpm - Chardet is a universal character encoding detector. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-chardet and python36-chardet. The package names for Fedora are unchanged.
python{2,3}‑dfdatetime‑20190517‑2.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}‑dfdatetime‑20190517‑2.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dfdatetime and python36-dfdatetime. The package names for Fedora are unchanged.
python{2,3}‑dfvfs-20190511-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}‑dfvfs‑20190511‑1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. Note: The package for CentOS/RHEL 7 are named python2-dfvfs and python36-dfvfs.
python{2,3}‑dfwinreg‑20190517‑2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}‑dfwinreg‑20190329‑2.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dfwinreg and python36-dfwinreg. The package names for Fedora are unchanged.
python{2,3}‑dpkt‑1.9.2‑2.fc26.{i686,x86_64}.rpm and python{2,36}‑dpkt‑1.9.2‑2.el7.x86_64.rpm - Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dpkt and python36-dpkt. The package names for Fedora are unchanged.
python{2,3}‑dtfabric‑20190120‑3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}‑dtfabric‑20190120‑3.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-dtfabric and python36-dtfabric. The package names for Fedora are unchanged.
python{2,3}‑elasticsearch‑7.0.2‑1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}‑elasticsearch‑7.0.2‑1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-elasticsearch and python36-elasticsearch. The package names for Fedora are unchanged.
libbde{,‑devel,‑python2,‑python3,‑tools}‑20190317‑3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,‑devel,‑python2,‑tools}‑20190317‑3.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python2,‑python36,‑tools}‑20190317‑3.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libbde and python36-libbde. All other package names are unchanged.
libesedb{,‑devel,‑python2,‑python3,‑tools}‑20181229‑5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python2,‑tools}‑20181229‑5.el7.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python2,‑python36,‑tools}‑20181229‑5.el7.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libesedb and python36-libesedb. All other package names are unchanged.
libevt{,‑devel,‑python2,‑python3,‑tools}‑20181227‑5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,‑devel,‑python2,‑tools}‑20181227‑5.el6.{i686,x86_64}.rpm, and libevt{,‑devel,‑python2,‑python36,‑tools}‑20181227-3.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevt and python36-libevt. All other package names are unchanged.
libevtx{,‑devel,‑python2,‑python3,‑tools}‑20181227‑5.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,‑devel,‑python2,‑tools}‑20181227‑5.el6.{i686,x86_64}.rpm, and libevtx{,‑devel,‑python2,‑python36,‑tools}‑20181227‑3.el7.x86_65.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx. All other package names are unchanged.
libewf{,‑devel,‑tools,‑python2,‑python3,‑tools}‑20160718‑20140806.3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf{,‑devel,‑tools,‑python2,‑tools}‑20160718‑20140806.3.el6.{i686,x86_64}.rpm, and libewf{,‑devel,‑tools,‑python2,‑python36,‑tools}‑20160718‑20140806.2.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.

This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx. All other package names are unchanged.
libfsapfs{,‑devel,‑python2,‑python3,‑tools}‑20190510‑2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python2,‑tools}‑20190510‑2.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python2,‑python36,‑tools}‑20190510‑2.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsapfs and python36-libfsapfs. All other package names are unchanged.
libfsntfs{,‑devel,‑python2,‑python3,‑tools}‑20190104‑5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python2,‑tools}‑20190104‑5.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python2,‑python36,‑tools}‑20190104‑5.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsntfs and python36-libfsntfs. All other package names are unchanged.
libfvde{,‑devel,‑python2,‑python3,‑tools}‑20190104‑4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python2,‑tools}‑20190104‑4.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python2,‑python36,‑tools}‑20190104‑4.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfvde and python36-libfvde. All other package names are unchanged.
libfwnt{,‑devel,‑python2,‑python3}‑20181227‑4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python2}‑20181227‑4.el6.{i686,x86_64}.rpm and libfwnt{,‑devel,‑python2,‑python36}‑20181227‑4.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwnt and python36-libfwnt. All other package names are unchanged.
libfwsi{,‑devel,‑python2,‑python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python2}-20181227-4.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python2,‑python36}-20181227-4.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwsi and python36-libfwsi. All other package names are unchanged.
liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python2,‑tools}-20181227-4.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python2,‑python36,‑tools}-20181227-4.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-liblnk and python36-liblnk. All other package names are unchanged.
libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-4.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python2,‑tools}-20181227-4.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python2,‑python36,‑tools}-20181227-4.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libmsiecf and python36-libmsiecf. All other package names are unchanged.
libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python2,‑tools}-20181231-4.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python2,‑python36,‑tools}-20181231-4.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libolecf and python36-libolecf. All other package names are unchanged.
libqcow{,‑devel,‑python2,‑python3,‑tools}‑20181227‑5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python2,‑tools}‑20181227‑5.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python2,‑python36,‑tools}‑20181227‑5.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libqcow and python36-libqcow. All other package names are unchanged.
libregf{,‑devel,‑python2,‑python3,‑tools}‑20190303‑3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,‑devel,‑python2,‑tools}‑20190303‑3.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python2,‑python36,‑tools}‑20190303‑3.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libregf and python36-libregf. All other package names are unchanged.
libscca{,‑devel,‑python2,‑python3,‑tools}‑20190605‑1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libscca{,‑devel,‑python2,‑tools}‑20190605‑1.el6.{i686,x86_64}.rpm, and libscca{,‑devel,‑python2,‑python36,‑tools}‑20190605‑1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. Note: The package for CentOS/RHEL 7 are named python2-libscca and python36-libscca.
libsigscan{,‑devel,‑python2,‑python3,‑tools}‑20190103‑4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python2,‑tools}‑20190103‑4.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python2,‑python36,‑tools}‑20190103‑4.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libsigscan and python36-libsigscan. All other package names are unchanged.
libsmdev{,‑devel,‑python2,‑python3,‑tools}‑20190315‑3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python2,‑tools}‑20190315‑3.el6.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python2,‑python36,‑tools}‑20190315‑23el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmdev and python36-libsmdev. All other package names are unchanged.
libsmraw{,‑devel,‑python2,‑python3,‑tools}‑20181227‑5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python2,‑tools}‑20181227‑5.el6.{i686,x86_64}.rpm, and libsmraw{,‑devel,‑python2,‑python36,‑tools}‑20181227‑4.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmraw and python36-libsmraw. All other package names are unchanged.
libvhdi{,‑devel,‑python2,‑python3,‑tools}‑20181227‑5.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python2‑tools}‑20181227‑5.el6.{i686,x86_64}.rpm and libvhdi{,‑devel,‑python2,‑python36,‑tools}‑20181227‑5.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvhdi and python36-libvhdi. All other package names are unchanged.
libvmdk{,‑devel,‑python2,‑python3,‑tools}‑20181227‑5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python2,‑tools}‑20181227‑5.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python2,‑python36,‑tools}‑20181227‑5.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvmdk and python36-libvmdk. All other package names are unchanged.
libvshadow{,‑devel,‑python2,‑python3,‑tools}‑20190323‑3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python2,‑tools}‑20190323‑3.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python2,‑python36,‑tools}‑20190323‑3.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvshadow and python36-libvshadow. All other package names are unchanged.
libvslvm{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python2‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm, and libvslvm{,‑devel,‑python2,‑python36,‑tools}‑20181227‑4.el7}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libvslvm and python36-libvslvm. All other package names are unchanged.
python{2,3}-pefile‑2019.4.18‑2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-pefile‑2019.4.18‑2.el7.noarch.rpm - PEFile is a Portable Executable reader module. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-pefile and python36-pefile. The package names for Fedora are unchanged.
python36-urllib3-1.24.1-1.el7.x86_64.rpm - Python-urllib3 is a powerful, sanity-friendly HTTP client for Python. Much of the Python ecosystem already uses urllib3. urllib3 brings many critical features that are missing from the Python standard libraries:
1. Thread safety.
2. Connection pooling.
3. Client-side SSL/TLS verification.
4. File uploads with multipart encoding.
5. Helpers for retrying requests and dealing with HTTP redirects.
6. Support for gzip and deflate encoding.
7. Proxy support for HTTP and SOCKS.
8. 100% test coverage.
This package was built to support plaso.
python{2,36}-lz4-0.10.0-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-lz4 and python36-lz4. The package names for Fedora are unchanged.
python{2,36}-psutil-5.4.3-4.el7.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-psutil and python36-psutil.
python{2,3}-pytsk3‑20190507‑2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python2-pytsk3‑20190507‑2.el6.{i686,x86_64}.rpm, and python{2,36}-pytsk3‑20190507-2.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
python{2,3}-requests-2.22.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-1.el7.x86_64.rpm - Python-requests is an Apache2 Licensed HTTP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HTTP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
python{2,3}-xlsxwriter-1.1.8-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.8-2.el7.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-xlsxwriter and python36-xlsxwriter. The package names for Fedora are unchanged.
plaso‑20190429‑1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso‑20190429‑1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.

Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.

For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.

Finally, for CentOS/RHEL 7, plaso no longer relies on a Python Virtual Environment.
sleuthkit{,‑devel,‑libs}‑4.6.6‑1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,‑devel,‑libs}‑4.6.6‑1.1.el7.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This version was built with a higher revision than that provided by Fedora.
winreg‑kb‑20190507‑1.el7.x86_64.rpm - Winreg-kb-kb winreg-kb is a project to build a Windows Registry Knowledge Base. winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources. See these scripts that make use of package.
winevt‑kb‑20190507-1.el7.x86_64.rpm - Winevt-kb is a project to build a Windows Event Log knowledge base. winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources. See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them. This version uses Python 3.
libwrc{,‑devel,‑python2,‑python3,‑tools}‑20181203‑4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libwrc{,‑devel,‑python2,‑tools}‑20181203‑4.el6.{i686,x86_64}.rpm, and libwrc{,‑devel,‑python2,‑python36,‑tools}‑20181203‑3.el7.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libwrc and python36-libwrc. All other package names are unchanged.
libexe{,‑devel,‑python2,‑python3,‑tools}‑20181128‑4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libexe{,‑devel,‑python2,‑tools}‑20181128‑4.el6.{i686,x86_64}.rpm, and libexe{,‑devel,‑python2,‑python36,‑tools}‑20181128‑4.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format. Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libexe and python36-libexe. All other package names are unchanged.
python{2,3}‑construct‑2.5.2‑4.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm, python2‑construct‑2.5.2‑4.el6.noarch.rpm, and python{2,36}‑construct‑2.5.2‑4.el7.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data.
rekall-forensics-1.7.2.rc1-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and rekall-forensics-1.7.2.rc1-1.el7.x86_64.rpm - Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers. The program to run is named rekall.py.

Please note that the installation of all of these ancillary packages neede by rekall use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
vmfs-tools-0.2.5-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, vmfs-tools-0.2.5-3.el7.x86_64.rpm, libvmfs-devel-0.2.5-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, and libvmfs-devel-0.2.5-3.el7.x86_64.rpm - VMfs-tools is a collection of command-line tools for operating on VMware's VMFS file system. Included in this release is limited VMFS version 5 support. Note: The tools in the vmfs-tools package are named debugvmfs, fsck.vmfs, vmfs-fuse, vmfs-lvm. The tools installed are also named debugvmfs5, fsck.vmfs5, vmfs5-fuse, vmfs5-lvm.
vmfs6-tools-0.0.0.844.1195-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, vmfs6-tools-0.0.0.844.1195-1.el7.x86_64.rpm, libvmfs6-devel-0.0.0.844.1195-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, and libvmfs6-devel-0.0.0.844.1195-1.el7.x86_64.rpm - VMFS6-tools is a collection of command-line tools for operating on VMware's VMFS file system. Included in this release is limited VMFS version 6 support. Note: The tools in the vmfs6-tools package are named debugvmfs6, fsck.vmfs6, vmfs6-fuse, vmfs6-lvm.
xva-img-1.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and xva-img-1.3-1.el7.x86_64.rpm - XVA-IMG is a tool for working with Citrix XEN disk images. Citrix Xen uses a custom virtual appliance format for import/export called "XVA". It's basically a strangely crafted tar-file. You don't need this program to unpack this tar-file, just use your favourite tar unpacker (tar, gtar, bsdtar). Once unpacked you will end up with a lot of different files, ova.xml (which contains the settings for the virtual appliance, think VMware vmx) and a number of folders called Ref:/, this is your disks. Each of these folders contain hundreds of files named 00000000, 00000001 with a accompanying .CHECKSUM file (SHA1). Each file is a 1MB slice of the disk, but some of the files in the sequence will probably be missing this is because XVA do not use compression; instead it will exclude slices of the disk that only contains zeros (are empty). This tool can assemble the disk for you (you will end up with a RAW disk) that can easily be mounted and modified. It can then also split the file again and generate checksum. Once ready, you will probably want to use the "package" command to rebuild the XVA file.
CERT-Forensics-Tools-1.0-85.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-85.el7.x86_64.rpm - The changes since the last release (1.0-84) are the following:
- Added: qtmltfs
- Added: VMFS6-tools
- Added: Rekall Forensics (not on CentOS/RHEL 6)
- Added: xva-img
cert-forensics-tools-release-{25,26,27,28,29,30,6,7}-14.noarch.rpm - cert-forensics-tools-release is the package that connects a Fedora-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR). This package has been changed to require either a Fedora release or a Generic release to be able to install this package.
autopsy-4.11.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and autopsy-4.10.0-1.el7.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

In addition, the Java™ Platform, Standard Edition Development Kit (JDK™) from Oracle also needs to be installed before running autopsy. That package can be found here. Testing has been verified to work with JDK 11.0.2.
pfring‑7.4.0‑2553.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring‑dkms‑7.4.0‑2553.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi‑2.8.0‑1596.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.8-300 for FC30
- 5.1.7-300 for FC30
- 5.1.6-300 for FC30
- 5.1.5-300 for FC30
- 5.0.17-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.7-300 for FC30
- 5.1.6-300 for FC30
- 5.1.5-300 for FC30
- 5.0.17-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.1.6-200 for FC29
- 5.0.19-200 for FC29
- 5.0.17-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 5.1.6-200 for FC29
- 5.0.19-200 for FC29
- 5.0.17-200 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.52.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.21.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-52.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.21.2 for EL7

May 17, 2019: There are two types of packages in LiFTER: packages installed as the result of installing the CERT-Forensics-Tools metapackage and packages used to build the packages that are installed as the result of installing the CERT-Forensics-Tools metapackage. An audit of the Fedora 25 through 30 repositories (Fedora 24 was not audited given its imminent retirement from LiFTeR) with the goal of retiring packages that do not fit into either of these categories. The idea is to contract the size of and therefore the effort required to maintain LiFTeR. The packages listed below have been archived and they can be retrieved if needed. Please also note that an audit of package for CentOS/RHEL 6 and 7 will be carried out in June, 2019.

These packages have been archived as the result of the audit:

aff{lib,lib-devel,tools}-3.7.4-1.fc25.{i686,x86_64}.rpm - Removed: Provided by Fedora.
artifacts-20190320-1.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
bencode-2.0.0-2.fc25.noarch.rpm - Removed: No longer needed.
biplist-1.0.3-2.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
bloom-1.4.6-2.fc26.686,x86_64}.rpm - Removed: No longer needed.
bokken-1.8-3.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
certifi‑2019.3.9‑2.fc25.noarch.rpm - Removed: No longer needed.
dc3dd-7.2.646-1.{fc27,fc28}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
dcfldd-1.3.4.1-2.fc29.{i686,x86_64}.rpm - Removed: Provided by Fedora.
dd_rescue-1.99.8-1.{fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
disktype-9-19.1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
dislocker{,-libs}-0.7.1-1.el7.x86_64.rpm and fuse-dislocker-0.7.1-1.el7.86_64.rpm - Removed: Provided by EPEL.
efilter-1.5-1.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm - Removed: No longer needed.
elasticsearch5-5.5.5-2.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
elasticsearch-6.3.1-2.{fc25,fc30}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
fuse-exfat-1.0.1-1.{fc25,fc26}.{i686,x86_64}.rpm - Removed: No longer needed.
ip4r-2.0.2-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
libiconv{,‑devel,‑static,‑utils}-1.15-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
libp0f-2.0.8-1.{fc25,fc26}.{i686,x86_64}.rpm - Removed: No longer needed.
libpst-0.6.71-1.1.fc27.{i686,x86_64}.rpm - Removed: No longer needed.
libscca{,‑devel,‑python2,‑python3,‑tools}‑20181227‑3.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
md5deep-4.4-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
mdbtools{,‑devel,‑gui}-0.7-43.13.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
pefile‑2019.4.18‑1.fc25.noarch.rpm - Removed: No longer needed.
protobuf-c-1.3.0-1.fc29.{i686,x86_64}.rpm - Removed: Provided by Fedora.
pyparsing{,‑doc}‑2.4.0‑1.{fc25,fc30}.{i386,x86_64}.rpm - Removed: Provided by Fedora.
pyew‑2.3.0.0‑2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
python-apsw-3.19.3-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
python-biplist-1.0.3-1.{fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm - Removed: No longer needed.
python-certifi-2018.11.29-1.{fc26,fc27,fc28,fc29}.src.rpm - Removed: No longer needed.
python-construct-2.5.2-1.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm - Removed: No longer needed.
python-elasticsearch5-5.5.5-2.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
python-lz4-0.10.0-1.fc25.{i386,x86_64}.rpm - Removed: No longer needed.
python-pefile-2018.8.8-1.{fc25,fc26,fc27,fc28,fc29}.src.rpm - Removed: - No longer needed.
python{2,3}-psutil-5.4.3-4.fc25.{i686,x86_64}.rpm - Removed: No longer needed.
python-radare-2.1.6.0-1.{fc26,fc27}.{i686,x86_64}.rpm - Removed: No longer needed.
python-radare2-2.9.0-1.{fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
python-rarfile-3.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Removed: No longer needed.
radare{,‑devel}-2.1.6.0-1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: No longer needed.
radare2{,‑devel,‑common}-2.7.0-1.{fc26,fc27,fc28}.{i386,x86_64}.rpm Provided by Fedora.
radare2{,‑devel,‑common}-2.9.0-1.fc29.{i386,x86_64}.rpm Provided by Fedora.
requests-2.21.0-1.{fc25,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Removed - suitable version provided by Fedora.
python{2,3}-scapy-2.4.0-4.fc25.noarch.rpm - Removed: Provided by Fedora.
ssdeep-2.14.1-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
vala{,‑devel,‑doc,‑tools}-0.20-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and emacs-vala-0.20-1.{fc29,fc30}.{i686,x86_64}.rpm . No longer needed.
valabind-0.10.0-4.{fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm - Removed: No longer needed.
xmount-0.7.6-3.{fc27,fc28,fc29}.{i686,x86_64}.rpm - Removed: Provided by Fedora.
yara-python-3.6.3-1.,fc25.{i686,x86_64}.rpm - Removed: Provided by Fedora.
zeromq3-3.2.5-3.fc28.{i686,x86_64}.rpm - Removed: Provided by Fedora.

These changes additional have been made:

cutter-1.8.1-20190514.fc30.{i686,x86_64}.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. This version is built with the source code that is available on 2019-05-14. Note that this release is only available for Fedora 30 because it relies on Qt version 5.12.
pfring‑7.4.0‑2519.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring‑dkms‑7.4.0‑2519.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi‑2.8.0‑1571.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}‑dfdatetime‑20190517‑1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python{2,3}‑dfwinreg‑20190517‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python{2,3}‑dfwinreg‑20190329‑1.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.16-300 for FC30
- 5.0.14-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.16-300 for FC30
- 5.0.14-200 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.16-200 for FC29
- 5.0.14-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.16-200 for FC29
- 5.0.14-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.16-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.16-100 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.51.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.12.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-51.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.12.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.53.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.14.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-53.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.14.2 for EL6

May 10, 2019: The following changes have been made:

Fedora 30 - The repository now supports Fedora 30 for the x86_64 and i386 CPU architectures. Here is the list of tools provided for Fedora 30:

2hash
acr
aeskeyfind
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
biplist
CERT-Forensics-Tools
cert-forensics-tools-release
certifi
construct
crunch
cryptcat
cutter
daq
dcp
ddrescue
ddrescueview
ddrutility
dfdatetime
dfvfs
dfwinreg
distorm3
DropboxReader
dtfabric
eindeutig
elasticsearch
epub
exfat-utils
fatback
fcrackzip
femto
fmem-kernel-modules
fred
fundl
galleta
ghidra
ghostpdl

grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
jafat
KHracker
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsapfs
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi

libqcow
libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
missidentify
mount_ewf
nDPI
netsa-python
packetexaminer
pasco
pefile
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
pyfixbuf
pyparsing
python-apsw
python-CFPropertyList
python-colorama
python-construct
python-dpapick
python-haystack
python-ioc_writer
python-pycoin

python-rarfile
python-registry
python-sqlite3dbm
python-ssdeep
python-unicodecsv
python-yara
pytsk3
qtmltfs
rar
registrydecoder
reglookup
regripper
regripper-plugins
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
stegdetect
super_mediator
tln_tools
unrar
untex
vala
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xlsxwriter
xplico
yaf

lime-kernel-modules-1.1.r17-16.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 30 x86_64 and i386 architectures was added.
fmem-kernel-modules-1.6-1.16.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 30 x86_64 and i386 architectures was added.
CERT-Forensics-Tools-1.0-84.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-84.el7.x86_64.rpm - The changes since the last release (1.0-83) are the following:
- The dff package is not installed on Fedora 30.
- The kracked package is not installed on Fedora 30.
python{2,3}-xlsxwriter-1.1.8-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.7).
libfsapfs{,‑devel,‑python2,‑python3,‑tools}‑20190510‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python2,‑tools}‑20190510‑1.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python2,‑python3,‑tools}‑20190510‑1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS).
sleuthkit{,‑devel,‑libs}‑4.6.6‑1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,‑devel,‑libs}‑4.6.6‑1.el7.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.6.5) released to this repository.
pytsk3‑20190507‑1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and pytsk3‑20190507-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit.
python{2,3}‑dpkt‑1.9.2‑1.fc26.{i686,x86_64}.rpm - Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python. This package was built to support plaso.
plaso‑20190331‑2.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso‑20190331‑2.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release uses Python 3 instead of Python 2.

Please note that for Fedora 24 and 25 and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.

For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
winreg‑kb‑20190507‑1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Winreg-kb-kb winreg-kb is a project to build a Windows Registry Knowledge Base. winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources. See these scripts that make use of package. Note that winreg-kb is not available for CentOS/RHEL 6 because of the old version of Python 2. This version uses Python 3.
winevt‑kb‑20190507-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm - Winevt-kb is a project to build a Windows Event Log knowledge base. winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources. See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them. This version uses Python 3.
daq{,‑devel,‑modules}‑2.0.6‑7.1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,‑devel,‑modules}‑2.0.6‑7.1.el7}.x86_64.rpm - The Data Acquisition Library (Daq) is a library used by snort.
pfring‑7.4.0‑2504.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring‑dkms‑7.4.0‑2504.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi‑2.8.0‑1564.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
guymager-0.8.8-2.{fc24,fc25,fc26,fc27,fc28.fc29,fc30,el6,el7}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. See here for the list of changes. This release contains no new functionality and was rebuilt to include a patch for GCC 8 which is standard on Fedora 28, 29, and 30.
fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.13-300 for FC30
- 5.0.11-300 for FC30
lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.13-300 for FC30
- 5.0.11-300 for FC30
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.13-200 for FC29
- 5.0.11-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.13-200 for FC29
- 5.0.11-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.13-100 for FC28
- 5.0.11-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.13-100 for FC28
- 5.0.11-100 for FC28

May 3, 2019: The following changes have been made:

httplib2‑0.12.3‑1.el7.noarch.rpm - Httpib2 is comprehensive HTTP client library, httplib2 supports many features left out of other HTTP libraries. This package was installed for CentOS/RHEL 7 to support xplico. Please note that for CentOS/RHEL 7, this package was built incorrectly and was not usable. These build problems have been fixed in this release.
nDPI{,‑devel}‑2.9.0‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and nDPI{,‑devel}‑2.9.0‑1.el7.x86_64.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.
xplico-1.2.2-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and xplico-1.2.2-2.el7.x86_64.rpm - xplico is an Internet traffic decoder. The changes include:
- CakePHP updated to 2.10.17
- Migration from GeoIP to GeoIP2
- nDPI updated to 2.9
ghirdra-9.0.2-PUBLIC_20190403.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and dhirdra-9.0-PUBLIC_20190228.el7.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. See the list of changes and improvement here.

Please note that you must install the JDK for Ghidra to work. In testing, The Java Development Kit (JDK) version 11.0.2 was used and worked successfully. Ghidra expects a program named java to be available in the directories named in the PATH variable.
python{2,3}‑bencode-2.0.0-2.el7.noarch.rpm - Bencode re-packages the existing bencoding
python{2,3}‑biplist-1.0.3-2.el7.x86_64.rpm - Biplist is a library for reading/writing binary plists. Binary Property List (plist) files provide a faster and smaller serialization format for property lists on OS X. This is a library for generating binary plists which can be read by OS X, iOS, or other clients.
python{2,3}‑dfdatetime-20190116-2.el7.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python{2,3}-dfwinreg-20190329-1.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
python2-dtfabric-20190120-2.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
python{2,3}-elasticsearch-6.3.1-2.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
idna-2.5-1.el7.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as “IDNA 2008”.
zmq-14.3.1-1.el7.noarch.rpm - ZMQ is the Python bindings for ØMQ. This documentation currently contains notes on some important aspects of developing PyZMQ and an overview of what the ØMQ API looks like in Python. For information on how to use ØMQ in general, see the many examples in the excellent ØMQ Guide, all of which have a version in Python.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.10-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.10-200 for FC29
fmem-kernel-modules-el7-x86_64-1.6-1.50.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.12.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-50.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.12.1 for EL7

April 26, 2019: The following changes have been made:

python{2,3}‑dfvfs-20190301-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python2‑dfvfs‑20190301‑1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
python{2,3}-xlsxwriter-1.1.7-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.5).
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.9-200 for FC29
- 5.0.8-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.9-200 for FC29
- 5.0.8-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.8-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.8-100 for FC28

April 19, 2019: The following changes have been made:

pfring-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.

To install this package, you must first do the following:
sudo rpm -ev pfring pfring-dkms --nodeps
followed by:
sudo yum -y install pfring pfring-dkms
pfring-dkms-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

To install this package, you must first do the following:
sudo rpm -ev pfring pfring-dkms --nodeps
followed by:
sudo yum -y install pfring pfring-dkms
ndpi-2.8.0-1540.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}-pefile‑2019.4.18‑1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - PEFile is a Portable Executable reader module.
python{2,3}‑artifacts‑20190320‑1.el7.x86_64.rpm and artifacts‑data‑20190320‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libfixbuf{,‑devel}-2.3.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libfixbuf{,‑devel}-2.3.1-1.el7.x86_64.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.1‑3.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.1‑3.el7.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This package was rebuilt to use libfixbuf 2.3.1.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.1‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.1‑4.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This package was rebuilt to use libfixbuf 2.3.1.
libschemaTools{,‑devel}‑1.3‑5‑{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libschemaTools{,‑devel}‑1.3‑5‑el7.x86_64.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. This package was rebuilt to use libfixbuf 2.3.1.
pyfixbuf-0.7.0-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pyfixbuf-0.7.0-2.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases. This package was rebuilt to use libfixbuf 2.3.1.
analysis‑pipeline‑5.10-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis‑pipeline‑5.10-2.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.3.1.
super_mediator‑1.7.0‑2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator‑1.7.0‑2.el7.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use libfixbuf 2.3.1.
yaf{,‑devel}‑2.11.0-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and yaf{,‑devel}-2.11.0-2.el7.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring. This package was rebuilt to use libfixbuf 2.3.1.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.7-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.7-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.7-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.7-100 for FC28

April 12, 2019: The bulk of the changes this week deal with the release of Python 3.6 in the Extra Packages for Enterprise Linux (EPEL) repository for CentOS/RHEL 7. This release is the preferred package which obsoletes Python 3.3.2 that was previously provided in LiFTeR. To that end, Python 3.3.2 was removed from LiFTeR and most of the following packages have been rebuilt to use Python 3.6 for CentOS/RHEL 7. For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality. The following changes have been made:

pfring-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2489.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1537.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
capstone{,‑devel}‑3.0.5‑1.el6.{i386,x86_64}.rpm and python2-capstone‑3.0.5‑1.el6.{i386,x86_64}.rpm - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. See here for the list of changes and future features. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
pyew‑2.3.0.0‑2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pyew‑2.3.0.0‑2.el7.x86_64.rpm - Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool. This package was rebuilt for CentOS/RHEL 6 because of the new capstone package. The other systems were rebuilt to maintain release numbering consistency.
libcreg{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libcreg{,‑devel,‑python2,‑tools}‑20181101‑2.el6.{i686,x86_64}.rpm, and libcreg{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.el7}.x86_64.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libesedb{,‑devel,‑python2,‑python3,‑tools}‑20181229‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python2,‑tools}‑20181229‑4.el6.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python2,‑python3,‑tools}‑20181229‑3.el7}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libevt{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,‑devel,‑python2,‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm, and libevt{,‑devel,‑python2,‑python3,‑tools}‑20181227-3.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libevtx{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,‑devel,‑python2,‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm, and libevtx{,‑devel,‑python2,‑python3,‑tools}‑20181227‑3.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libewf{,‑devel,‑tools,‑python2,‑python3,‑tools}‑20160718‑20140806.2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libewf{,‑devel,‑tools,‑python2,‑tools}‑20160718‑20140806.2.el6.{i686,x86_64}.rpm, and libewf{,‑devel,‑tools,‑python2,‑python3,‑tools}‑20160718‑20140806.2.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.

This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libexe{,‑devel,‑python2,‑python3,‑tools}‑20181128‑3.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libexe{,‑devel,‑python2,‑tools}‑20181128‑3.el6.{i686,x86_64}.rpm, and libexe{,‑devel,‑python2,‑python3,‑tools}‑20181128‑3.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfsapfs{,‑devel,‑python2,‑python3,‑tools}‑20190210‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python2,‑tools}‑20190210‑3.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python2,‑python3,‑tools}‑20190210‑3.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfsext{,‑devel,‑python2,‑python3,‑tools}‑20190115‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsext{,‑devel,‑python2,‑tools}‑20190115‑2.el6.{i686,x86_64}.rpm , and libfsext{,‑devel,‑python2,‑python3,‑tools}‑20190115‑2.el7.x86_64.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT). Note that this project currently only focuses on the analysis of the format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libfshfs{,‑devel,‑python2,‑python3,‑tools}‑20181101‑4.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm, libfshfs{,‑devel,‑python2,‑tools}‑20181101‑4.el6.{i686,x86_64}.rpm, and libfshfs{,‑devel,‑python2,‑python3,‑tools}‑20181101‑3.el7.x86_64.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfsntfs{,‑devel,‑python2,‑python3,‑tools}‑20190104‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python2,‑tools}‑20190104‑4.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python2,‑python3,‑tools}‑20190104‑4.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfvde{,‑devel,‑python2,‑python3,‑tools}‑20190104‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python2,‑tools}‑20190104‑3.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python2,‑python3,‑tools}‑20190104‑3.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libfwnt{,‑devel,‑python2,‑python3}‑20181227‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python2}‑20181227‑3.el6.x86_64.rpm, and libfwnt{,‑devel,‑python2,‑python3}‑20181227‑3.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libluksde{,‑devel,‑python2,‑python3,‑tools}‑20180514‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libluksde{,‑devel,‑python2,‑python3,‑tools}‑20180514‑1.el7.x86_64.rpm, and libluksde{,‑devel,‑python,‑tools}‑20180514‑1.el6.{i686,x86_64}.rpm - Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes. See here for the list of changes. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libmodi{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libmodi{,‑devel,‑python2,‑tools}‑20181101‑2.el6.{i686,x86_64}.rpm, and libmodi{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.el7.x86_64.rpm - Libmodi is a lbrary and tools to access the Mac OS disk image formats. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libnk2{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libnk2{,‑devel,‑python2,‑tools}‑20181101‑2.el6.{i686,x86_64}.rpm , and libnk2{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.el7.x86_64.rpm - Libnk2 is a lbrary and tools to access Microsoft Outlook Nickfile (NK2) format files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libpff{,‑devel,‑python2,‑python3,‑tools}‑20180714‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm , libpff{,‑devel,‑python2,‑tools}‑20180714‑4.{i686,x86_64}.rpm , and libpff{,‑devel,‑python2,‑python3,‑tools}‑20180714‑4.el7.x86_64.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libphdi{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libphdi{,‑devel,‑python2,‑tools}‑20181101‑1.el6.{i686,x86_64}.rpm, and libphdi{,‑devel,‑python2,‑python3,‑tools}‑20181101‑2.el7.x86_64.rpm - Libphdi is a library to access the Parallels Hard Disk image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libqcow{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python2,‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libregf{,‑devel,‑python2,‑python3,‑tools}‑20190303‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python2,‑tools}‑20190303‑2.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python2,‑python3,‑tools}‑20190303‑2.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libscca{,‑devel,‑python2,‑python3,‑tools}‑20181227‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,‑devel,‑python2,‑tools}‑20181227‑3.el6.{i686,x86_64}.rpm, and libscca{,‑devel,‑python2,‑python3,‑tools}‑20181227‑3.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libsigscan{,‑devel,‑python2,‑python3,‑tools}‑20190103‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python2,‑tools}‑20190103‑3.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python2,‑python3,‑tools}‑20190103‑3.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libsmdev{,‑devel,‑python2,‑python3,‑tools}‑20190315‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python2,‑tools}‑20190315‑2.el6}.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python2,‑python3,‑tools}‑20190315‑2.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libsmraw{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python2,‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvhdi{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python2,‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm, and libvhdi{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvmdk{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python2,‑tools}‑20181227‑4.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python2,‑python3,‑tools}‑20181227‑4.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvshadow{,‑devel,‑python2,‑python3,‑tools}‑20190323‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python2,‑tools}‑20190323‑2.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python2,‑python3,‑tools}‑20190323‑2.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvslvm{,‑devel,‑python2,‑python3,‑tools}‑20181227‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python2,‑tools}‑20181227‑3.el6.{i686,x86_64}.rpm, and libvslvm{,‑devel,‑python2,‑python3,‑tools}‑20181227‑3.el7}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
libvsmbr{,‑devel,‑python2,‑python3,‑tools}‑20180731‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm , libvsmbr{,‑devel,‑python2,‑tools}‑20180731‑2.el6.{i686,x86_64}.rpm, and libvsmbr{,‑devel,‑python2,‑python3,‑tools}‑20180731‑2.el7.x86_64.rpm - Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency. This release also renames the Python package as -python2 and provides backward compatibility to the -python named package.
libwrc{,‑devel,‑python2,‑python3,‑tools}‑20181203‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libwrc{,‑devel,‑python2,‑tools}‑20181203‑3.el6.{i686,x86_64}.rpm, and libwrc{,‑devel,‑python2,‑python3,‑tools}‑20181203‑3.el7.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
certifi‑2019.3.9‑2.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
python{2,3}‑construct‑2.5.2‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm, python2‑construct‑2.5.2‑3.el6.noarch.rpm, and python{2,36}‑construct‑2.5.2‑3.el7.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
python{2,3}-pefile‑2018.8.8‑2.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - PEFile is a Portable Executable reader module. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
pyparsing{,‑doc}‑2.4.0‑1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm, python3‑pyparsing‑2.4.0‑1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm, pyparsing{,‑doc}‑2.4.0‑1.el7.x86_64.rpm, python3‑pyparsing‑2.4.0‑1.el7.x86_64.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
pytsk3‑20190316‑2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pytsk3‑20190316-2.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit. This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
python{2,3}-xlsxwriter-1.1.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.5). This release now references Python 3.6 from the EPEL repository for CentOS/RHEL 7. The other systems were rebuilt to maintain release numbering consistency.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.6-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.6-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.6-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.6-100 for FC28
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.52.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.12.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-52.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.12.1 for EL6

April 8, 2019: EMERGENCY RELEASE: CentOS/RHEL 7 now includes Python 3.6 in the EPEL library for CentOS and RHEL. To install the changes noted below, the following must be done first:

sudo rpm -ev python3 python3-libs --nodeps

The following changes have been made:

httplib2-0.12.1-1.el7.noarch.rpm - Httpib2 is comprehensive HTTP client library, httplib2 supports many features left out of other HTTP libraries. This package was installed for CentOS/RHEL 7 to support xplico. Note: the packages installed are named python2-httplib2 and python3-httplib2.
psycopg2{,‑debug,‑docs}-2.8.1-1.el7.x86_64.rpm - Python-psycopg2 is a PostgreSQL adapter for the Python programming language. At its core it fully implements the Python DB API 2.0 specifications. Several extensions allow access to many of the features offered by PostgreSQL. This package was installed for CentOS/RHEL 7 to support xplico. Note: the packages installed are named python2-psycopg2 and python3-psycopg2.
xplico-1.2.1-2.el7.x86_64.rpm - xplico is an Internet traffic decoder. This package was rebuilt because of the inclusion of Python 3.6 in the EPEL library.
libfwsi{,‑devel,‑python2,‑python3}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python2}-20181227-3.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python2,‑python3}-20181227-3.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. This release fixes a package revision error.
liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm, - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. This release fixes a package revision error.
libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. This release fixes a package revision error.
libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python2,‑tools}-20181231-3.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-3.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. This release fixes a package revision error.
scapy-2.4.0-5.el7.noarch.rpm - Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc. This package was rebuilt because of the inclusion of Python 3.6 in the EPEL library.

April 5, 2019: The following changes have been made:

pfring-7.4.0-2483.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2483.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1534.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}‑dfwinreg‑20190329‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
certifi-2019.3.9-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Note: the packages installed are named python2-certifi and python3-certifi for Fedora 24 through 29 and CentOS/RHEL 7.
python{2,3}-requests-2.21.0-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm - Python-requests is an Apache2 Licensed HTTP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HTTP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
Volatility-2.6.1-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6.1 that has been patched to April 3, 2019. You can read about this version here
plaso-20190331-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20190331-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. The changes to this release are noted here.

Please note that for Fedora 24, 25, and 26, and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.

For Fedora 24, 25, 26, and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.

For Fedora 27, 28, and 29, this version of plaso no longer requires either elasticsearch5 or efilter. They may be safely removed with the following
sudo dnf remove python{,2}-elasticsearch5 python{,2}-efilter
Note that for Fedora 24, 25, 26 and CentOS/RHEL 7, these packages are automatically removed from the Python Virtual Environment.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.5-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.5-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.5-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.5-100 for FC28

March 29, 2019: The following changes have been made:

libbde{,‑devel,‑python2,‑python3,‑tools}‑20190317‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python2,‑tools}‑20190317‑1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python2,‑python3,‑tools}‑20190317‑1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libsmdev{,‑devel,‑python2,‑python3,‑tools}-20190315-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python2,‑tools}-20190315-1.el6}.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python2,‑python3,‑tools}-20190315-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
pytsk3-20190316-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pytsk3-20190316-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit. Note: the packages installed are named python2-pytsk3 and python3-pytsk3 for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
pfring-7.4.0-2468.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2468.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1527.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}‑artifacts‑20190320‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm and artifacts‑data‑20190320‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libvshadow{,‑devel,‑python2,‑python3,‑tools}-20190323-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python2,‑tools}-20190323-1.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python2,‑python3,‑tools}-20190323-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
libfixbuf{,‑devel}-2.3.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libfixbuf{,‑devel}-2.3.0-1.el7.x86_64.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
pyfixbuf-0.7.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pyfixbuf-0.7.0-1.el7.x86_64.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.1-1.el7.x86_64.rpm and - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.1‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.1‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
libschemaTools{,‑devel}-1.3-4-{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libschemaTools{,‑devel}-1.3-4-el7.x86_64.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 2.3.0.
analysis-pipeline-5.10-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.10-1.el7.x86_64.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes.
super_mediator-1.7.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.7.0-1.el7.x86_64.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
yaf{,‑devel}-2.11.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and yaf{,‑devel}-2.11.0-1.el7.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
dcp-1.0.6-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and dcp-1.0.6-1.el7.x86_64.rpm - Dcp combines cp, stat, md5sum and shasum to streamline mirroring and gathering information about all the files copied. All information gathered is written to an output file. The output file can be fed back into dcp when copying snapshots of a directory, this allows only files which differ in location or hash to be copied.
femto-1.3.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and femto-1.3.0-1.el7.x86_64.rpm - FEMTO is an indexing and search system for queries on sequences of bytes. FEMTO stands for the FM-index for External Memory with Throughput Optimizations. This tool supports building large indexes in parallel with MPI and then searching large indexes with a multithreaded server.
ghirdra-9.0-PUBLIC_20190228.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and dhirdra-9.0-PUBLIC_20190228.el7.x86_64.rpm - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.

Please note that you must install the JDK for Ghidra to work. In testing, The Java Development Kit (JDK) version 11.0.2 was used and worked successfully. Ghidra expects a program named java to be available in the directories named in the PATH variable.
CERT-Forensics-Tools-1.0-83.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-83.el7.x86_64.rpm - The changes since the last release (1.0-82) are the following:
- The dcp package is installed except for CentOS/RHEL 6.
- The femto package is installed.
- The ghidra package is installed except for CentOS/RHEL 6.
examiner-tooldocumentation-1.18-10.el7.noarch.rpm - The following packages were updated to added to the documetation suite found on the desktop:
- dcp
- ghidra
- femto_index
- femto_search
- appcompatcache.py
- application_identifiers.py
- mru.py
- msie_zone_info.py
- process_tree.py
- profiles.py
- programscache.py
- sam.py
- services.py
- shellfolders.py
- srum_extensions.py
- sysinfo.py
- task_cache.py
- type_libraries.py
- userassist.py
Once this package has been updated, run the following command:
sudo manage-examiner-login -S -v
to install these changes in the examiner's desktop.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 5.0.4-200 for FC29
- 5.0.3-200 for FC29
- 4.20.16-200 for FC29
- 4.20.15-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 5.0.4-200 for FC29
- 5.0.3-200 for FC29
- 4.20.16-200 for FC29
- 4.20.15-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.17-100 for FC28
- 4.20.16-100 for FC28
- 4.20.15-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.17-100 for FC28
- 4.20.16-100 for FC28
- 4.20.15-100 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.49.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.10.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-49.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.10.1 for EL7

March 15, 2019: The following changes have been made:

python{2,3}‑dfvfs-20190301-1.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm and python2‑dfvfs‑20190301‑1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
python{2,3}‑dfwinreg‑20190311‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python2‑dfwinreg‑20190329‑2.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
pfring-7.4.0-2456.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2456.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1507.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.14-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.14-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.14-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.14-100 for FC28

March 8, 2019: The following changes have been made:

pfring-7.4.0-2446.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2446.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.8.0-1499.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
libregf{,‑devel,‑python2,‑python3,‑tools}-20190303-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python2,‑tools}-20190303-1.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python2,‑python3,‑tools}-20190303-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
apfs-fuse-20190304-1.{fc24,fc25,fc26,fc27,fc28.fc29}.{i386,x86_64}.rpm and apfs-fuse-20181116-1.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.

Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
autopsy-4.10.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and autopsy-4.10.0-1.el7.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

In addition, the Java™ Platform, Standard Edition Development Kit (JDK™) from Oracle also needs to be installed before running autopsy. That package can be found here. Testing has been verified to work with JDK 11.0.2.
ddrescue-1.24-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. See here for the changes since the last version (1.23) released to this repository.
libodraw{,‑devel,‑tools}-20190118-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and libodraw{,‑devel,‑tools}-20190118-1.el7.x86_64.rpm - Libodraw is a library to access to optical disc (split) RAW image files (bin/cue, iso/cue).
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.13-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.13-200 for FC29

March 1, 2019: The following changes have been made:

python{2,3}-xlsxwriter-1.1.5-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.4).
pfring-7.4.0-2433.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2433.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1492.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
python{2,3}‑artifacts‑20190227‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm , artifacts‑data‑20190227‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm, python2‑artifacts‑20190227‑1.el7.x86_64.rpm, and artifacts‑data‑20190227‑1.el7.x86_64.rpm -
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.12-200 for FC29
- 4.20.11-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.12-200 for FC29
- 4.20.11-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.11-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.11-100 for FC28
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.51.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.11.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-51.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.11.1 for EL6

February 21, 2019: The following changes have been made:

pfring-7.4.0-2417.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2417.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1489.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.10-200 for FC29
- 4.20.8-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.10-200 for FC29
- 4.20.8-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.8-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.8-100 for FC28

February 15, 2019: The bulk of the changes noted here consist of new revisions of existing packages that have been rebuilt to eliminate errors that arose when the Python 2 and Python 3 versions of packages were installed on the same machine. Earlier packages were built incorrectly.

The following changes have been made:

python{2,3}-xlsxwriter-1.1.4-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm and python2-xlsxwriter-1.1.4-1.el6.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.1.2). Note: the packages installed are named python2-xlsxwriter and python3-xlsxwriter for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
libfsapfs{,‑devel,‑python2,‑python3,‑tools}-20190210-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python2,‑tools}-20190210-2.el6.{i686,x86_64}.rpm and libfsapfs{,‑devel,‑python2,‑python3,‑tools}-20190210-2.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
plaso-20190131-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20190131-2.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This revision changed some of the dependencies for the Python Virtual Environment-based version for Fedora 24 and 25 and CentOS/RHEL 7.

For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.

For Fedora 24 and 25, the recommended way to install this update is the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo dnf -y install plaso
and for CentOS/RHEL 7, the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo yum -y install plaso
pfring-7.4.0-2414.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2414.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1488.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
libbde{,‑devel,‑python2,‑python3,‑tools}‑20190102‑3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python2,‑tools}‑20190102‑3.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python2,‑python3,‑tools}‑20190102‑3.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libesedb{,‑devel,‑python2,‑python3,‑tools}-20181229-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python2,‑tools}-20181229-3.el6.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python2,‑python3,‑tools}-20181229-3.el7}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libevt{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and libevt{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libevtx{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and libevtx{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libfshfs{,‑devel,‑python2,‑python3,‑tools}-20181101-3.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm, libfshfs{,‑devel,‑python,‑tools}-20181101-3.el6.{i686,x86_64}.rpm, and libfshfs{,‑devel,‑python2,‑python3,‑tools}-20181101-3.el7.x86_64.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format. This release fixes a problem where the python2 and python3 versions were to be installed on the same system and renames the python version to python2.
libfsntfs{,‑devel,‑python2,‑python3,‑tools}-20190104-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python2,‑tools}-20190104-3.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python2,‑python3,‑tools}-20190104-3.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libfwsi{,‑devel,‑python2,‑python3}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python2}-20181227-2.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python2,‑python3}-20181227-2.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python2,‑tools}-20181231-3.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-3.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libpff{,‑devel,‑python2,‑python3,‑tools}-20180714-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm , libpff{,‑devel,‑python,‑tools}-20180714-3.{i686,x86_64}.rpm , and libpff{,‑devel,‑python2,‑python3,‑tools}-20180714-3.el7.x86_64.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libqcow{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libregf{,‑devel,‑python2,‑python3,‑tools}-20181231-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python2,‑tools}-20181231-3.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python2,‑python3,‑tools}-20181231-3.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libsmdev{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python2,‑tools}-20181227-3.el6}.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libsmraw{,‑devel,‑python2,‑python3,‑tool2}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libvshadow{,‑devel,‑python2,‑python3,‑tools}-20190127-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python2,‑tools}-20190127-3.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python2,‑python3,‑tools}-20190127-3.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libvhdi{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and libvhdi{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
libvmdk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python2,‑tools}-20181227-3.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python2,‑python3,‑tools}-20181227-3.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
python{2,3}-dfvfs-20190128-4.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.7-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.7-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.7-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.7-100 for FC28

February 8, 2019: The following changes have been made:

python{2,3}‑biplist-1.0.3-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python2‑biplist-1.0.3-2.el7.x86_64.rpm - Biplist is a library for reading/writing binary plists. Binary Property List (plist) files provide a faster and smaller serialization format for property lists on OS X. This is a library for generating binary plists which can be read by OS X, iOS, or other clients.
elasticsearch5-5.5.5-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and elasticsearch5-5.5.5-2.el7.x86_64.rpm - ElasticSearch5 is a low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
python{2,3}-elasticsearch-6.3.1-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm , python2-elasticsearch-6.3.1-2.el6.{i686,x86_64}.rpm , and python2-elasticsearch-6.3.1-2.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
plaso-20190131-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20190131-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This version was changed to use the new package names for the packages noted above.

For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.

For Fedora 24 and 25, the recommended way to install this update is the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo dnf -y install plaso
and for CentOS/RHEL 7, the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo yum -y install plaso
pfring-7.4.0-2398.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2398.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libfsapfs{,‑devel,‑python2,‑python3,‑tools}-20190206-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python2,‑tools}-20190206-1.el6.{i686,x86_64}.rpm and libfsapfs{,‑devel,‑python2,‑python3,‑tools}-20190206-1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
crunch-3.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm and crunch-3.6-1.el7.x86_64.rpm - Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Here are its features:
- generates wordlists in both combination and permutation ways
- can breakup output by number of lines or file size
- now has resume support
- pattern now supports number and symbols
- pattern now supports upper and lower case characters separately
- adds a status report when generating multiple files
- new -l option for literal support of @, $, and ^
- new -d option to limit duplicate characters; see man page for details
- now has unicode support
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.6-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.6-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.6-100 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.6-100 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.48.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.5.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-48.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.5.1 for EL7

February 1, 2019: The bulk of the changes noted here consist of new revisions of existing packages that have been rebuilt to rename packages to include the appropriate Python version, currently either Python 2 or Python 3. For example, the package libfsntfs-python has been rebuilt and the package named libfsntfs-python2. Further the Python 2 version of these packages also provides the previous package name, libfsntfs-python in this case, for backward compatibility.

In other cases, some packages previously built for Python 2 only have been rebuilt for both Python 2 and Python 3 and the packages appropriately renamed. Again, the Python 2 versions of these packages also provide the previous simple package name for backward combability. As an example, the package previous known as dtfabric now consists of two packages named python2-dtfabric and python3-dtfabric, with the package python2-dtfabric also providing dtfabric again for backward compatibility.

The following changes have been made:

sleuthkit{,‑devel,‑libs}-4.6.5-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and sleuthkit{,‑devel,‑libs}-4.6.5-1.el7.x86_64.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.6.3) released to this repository.
pytsk3-20190121-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and pytsk3-20190122-1.el7.x86_64.rpm - Pytsk is Python bindings for The Sleuth Kit. Note: the packages installed are named python2-pytsk3 and python3-pytsk3 for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
python{2,3}-dtfabric-20190120-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python2-dtfabric-20190120-2.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
libfsapfs{,‑devel,‑python2,‑python3,‑tools}-20181215-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python2,‑tools}-20181205-2.el6.{i686,x86_64}.rpm and libfsapfs{,‑devel,‑python2,‑python3,‑tools}-20181205-2.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
libbde{,‑devel,‑python2,‑python3,‑tools}-20190102-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python2,‑tools}-20190102-2.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python2,‑python3,‑tools}-20190102-2.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libesedb{,‑devel,‑python2,‑python3,‑tools}-20181229-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python2,‑tools}-20181229-2.el6.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python2,‑python3,‑tools}-20181229-2.el7}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
libevt{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, and libevt{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm ,libevt{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, and libevtx{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, libevtx{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libfsntfs{,‑devel,‑python2,‑python3,‑tools}-20190104-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python2,‑tools}-20190104-2.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python2,‑python3,‑tools}-20190104-2.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libfwnt{,‑devel,‑python2,‑python3}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python2}-20181227-2.el6.x86_64.rpm, and libfwnt{,‑devel,‑python2,‑python3}-20181227-2.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types.
liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python2,‑tools}-20181231-2.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python2,‑python3,‑tools}-20181231-2.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
libqcow{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libregf{,‑devel,‑python2,‑python3,‑tools}-20181231-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python2,‑tools}-20181231-2.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python2,‑python3,‑tools}-20181231-2.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
libscca{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libscca{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
libsigscan{,‑devel,‑python2,‑python3,‑tools}-20190103-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python2,‑tools}-20190103-2.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python2,‑python3,‑tools}-20190103-2.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning.
libsmdev{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python2,‑tools}-20181227-2.el6}.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
libsmraw{,‑devel,‑python2,‑python3,‑tool2}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libvhdi{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libvhdi{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvshadow{,‑devel,‑python2,‑python3,‑tools}-20190127-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python2,‑tools}-20190127-2.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python2,‑python3,‑tools}-20190127-2.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
libvslvm{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libvslvm{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
libvmdk{,‑devel,‑python2,‑python3,‑tools}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python2,‑tools}-20181227-2.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python2,‑python3,‑tools}-20181227-2.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libfvde{,‑devel,‑python2,‑python3,‑tools}-20190104-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python2,‑tools}-20190104-2.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python2,‑python3,‑tools}-20190104-2.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
python{2,3}‑dfdatetime-20190116-2.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python{2,3}‑dfwinreg‑20190122‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and python2‑dfwinreg‑20190122‑2.el7.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
libexe{,‑devel,‑python2,‑python3,‑tools}-20181128-2.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libexe{,‑devel,‑python2,‑tools}-20181128-2.el6.{i686,x86_64}.rpm, and libexe{,‑devel,‑python2,‑python3,‑tools}-20181128-2.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format.
libwrc{,‑devel,‑python2,‑python3,‑tools}-20181203-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libwrc{,‑devel,‑python2,‑tools}-20181203-2.el6.{i686,x86_64}.rpm, and libwrc{,‑devel,‑python2,‑python3,‑tools}-20181203-2.el7.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
libewf{,‑devel,‑tools,‑python2,‑python3,‑tools}-20160718-20140806.1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libewf{,‑devel,‑tools,‑python2,‑tools}-20160718-20140806.1.el6.{i686,x86_64}.rpm, and libewf{,‑devel,‑tools,‑python2,‑python3,‑tools}-20160718-20140806.1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.

This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806).
python{2,3}-construct-2.5.2-2.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm and python2-construct-2.5.2-2.el6.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data. Note: the packages installed are named python2-construct and python3-construct for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
python{2,3}‑artifacts‑20190113‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm , artifacts‑data‑20190113‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm, python2‑artifacts‑20190113‑2.el7.x86_64.rpm, and artifacts‑data‑20190113‑2.el7.x86_64.rpm -
python{2,3}‑bencode-2.0.0-2.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm - Bencode re-packages the existing bencoding and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency.
python{2,3}-xlsxwriter-1.1.2-2.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm and python2-xlsxwriter-1.1.2-2.el6.noarch.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.0.8). Note: the packages installed are named python2-xlsxwriter and python3-xlsxwriter for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
efilter-1.5-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.noarch.rpm - Efilter is a general purpose query language designed to be embedded in Python applications and libraries. It supports SQL-like syntax to filter your application's data and provides a convenient way to directly search through the objects your applications manages. A second use case for EFILTER is to translate queries from one query language to another, such as from SQL to OpenIOC and so on. A basic SQL-like syntax and a POC lisp implementation are included with the language, and others are relatively simple to add. Note: the packages installed are named python2-efilter and python3-efilter for Fedora 24 through 29 but there is no Python 3 version for CentOS/RHEL 6 and 7.
python{2,3}‑dfvfs-20190128-1.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm and python2‑dfvfs‑20190128‑1.el7.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
winreg-kb-20181223-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and winreg-kb-20181223-1.el7.x86_64.rpm - Winreg-kb-kb winreg-kb is a project to build a Windows Registry Knowledge Base. winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources. See these scripts that make use of package. Note that winreg-kb is not available for CentOS/RHEL 6 because of the old version of Python 2.
winevt-kb-20181223-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and winevt-kb-20181223-1.el7.x86_64.rpm - Winevt-kb is a project to build a Windows Event Log knowledge base. winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources. See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them.
pyparsing{,‑doc}-2.3.1-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i386,x86_64}.rpm, python3-pyparsing-2.3.1-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm , pyparsing{,‑doc}-2.3.1-1.el7.x86_64.rpm, python3-pyparsing-2.3.1-1.el7.x86_64.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code. Pyparsing is provided by RedHat for Fedora 21. Pyparsing version 2.3.3 is needed by plaso.
plaso-20181219-5.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20181219-5.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This version was changed to use the new package names for the packages noted above.

For Fedora 24 and 25, the recommended way to install this update is the following:
sudo rpm -ev plaso --nodeps; sudo dnf -y install plaso
and for CentOS/RHEL 7, the following:
sudo rpm -ev plaso --nodeps; sudo yum -y install plaso
pfring-7.4.0-2394.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2394.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1485.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.5-200 for FC29
- 4.20.4-200 for FC29
- 4.20.3-200 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.5-200 for FC29
- 4.20.4-200 for FC29
- 4.20.3-200 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.20.5-100 for FC28
- 4.20.4-100 for FC28
- 4.19.16-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.20.5-100 for FC28
- 4.20.4-100 for FC28
- 4.19.16-200 for FC28

January 18, 2019: The following changes have been made:

cutter-1.7.3-1.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-1.7.3-1.el7.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. This version of cutter is based on the code dated 2019-01-15 which was built to embed radare2 version 2.6.0 in it.
distorm3-3.4.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework.
libbde{,‑devel,‑python,‑python3,‑tools}-20190102-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20190102-1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20190102-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libbfio,{-devel}-20190112-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i386,x86_64}.rpm - Libbfio is a library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff. It is used to chain I/O to support file-in-file access.
libfplist{,‑devel}-20190101-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Libfplist is a library for plist formats. Note: this is a library only - there are no tools provided by these packages.
libfsext{,‑devel,‑python,‑python3,‑tools}-20190115-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsext{,‑devel,‑python,‑python3,‑tools}-20190115-1.el7.x86_64.rpm, and libfsext{,‑devel,‑python,‑tools}-20190115-1.el6.{i686,x86_64}.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT). Note that this project currently only focuses on the analysis of the format.
libfwevt{,‑devel}-20190102-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Libfwevt is a library for Windows XML Event Log (EVTX) data types. Note: this is a library only - there are no tools provided by these packages.
libsigscan{,‑devel,‑python,‑python3,‑tools}-20190103-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python,‑tools}-20190103-1.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python,‑python3,‑tools}-20190103-1.el7.x86_64.rpm, - Libsigscan is a library and tools used to binary signature scanning.
python-certifi-2018.11.29-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This package was supports plaso.
Volatility-2.6-6.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6 that has been patched to November 19, 2018. You can read about this version here
python‑dfdatetime-20190116-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
pfring-7.4.0-2377.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2377.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1476.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.15-300 for FC29
- 4.19.14-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.15-300 for FC29
- 4.19.14-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.15-200 for FC28
- 4.19.14-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.15-200 for FC28
- 4.19.14-300 for FC28
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.50.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.10.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-50.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.10.1 for EL6

January 14, 2019: The following changes have been made:

pfring-7.4.0-2374.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2374.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
artifacts‑20190113‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm and artifacts‑20190113‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.

Please note that with this release, it is no longer necessary to revert to version 20181213 of artifacts on Fedora 24, 25, or CentOS/RHEL 7 to fix a problem when using plaso. To install this version of artifacts on Fedora 24, 25, or CentOS/RHEL 7, run the command update-plaso.
libvshadow{,‑devel,‑python,‑python3,‑tools}-20190112-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python,‑tools}-20190112-1.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python,‑python3,‑tools}-20190112-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. To install this version of libvshadow on Fedora 24, 25, or CentOS/RHEL 7, run the command update-plaso.

January 11, 2019: The following changes have been made:

libfsntfs{,‑devel,‑python,‑python3,‑tools}-20190104-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python,‑tools}-20190104-1.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python,‑python3,‑tools}-20190104-1.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
libfvde{,‑devel,‑python,‑python3,‑tools}-20190104-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python,‑tools}-20190104-1.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python,‑python3,‑tools}-20190104-1.el7.6_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
plaso-20181219-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20181219-3.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.

Here are the recent changes:
- Release 2
  - For Fedora 24 and 25 and CentOS/RHEL 7, this release contains a new program named update-plaso, the purpose of which is to update the packages installed via pip for the Python Virtual Environment built for plaso. The recommendation is to run update-plaso routinely to keep plaso updated.
  - No changes were made for the Fedora 26, 27, 28, and 29 revisions of plaso.
- Release 3
  - For CentOS/RHEL 7, the version of Python 2 installed by default is 2.7.5 which is fairly old. This version causes problems in plaso. To solve these problems, the version of Python 2 - 2.7.13 - that is distributed as part of the RedHat Software Collections Library (SCL) is used for plaso. This resulted in a re-engineering of the installation and the installed scripts to use the scl program. This version contains those re-engineered versions. Use this version of plaso, run the following command
    sudo yum -y install centos-release-scl-rh
  - No changes were made for the Fedora 24, 25, 26, 27, 28, and 29 revisions of plaso.
Please note that the pip package artifacts, version 20190111, causes plaso to generate errors and exit prematurely. To solve this problem after installing or updating plaso on Fedora 24 or 25 or CentOS/RHEL 7, do the following:
sudo scl enable python27 -- /bin/sh -c "source /usr/local/lib/PythonVirtualEnvironments/plaso/bin/activate; pip uninstall artifacts; pip install artifacts==20181213"
pfring-7.4.0-2370.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2370.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1459.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.

January 4, 2019: The following changes have been made:

pfring-7.4.0-2360.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket. Here is the announcement of PF_Ring 7.4.
pfring-dkms-7.4.0-2360.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-2.6.0-1458.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection. Based on OpenDPI it includes ntop extensions.
libbde{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm , and libbde{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libesedb{,‑devel,‑python,‑python3,‑tools}-20181229-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python,‑tools}-20181229-1.el6.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python,‑python3,‑tools}-20181229-1.el7}.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
libevt{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libevt{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libevtx{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libevtx{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libfwnt{,‑devel,‑python,‑python3}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python}-20181227-1.el6.x86_64.rpm , and libfwnt{,‑devel,‑python,‑python3}-20181227-1.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types.
libfwsi{,‑devel,‑python,‑python3}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python}-20181227-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20181227-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
liblnk{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
libmsiecf{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libqcow{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm , and libqcow{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libscca{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libscca{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
libsmdev{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python,‑tools}-20181227-1.el6}.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
libsmraw{,‑devel,‑python,‑python3,‑tool2}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libsmraw{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm, - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libvhdi{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libvhdi{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libvslvm{,‑devel,‑python,‑python3,‑tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python,‑tools}-20181227-1.el6.{i686,x86_64}.rpm, and libvslvm{,‑devel,‑python,‑python3,‑tools}-20181227-1.el7}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
libolecf{,‑devel,‑python,‑python3,‑tools}-20181231-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python,‑tools}-20181231-1.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python,‑python3,‑tools}-20181231-1.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
libregf{,‑devel,‑python,‑python3,‑tools}-20181231-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python,‑tools}-20181231-1.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python,‑python3,‑tools}-20181231-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
python{2,3}-urllib3-1.24.1-2.fc26.{i686,x86_64}.rpm - Python-urllib3 is a powerful, sanity-friendly HTTP client for Python. Much of the Python ecosystem already uses urllib3. urllib3 brings many critical features that are missing from the Python standard libraries:
- Thread safety.
- Connection pooling.
- Client-side SSL/TLS verification.
- File uploads with multipart encoding.
- Helpers for retrying requests and dealing with HTTP redirects.
- Support for gzip and deflate encoding.
- Proxy support for HTTP and SOCKS.
- 100% test coverage.
This package was built to support plaso.
python{2,3}-requests-2.20.0-1.fc26.{i686,x86_64}.rpm - Python-requests is an Apache2 Licensed HTTP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HTTP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web. It requires an enormous amount of work (even method overrides) to perform the simplest of tasks. This package was built to support plaso.
plaso-20181219-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20181219-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.

Please note that for Fedora 24 and 25 and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
rekall-forensics-1.7.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm - Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers.

Please note that the installation of all of these ancillary packages neede by rekall use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.

Please also note that to install this package, you will first need to remove rekall-1.7.2 which was previously installed in the forensics-test repository. To do this, do the following:
sudo dnf erase rekall; sudo dnf install rekall-forensics
The program to run is now named rekall.py due to conflicts with another package named rekall.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.13-300 for FC29
- 4.19.12-301 for FC29
- 4.19.10-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.13-300 for FC29
- 4.19.12-301 for FC29
- 4.19.10-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.13-200 for FC28
- 4.19.12-200 for FC28
- 4.19.10-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.13-200 for FC28
- 4.19.12-200 for FC28
- 4.19.10-200 for FC28

December 18, 2018: The following changes have been made:

artifacts‑20181213‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm and artifacts‑20181213‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python,‑tools}-20181205-1.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181205-1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
libfwnt{,‑devel,‑python,‑python3}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python,‑python3}-20181215-1.el7.x86_64.rpm , and libfwnt{,‑devel,‑python,‑python3}-20181215-1.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types.
libfwsi{,‑devel,‑python,‑python3}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python}-20181215-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20181215-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
libmsiecf{,‑devel,‑python,‑python3,‑tools}-20181215-1.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python,‑tools}-20181215-1.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python,‑python3,‑tools}-20181215-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libsigscan{,‑devel,‑python,‑python3,‑tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python,‑tools}-20181215-1.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python,‑python3,‑tools}-20181215-1.el7.x86_64.rpm, - Libsigscan is a library and tools used to binary signature scanning.
libsmdev{,‑devel,‑python,‑python3,‑tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python,‑tools}-20181215-1.el6}.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python,‑python3,‑tools}-20181215-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices.
libsmraw{,‑devel,‑python,‑python3,‑tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python,‑tools}-20181215-1.el6.{i686,x86_64}.rpm , and libsmraw{,‑devel,‑python,‑python3,‑tools}-20181215-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libwrc{,‑devel,‑python,‑python3,‑tools}-20181203-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libwrc{,‑devel,‑python,‑python3,‑tools}-20181203-1.el7.x86_64.rpm, and libwrc{,‑devel,‑python,‑tools}-20181203-1.el6.{i686,x86_64}.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
libevtx{,‑devel,‑python,‑python3,‑tools}-20181016-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,‑devel,‑python,‑tools}-20181016-1.el6.{i686,x86_64}.rpm, and libevtx{,‑devel,‑python,‑python3,‑tools}-20181016-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libvslvm{,‑devel,‑python,‑python3,‑tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python,‑tools}-20181216-1.el6.{i686,x86_64}.rpm, and libvslvm{,‑devel,‑python,‑python3,‑tools}-20181216-1.el7}.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
dfvfs-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This release is testing APFS support in plaso.
libevt{,‑devel,‑python,‑python3,‑tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,‑devel,‑python,‑tools}-20181216-1.el6.{i686,x86_64}.rpm, and libevt{,‑devel,‑python,‑python3,‑tools}-20181216-1.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libqcow{,‑devel,‑python,‑python3,‑tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python,‑tools}-20181216-1.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python,‑python3,‑tools}-20181216-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libvshadow{,‑devel,‑python,‑python3,‑tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python,‑tools}-20181216-1.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python,‑python3,‑tools}-20181216-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. This version uses the external version of libbfio to support DFF, the Digital Forensics Framework.
silk-ipset{-devel,‑lib,‑tools}-3.18.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and silk-ipset{-devel,‑lib,‑tools}-3.18.0-1.el7.x86_64.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.0‑2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.18.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.9-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes. This package was rebuilt to use silk 3.18.0.
prism-1.2-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This package was rebuilt to use silk 3.18.0.
super_mediator-1.6.0-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use silk 3.18.0.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.9-300 for FC29
- 4.19.8-300 for FC29
- 4.19.7-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.9-300 for FC29
- 4.19.8-300 for FC29
- 4.19.7-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.8-200 for FC28
- 4.19.7-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.8-200 for FC28
- 4.19.7-200 for FC28

December 7, 2018: The following changes have been made:

libregf{,‑devel,‑python,‑python3,‑tools}-20181129-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python,‑tools}-20181129-1.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python,‑python3,‑tools}-20181129-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
dfvfs-20181202-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This release is testing APFS support in plaso.
libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181205-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python,‑tools}-20181205-1.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181205-1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
libfixbuf{,‑devel}-2.2.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
pyfixbuf-0.6.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.2-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version. This version was rebuilt for libfixbuf-2.2.0.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.2‑6.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.2‑6.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This version was rebuilt for libfixbuf-2.1.0.
libschemaTools{,‑devel}-1.3-3-{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 2.2.0.
analysis-pipeline-5.9-2.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes. This package was rebuilt to use libfixbuf 2.2.0.
super_mediator-1.6.0-4.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This package was rebuilt to use libfixbuf 2.2.0.
yaf{,‑devel}-2.10.0-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring. This package was rebuilt to use libfixbuf 2.2.0.
lime-kernel-modules-1.1.r17-15.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 29 x86_64 and i386 architectures was added.
fmem-kernel-modules-1.6-1.15.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 29 x86_64 and i386 architectures was added.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.6-300 for FC29
- 4.19.5-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.6-300 for FC29
- 4.19.5-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.6-200 for FC28
- 4.19.5-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.6-200 for FC28
- 4.19.5-200 for FC28
fmem-kernel-modules-el7-x86_64-1.6-1.47.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-957.1.3 for EL7
- 3.10.0-957 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-47.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-957.1.3 for EL7
- 3.10.0-957 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.49.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.9.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-49.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.9.1 for EL6

November 29, 2018: The following changes have been made:

pfring-7.2.0-2285.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2285.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libbde{,‑devel,‑python,‑python3,‑tools}-20181124-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20181124-1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20181124-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181125-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python,‑tools}-20181125-1.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181125-1.el7.x86_64.rpm - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
libqcow{,‑devel,‑python,‑python3,‑tools}-20181124-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python,‑tools}-20181124-1.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python,‑python3,‑tools}-20181124-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libvhdi{,‑devel,‑python,‑python3,‑tools}-20181125-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python,‑tools}-20181125-1.el6.{i686,x86_64}.rpm , and libvhdi{,‑devel,‑python,‑python3,‑tools}-20181125-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libvmdk{,‑devel,‑python,‑python3,‑tools}-20181124-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python,‑tools}-20181124-1.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python,‑python3,‑tools}-20181124-1.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
libregf{,‑devel,‑python,‑python3,‑tools}-20181127-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,‑devel,‑python,‑tools}-20181127-1.el6.{i686,x86_64}.rpm, and libregf{,‑devel,‑python,‑python3,‑tools}-20181127-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files.
dfvfs-20181128-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This release is testing APFS support in plaso.
super_mediator-1.6.0-3.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. This release - 3 - was built to properly support SiLK IPSet support, allowing the IN_LIST and NOT_IN_LIST operators in filters. Thanks to Braden Licastro of the IT department at the Software Engineering Institute for requesting SiLK IPSet support and for testing the updated packages on RHEL 6.
libscca{,‑devel,‑python,‑python3,‑tools}-20181128-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm, and libscca{,‑devel,‑python,‑python3,‑tools}-20181128-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format.
dtfabric-20181128-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and dtfabric-20181128-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
libexe{,‑devel,‑python,‑python3,‑tools}-20181128-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libexe{,‑devel,‑python,‑tools}-20181128-1.el6.{i686,x86_64}.rpm, and libexe{,‑devel,‑python,‑python3,‑tools}-20181128-1.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.4-300 for FC29
- 4.19.3-300 for FC29
- 4.19.2-301 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.4-300 for FC29
- 4.19.3-300 for FC29
- 4.19.2-301 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.4-200 for FC28
- 4.19.3-200 for FC28
- 4.19.2-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.4-200 for FC28
- 4.19.3-200 for FC28
- 4.19.2-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.19-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.19-100 for FC27

November 20, 2018: The following changes have been made:

pfring-7.2.0-2239.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2239.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libqcow{,‑devel,‑python,‑python3,‑tools}-20181117-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python,‑tools}-20181117-1.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python,‑python3,‑tools}-20181117-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libvhdi{,‑devel,‑python,‑python3,‑tools}-20181118-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python,‑tools}-20181118-1.el6.{i686,x86_64}.rpm, and libvhdi{,‑devel,‑python,‑python3,‑tools}-20181118-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
libbde{,‑devel,‑python,‑python3,‑tools}-20181117-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20181117-1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20181117-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libvmdk{,‑devel,‑python,‑python3,‑tools}-20181118-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python,‑tools}-20181118-1.el6.{i686,x86_64}.rpm, and libvmdk{,‑devel,‑python,‑python3,‑tools}-20181118-1.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
Volatility-2.6-5.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6 that has been patched to November 19, 2018. You can read about this version here Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.19.2-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.19.2-300 for FC29

November 16, 2018: The following changes have been made:

pfring-7.2.0-2232.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2232.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181110-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,‑devel,‑python,‑tools}-20181110-1.el6.{i686,x86_64}.rpm, and libfsapfs{,‑devel,‑python,‑python3,‑tools}-20181110-1.el7.x86_64.rpm, - libfsapfs is a library to access the Apple File System (APFS). Note that this project currently only focuses on the analysis of the format.
CERT-Forensics-Tools-1.0-82.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-82.el7.x86_64.rpm - The changes since the last release (1.0-81) are the following:
- The libapfs-tools package is installed.
rekall-1.7.2.1-{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm - Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in peer reviewed papers.

Note that this package has been installed in the forensics-test repository for now. To install rekall on your system, you first need to enable this repository by running this command for Fedora:
sudo dnf config‑manager ‑‑set‑enabled forensics‑test
or this command for CentOS/RHEL:
sudo yum‑config‑manager ‑‑enable forensics‑test
Please report any problems with rekall to

Please note that the installation of all of these ancillary packages neede by rekall use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
autopsy-4.9.1-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and autopsy-4.9.1-1.el7.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Note that autopsy has been promoted from the forensics-test repository.

In addition, the Java™ Platform, Standard Edition Development Kit (JDK™) from Oracle also needs to be installed before running autopsy. That package can be found here. Testing has been verified to work with JDK 8, update 191.
coreutilsshim-1.0-1.fc29.noarch.rpm - CoreutilsShim is a package that resolves dependencies from changes to the coreutils package for Fedora 29.
sleuthkit{,‑devel,‑libs}-4.6.4-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.6.3) released to this repository.
apfs-fuse-20181116-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20181116-1.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.

Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.18-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.18-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.18-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.18-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.18-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.18-100 for FC27

November 12, 2018: The following changes have been made:

pfring-7.2.0-2229.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2229.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
packetexaminer-0.9-4.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm - PacketExaminer is a harness to perform PCAP analysis. In this release, the packages needed to support the --graph, --url, --netmap, and --timeseries command line options are now installed by default. Furthermore, the previously required scapy and prettytable packages have been similarly replaced. Please note that the installation of all of these ancillary packages uses the pip3 program. Insure that pip3 works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.

November 9, 2018: The following changes have been made:

pfring-7.2.0-2226.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2226.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
xmount-0.7.6-3.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - Xmount is a tool that allows you to convert on-the-fly between multiple input and output harddisk image types.
cutter-1.7.2-2.{fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and cutter-1.7.2-2.el7.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. This version of cutter is based on the code dated 2018-11-08 which was built to embed radare2 version 2.6.0 in it.
CERT-Forensics-Tools-1.0-81.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-81.el7.x86_64.rpm - The changes since the last release (1.0-78) are the following:
- Umit replaces nmap-frontend for Fedora systems.
- wireshark-gnome is not installed on Fedora 29-based systems because this package is not provided by RedHat.
- Cutter replaces bokken for Fedora 26 through 29 systems and for CentOS/RHEL 7 systems. In addition, python-radare2 has also been obsoleted on Fedora 26 through 29 systems and for CentOS/RHEL 7 systems since it is no longer needed and incompatible with the latest version of radare2 on Fedora systems.
- The PacketExaminer package is installed.
python{2,3}-scapy-2.4.0-4.{fc23,fc24,fc25,el7}.noarch.rpm - Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.
python{,3}-prettytable-0.7.2-3.el7.noarch.rpm - Python-PrettyTable is a simple Python library designed to make it quick and easy to represent tabular data in visually appealing ASCII tables. It was inspired by the ASCII tables used in the PostgreSQL shell psql. PrettyTable allows for selection of which columns are to be printed, independent alignment of columns (left or right justified or centred) and printing of “sub-tables” by specifying a row range.
packetexaminer-0.9-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm - PacketExaminer is a harness to perform PCAP analysis that a security engineer may do during an incident response or when looking at network security. The author found that they were frequently using a collection of tools and techniques again and again and thought it would be helpful to create a program that would do this. This hopefully automates some routine functions that one would do manually.
examiner-tooldocumentation-1.18-8.el7.noarch.rpm - The following packages were updated to added to the documetation suite found on the desktop:
- packetexaminer
and the following packages were removed:
- bokken
Once this package has been updated, run the following command:
sudo manage-examiner-login -S -v
to install these changes in the examiner's desktop.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.17-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.17-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.17-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.17-200 for FC28

November 5, 2018: The following changes have been made:

pfring-7.2.0-2215.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2215.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libmdmp{,‑devel,‑tools}-20181031-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Libmdmp is a library to access the Windows Minidump (MDMP) format. Note that this project currently only focuses on the analysis of the format.
libhibr{,‑devel,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - libhibr is a lbrary and tools to access the Windows Hibernation File (hiberfil.sys) format. Note that this project currently only focuses on the analysis of the format.
libfshfs{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm and libfshfs{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format.
libmodi{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm and libmodi{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libmodi is a lbrary and tools to access the Mac OS disk image formats.
libfsext{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libfsext{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT). Note that this project currently only focuses on the analysis of the format.
libnk2{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm and libnk2{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libnk2 is a lbrary and tools to access Microsoft Outlook Nickfile (NK2) format files.
libphdi{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm and libphdi{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libphdi is a library to access the Parallels Hard Disk image format.
libexe{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libexe{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm , and libexe{,‑devel,‑python,‑python3,‑tools}-20181101-1.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format.
libwtcdb{,‑devel,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm libwtcdb{,‑devel,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libwtcdb is a library and tools to access the Windows (Vista/7) Explorer thumbnail cache database format (thumbcache.db).
libagdb{,‑devel,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Libagdb is a library to access the SuperFetch database format.
libcreg{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm and libcreg{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
libscca{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,‑devel,‑python,‑tools}-20181101-1.el6.x86_64.rpm , libscca{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. See here for the list of changes.
libfsntfs{,‑devel,‑python,‑python3,‑tools}-20181101-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python,‑tools}-20181101-1.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python,‑python3,‑tools}-20181101-1.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).

Fedora 29 - The repository now supports Fedora 29 for the x86_64 and i386 CPU architectures. Here is the list of tools provided for Fedora 29:

2hash
acr
aeskeyfind
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bokken
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dcfldd
dd_rescue
ddrescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
dtfabric
efilter-1
eindeutig
epub
exfat-utils
fatback
fcrackzip
fmem-kernel-modules
fred
fundl
galleta
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser

hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
jafat
KHracker
kracked
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi
libqcow
libregf
libscca
libschemaTools
libsigscan

libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
protobuf-c
pstotext
ptfinder
ptk
pyew
python-apsw
python-biplist
python-construct
python-dpapick
python-elasticsearch5
python-elasticsearch
python-haystack
python-ioc_writer
python-pefile
python-pycoin
python-radare2
python-rarfile
python-registry
python-ssdeep

pytsk3
qtmltfs
radare2
radare
rar
registrydecoder
reglookup
regripper
regripper-plugins
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
splunk
ssdeep
stegdetect
super_mediator
tln_tools
undbx
unrar
untex
vala
valabind
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xlsxwriter
xmount
xplico
yaf
zeromq3

radare2{,‑devel,‑common}-2.9.0-1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
python-radare2-2.9.0-1.el7.x86_64.rpm - Python-Radare are bindings that allow Radare to be used from Python. These updates were made to keep pace with the Radare2 package installed in CentOS/RHEL 7.
dtfabric-20181103-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and dtfabric-20181103-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
python‑dfdatetime-20181025-1.{fc23,fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
splunk-7.2.0-8c86330ac18-linux-2.6-x86_64.rpm and splunk-7.2.0-8c86330ac18.i386.rpm - This version of Splunk was added to the Splunk repository for Fedora through 29 and Fedora 6 and 7 for the i386 and x86_64 architectures. Follow these instructions after upgrading to this version. Make sure that you following these instruction after upgrading but before rebooting. If you do not following these instructions your system may hang when it reboots.
splunkshim-1.0-1.fc29.noarch.rpm - SplunkShim is a package that resolves dependencies from changes to the coreutils package for Fedora 29.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.16-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.16-100 for FC27

October 26, 2018: The following changes have been made:

pfring-7.2.0-2205.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2205.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
apfs-fuse-20181022-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20181008-1.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.

Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
xlsxwriter-1.1.2-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and xlsxwriter-1.1.2-1.el7.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.0.8).
autopsy-4.9.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and autopsy-4.9.0-1.el7.x86_64.rpm - Autopsy^® is a digital forensics platform and graphical interface to The Sleuth Kit^® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

Note that this package has been installed in the forensics-test repository for now. To install autopsy on your system, you first need to enable this repository by running this command for Fedora: sudo dnf config‑manager ‑‑set‑enabled forensics‑test or this command for CentOS/RHEL: sudo yum‑config‑manager ‑‑enable forensics‑test.

In addition, the Java™ Platform, Standard Edition Development Kit (JDK™) from Oracle also needs to be installed before running autopsy. That package can be found here. Testing has been verified to work with JDK 8, update 191.

If you encounter problems with this version of autopsy, please send an email to:
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.15-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.15-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.15-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.15-100 for FC27

October 19, 2018: The following changes have been made:

snort-2.9.12-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version. This release was built to use PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
snort-sample-rules-2.9.12-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.12-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- Here is the OpenAppId Detector Developer Guide .
To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
This release was built to use PF_Ring for CentOS/RHEL 6 and 7 for the x86_64 architecture.
Volatility-2.6-4.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6 that has been patched to October 15, 2018. You can read about this version here Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
sleuthkit{,‑devel,‑libs}-4.6.3-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.6.2) released to this repository.
regripper-plugins-20181017-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.noarch.rpm - Regripper-plugins are the plugins packaged separately from the regripper application. This package is taken from the plugins directory at the Github source code site as of 2018-10-17.
python-certifi-2018.10.15-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This package was supports plaso.
pfring-7.2.0-2190.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2190.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.14-200 for FC28
- 4.18.13-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.14-200 for FC28
- 4.18.13-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.13-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.13-100 for FC27

October 11, 2018: The following changes have been made:

apfs-fuse-20181008-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20181008-2.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.

Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
exfat-utils-1.3.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems. See here for the list of changes since the last released version (1.2.8).
pfring-7.2.0-2174.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2174.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
cutter-1.7.2-1.{fc26,fc27,fc28,el7}.x86_64.rpm - Cutter is a Qt and C++ GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable, and FOSS (free and open-source software) reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers.
libbfio,{-devel}-20180910-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i386,x86_64}.rpm - Libbfio is a library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff. It is used to chain I/O to support file-in-file access. See here for the list of changes.
libqcow{,‑devel,‑python,‑python3,‑tools}-20180831-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python,‑tools}-20180831-1.el6.{i686,x86_64}.rpm , and libqcow{,‑devel,‑python,‑python3,‑tools}-20180831-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. See here for the list of changes.
CERT-Forensics-Tools-1.0-78.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-78.el7.x86_64.rpm - This package was updated to add the cutter package for Fedora 26 through 28 for the x86_64 architecture and CentOS/RHEL 7 for the x86_64 architecture.
examiner-tooldocumentation-1.18-7.el7.noarch.rpm - This package was updated to add the following programs to the documetation suite found on the desktop:
- cutter
Once this package has been updated, run sudo manage-examiner-login -S -v to install these changes in the examiner's desktop.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.12-200 for FC28
- 4.18.11-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.12-200 for FC28
- 4.18.11-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.11-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.11-100 for FC27
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.48.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.6.3 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-48.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.6.3 for EL6

October 5, 2018: The following changes have been made:

sleuthkit{,‑devel,‑libs}-4.6.2-2.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.6.0) released to this repository.
pfring-7.2.0-2167.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2167.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.10-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.10-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.10-100 for FC27
- 4.18.9-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.10-100 for FC27
- 4.18.9-100 for FC27
fmem-kernel-modules-el7-x86_64-1.6-1.46.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-862.14.4 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-46.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-862.14.4 for EL7

October 2, 2018: The following changes have been made:

plaso-20180930-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and plaso-20180930-1.el7.x86_64.rpm - Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 23, 24, 25, 26, 27, and 28 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
python-radare2-2.9.0-1.{fc27,fc28}.{i686,x86_64}.rpm - Python-Radare are bindings that allow Radare to be used from Python. These updates were made to keep pace with the Radare2 package installed in Fedora 27 and 28.

September 28, 2018: The following changes have been made:

pfring-7.2.0-2163.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2163.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.9-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.9-200 for FC28

September 21, 2018: The following changes have been made:

pfring-7.2.0-2154.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2154.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.8-200 for FC28
- 4.18.7-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.8-200 for FC28
- 4.18.7-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.7-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.7-100 for FC27

September 15, 2018: The following changes have been made:

yara-python-3.8.1-1.x86_64.el7.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in CentOS/RHEL 7.

September 14, 2018: The following changes have been made:

pfring-7.2.0-2150.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2150.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.18.5-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.18.5-200 for FC28

September 7, 2018: The following changes have been made:

pfring-7.2.0-2133.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2133.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
dfvfs-20180831-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
pyfixbuf-0.5.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.19-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.19-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.19-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.19-100 for FC27

August 30, 2018: The following changes have been made:

artifacts‑20180827‑1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm and artifacts‑20180827‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
xlsxwriter-1.0.8-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and xlsxwriter-1.0.8-1.el7.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.0.5).
python-certifi-2018.8.24-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This package was built to support plaso.
dfvfs-20180827-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
pfring-7.2.0-2128.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2128.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.18-200 for FC28
- 4.17.17-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.18-200 for FC28
- 4.17.17-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.17-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.17-100 for FC27

August 24, 2018: The following changes have been made:

pfring-7.2.0-2113.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2113.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python-elasticsearch5-5.5.5-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm - ElasticSearch5 is a low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
python-elasticsearch-6.3.1-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and python-elasticsearch-6.3.1-1.el7.x86_64.rpm - ElasticSearch is the official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
python-setuptools_scm-1.15.7-2.el7.x86_64.rpm - Python-Setuptools_scm is a package that handles managing your python package versions in scm metadata. It also handles file finders for the suppertes scms. This package was required to build LZ4 for CentOS/RHEL 7.
python-lz4-0.10.0-1.{fc25,fc24,fc23}.{i386,x86_64}.rpm and python-lz4-0.10.0-1.el7.x86_64.rpm - LZ4 contains the python bindings for the lz4 compression library. This package was built for CentOS/RHEL 7 to support Plaso
plaso-20180818-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and plaso-20180818-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 23, 24, 25, 26, 27, and 28 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.

August 17, 2018: The following changes have been made:

pfring-7.2.0-2096.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2096.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.14-202 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.14-202 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.14-102 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.14-102 for FC27
fmem-kernel-modules-el7-x86_64-1.6-1.45.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-862.11.6 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-45.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-862.11.6 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.47.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.3.5 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-47.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.3.5 for EL6

August 10, 2018: The following changes have been made:

libbde{,‑devel,‑python,‑python3,‑tools}-20180806-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20180806-1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20180806-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
dtfabric-20180808-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and dtfabric-20180808-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
python{2,3}-pefile-2018.8.8-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - PEFile is a Portable Executable reader module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.11-200 for FC28
- 4.17.12-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.11-200 for FC28
- 4.17.12-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.12-100 for FC27
- 4.17.11-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.12-100 for FC27
- 4.17.11-100 for FC27

August 3, 2018: The following changes have been made:

pfring-7.2.0-2083.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2083.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
apfs-fuse-20180731-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20180731-2.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.

Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
libpff{,‑devel,‑python,‑python3,‑tools}-20180714-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm , libpff{,‑devel,‑python,‑python3,‑tools}-20180714-1.el7.x86_64.rpm , and libpff{,‑devel,‑python,‑tools}-20180714-1.{i686,x86_64}.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Libpff is used by DFF,the Digital Forensics Framework.
libvsmbr{,‑devel,‑python,‑python3,‑tools}-20180731-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm , libvsmbr{,‑devel,‑python,‑python3,‑tools}-20180731-1.el7.x86_64.rpm, and libvsmbr{,‑devel,‑python,‑tools}-20180731-1.el6.{i686,x86_64}.rpm - Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system.
plaso-20180703-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and plaso-20180703-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 23, 24, 25, 26, 27, and 28 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.9-200 for FC28
- 4.17.7-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.9-200 for FC28
- 4.17.7-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.9-100 for FC27
- 4.17.7-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.9-100 for FC27
- 4.17.7-100 for FC27

July 20, 2018: The following changes have been made:

libfwsi{,‑devel,‑python,‑python3}-20180630-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python}-20180630-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20180630-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
plaso-20180630-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and plaso-20180630-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 23, 24, 25, 26, 27, and 28 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
pfring-7.2.0-2060.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2060.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python‑dfdatetime-20180704-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
dtfabric-20180707-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and dtfabric-20180707-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
dfwinreg‑20180712‑1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and dfwinreg‑20180712‑1.{el6,el7}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
dfvfs-20180703-1.{fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
libfixbuf{,‑devel}-2.1.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
pyfixbuf-0.4.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases. This package was rebuilt to use libfixbuf 2.1.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.2-3.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version. This version was rebuilt for libfixbuf-2.1.0.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.2‑4.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.2‑4.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This version was rebuilt for libfixbuf-2.1.0.
libschemaTools{,‑devel}-1.3-2-{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 2.1.0.
analysis-pipeline-5.8-2.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use libfixbuf 2.1.0.
super_mediator-1.6.0-2.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 2.1.0.
yaf{,‑devel}-2.10.0-2.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring. This package was rebuilt to use libfixbuf 2.1.0.
apfs-fuse-20180720-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20180720-2.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.6-200 for FC28
- 4.17.5-200 for FC28
- 4.17.4-200 for FC28
- 4.17.3-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.6-200 for FC28
- 4.17.5-200 for FC28
- 4.17.4-200 for FC28
- 4.17.3-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.6-100 for FC27
- 4.17.5-100 for FC27
- 4.17.3-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.6-100 for FC27
- 4.17.5-100 for FC27
- 4.17.3-100 for FC27
fmem-kernel-modules-el7-x86_64-1.6-1.44.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-862.9.1 for EL7
- 3.10.0-862.6.3 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-44.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-862.9.1 for EL7
- 3.10.0-862.6.3 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.46.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-754.2.1 for EL6
- 2.6.32-754 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-46.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-754.2.1 for EL6
- 2.6.32-754 for EL6

June 29, 2018: The following changes have been made:

pfring-7.2.0-2043.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2043.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
The following where installed because they were missing. This prevented dff and CERT-Forensics-Tools from being installed on Fedora 23.
- x264-libs-0.148-1.20151020gita0cd7d3.fc23.x86_64.rpm
- x265-libs-1.8-1.fc23.x86_64.rpm
- xvidcore-1.3.4-2.fc23.x86_64.rpm
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.2-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.2‑2.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.2‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
artifacts‑20180628‑1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and artifacts‑20180628‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libfwsi{,‑devel,‑python,‑python3}-20180623-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python}-20180623-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20180623-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format.
liblnk{,‑devel,‑python,‑python3,‑tools}-20180626-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python,‑tools}-20180826-1.el6.{i686,x86_64}.rpm, and liblnk{,‑devel,‑python,‑python3,‑tools}-20180626-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.17.2-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.17.2-200 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.16-200 for FC27
- 4.17.2-100 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.16-200 for FC27
- 4.17.2-100 for FC27

June 22, 2018: The following changes have been made:

Volatility-2.6-3.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6 that has been patched to June 15, 2018. You can read about this version here Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
pfring-7.2.0-2026.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2026.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.16-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.16-300 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.15-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.15-200 for FC27
fmem-kernel-modules-el7-x86_64-1.6-1.43.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-862.3.3 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-43.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-862.3.3 for EL7

June 15, 2018: The following changes have been made:

pfring-7.2.0-2003.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.2.0-2003.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
pyfixbuf-0.3.0-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases. This package was rebuilt to use libfixbuf 2.0.0.
python-dfdatetime-20180606-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
dtfabric-20180604-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and dtfabric-20180604-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
ssdeep-2.14.1-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Ssdeep is a program for computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. See here for the list of changes.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.15-300 for FC28
- 4.16.14-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.15-300 for FC28
- 4.16.14-300 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.14-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.14-200 for FC27

June 8, 2018: The following changes have been made:

apfs-fuse-20180604-2.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20180604-2.el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. In this version the assembly language code was removed and replaced by zlib and lzfse.
libluksde{,‑devel,‑python2,‑python3,‑tools}-20180514-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm , libluksde{,‑devel,‑python2,‑python3,‑tools}-20180514-1.el7.x86_64.rpm, and libluksde{,‑devel,‑python,‑tools}-20180514-1.el6.{i686,x86_64}.rpm - Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes. See here for the list of changes.
radare2{,‑devel}-2.7.0-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and radare2{,‑devel}‑2.7.0‑1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
python-radare2-2.6.0-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and python‑radare2‑2.6.0‑1.el7.x86_64.rpm - Python-Radare are bindings that allow Radare to be used from Python.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.13-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.13-300 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.13-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.13-200 for FC27

June 1, 2018: The following changes have been made:

pfring-7.0.0-1976.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1976.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.12-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.12-300 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.12-200 for FC27
- 4.16.11-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.12-200 for FC27
- 4.16.11-200 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.11-100 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.11-100 for FC26
libfixbuf{,‑devel}-2.0.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
libschemaTools{,‑devel}-1.3-1-{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 2.0.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.17.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.1‑2.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.17.1‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
silk-ipset{-devel,‑lib,‑tools}-3.17.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
prism-1.2-4.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This is a new release keeping up with the latest SiLK 3 tools.
super_mediator-1.6.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the list of changes for this release.
yaf{,‑devel}-2.10.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that for CentOS 6 and 7 for the x86_64 architecture, yaf has been built to use PF_Ring.
analysis-pipeline-5.8-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.17.1 and libfixbuf 2.0.0.

May 27, 2018: The following changes have been made:

pfring-7.0.0-1970.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1970.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
dtfabric-20180522-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and dtfabric-20180522-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
xlsxwriter-1.0.5-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6}.{i686,x86_64}.rpm and xlsxwriter-1.0.5-1.el7.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.0.4).
python‑biplist-1.0.3-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and python‑biplist-1.0.3-1.el7.x86_64.rpm - Biplist is a library for reading/writing binary plists. Binary Property List (plist) files provide a faster and smaller serialization format for property lists on OS X. This is a library for generating binary plists which can be read by OS X, iOS, or other clients.
python-elasticsearch5-5.5.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el7}.{i686,x86_64}.rpm - ElasticSearch5 is a low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable. For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py. It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure while exposing the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions. It also provides an optional persistence layer for working with documents as Python objects in an ORM-like fashion: defining mappings, retrieving and saving documents, wrapping the document data in user-defined classes.
python{2,3}-psutil-5.4.3-4.{fc23,fc24,fc25}.{i686,x86_64}.rpm , python2-psutil-5.4.3-4.fc22.{i686,x86_64}.rpm, and python2-psutil-5.4.3-4.el7}.x86_64.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python. This package was built to support plaso.
plaso-20180524-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and plaso-20180524-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 22, 23, 24, 25, 26, 27, and 28 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.11-300 for FC28
- 4.16.10-300 for FC28
- 4.16.9-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.11-300 for FC28
- 4.16.10-300 for FC28
- 4.16.9-300 for FC28
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.9-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.9-200 for FC27
fmem-kernel-modules-el7-x86_64-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-862.3.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-862.3.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.45.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.30.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-45.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.30.1 for EL6

May 18, 2018: The following changes have been made:

pfring-7.0.0-1949.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1949.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python-dfdatetime-20180510-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
dfvfs-20180510-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
artifacts‑20180505‑1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and artifacts‑20180505‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
dfwinreg-20180329-1.{fc22,fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and dfwinreg-20180329-1.{el6,el7}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
icu-57.1-9.1.fc27.{i686,x86_64}.rpm , libicu{,‑devel}-57.1-9.1.fc27.{i686,x86_64}.rpm , and libicu-doc-57.1-9.1.fc27.noarch.rpm - ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. ICU is widely portable and gives applications the same results on all platforms and between C/C++ and Java software. Note that there is a bug in the Fedora-provided version for Fedora 27 that is explained and patched here. This patch has been applied in version 9.1 of this package. ICU is needed for the QTMLTFS package.
qtmltfs-2.2.2-2.{fc28,fc27,fc23,fc22,el6,el7}.{i686,x86_64}.rpm - QTMLTFS (Quantum Linear Tape File System) enables standard file operations on LTO-5 and LTO-6 tape media. Note that this packages is not available for Fedora 24 through 26 due to problems with ICU package.
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.8-300 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.8-300 for FC28
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.7-100 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.7-100 for FC26
fmem-kernel-modules-el7-x86_64-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-862.2.3 for EL7
- 3.10.0-862 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-862.2.3 for EL7
- 3.10.0-862 for EL7

May 11, 2018: The following changes have been made:

pfring-7.0.0-1926.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1926.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libnk2{,‑devel,‑python,‑python3,‑tools}-20180503-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm and libnk2{,‑devel,‑python,‑tools}-20180503-1.el6.{i686,x86_64}.rpm - Libnk2 is a lbrary and tools to access Microsoft Outlook Nickfile (NK2) format files.
libscca{,‑devel,‑python,‑python3,‑tools}-20180509-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libscca{,‑devel,‑python,‑tools}-20180509-1.el6.x86_64.rpm , and libscca{,‑devel,‑python,‑python3,‑tools}-20180509-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. See here for the list of changes.

Fedora 28 - The repository now supports Fedora 28 for the x86_64 and i386 CPU architectures. Here is the list of tools provided for Fedora 28:

2hash
acr
aeskeyfind
analysis-pipeline
analyzeMFT
apfs-fuse
artifacts
ataraw
autopsy
bencode
binplist
bokken
bro
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
dd_rescue
ddrescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
dtfabric
efilter-1
eindeutig
epub
exfat-utils
fatback
fcrackzip
fmem-kernel-modules
fred
fundl
galleta
ghostpdl
grokevt
guymager

hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
jafat
KHracker
kracked
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi
libqcow

libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
python-apsw
python-construct
python-dpapick
python-haystack
python-ioc_writer
python-pycoin
python-radare2
python-rarfile
python-registry
python-ssdeep

pytsk3
radare2
radare
rar
registrydecoder
reglookup
regripper
regripper-plugins
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-openappid
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
undbx
unrar
untex
vala
valabind
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xlsxwriter
xmount
xplico
yaf
zeromq3

lime-kernel-modules-1.1.r17-14.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 28 x86_64 and i386 architectures was added.
fmem-kernel-modules-1.6-1.14.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 28 x86_64 and i386 architectures was added.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.16.7-200 for FC27
- 4.16.6-202 for FC27
- 4.16.5-200 for FC27
- 4.16.4-200 for FC27
- 4.16.3-200 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.16.7-200 for FC27
- 4.16.6-202 for FC27
- 4.16.5-200 for FC27
- 4.16.4-200 for FC27
- 4.16.3-200 for FC27
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.44.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.28.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-44.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.28.1 for EL6

April 27, 2018: The following changes have been made:

pfring-7.0.0-1887.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1887.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
apfs-fuse-20180424-1.{fc24,fc25,fc26,fc27,el7}.{i386,x86_64}.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. See here for a list of the changes since the last version (20180303).
aimage-3.2.5-3.{el6,el7}.{i386,x86_64}.rpm - Aimage (the advanced imager) is an imaging tool which is part of AFF, the Advanced Forensic Format. Aimage can create files in raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. Aimage can optionally compress and calculate MD5 or SHA-1 hash residues while the data is being copied. It has intelligent error recovery, similar to what is in ddrescue.
CERT-Forensics-Tools-1.0-76.{fc22,fc23,fc24,fc25,fc26,fc27,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-76.el7.x86_64.rpm - This package was updated to add the apfs-fuse package to the systems where it is supported. This releasae also installs aimage, libluksde, and libluksde-tools for CentOS/RHEL 7, and aimage for CentOS/RHEL 6.
examiner-tooldocumentation-1.18-6.el7.noarch.rpm - This package was updated to add the following programs to the documetation suite found on the desktop:
- aimage
- apfs-dump-quick
- apfs-dump
- apfs-fuse
- luksdeinfo
- luksdemount
- lzfse
- partclone.f2fs
- psteal.py
- usnjls
Once this package has been updated, run sudo manage-examiner-login -S -v to install these changes in the examiner's desktop.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.17-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.17-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.17-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.17-200 for FC26

April 20, 2018: The following changes have been made:

libfwsi{,‑devel,‑python,‑python3}-20180408-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python}-20180408-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20180408-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. Here are the changes:
- Improved Python bindings
- Fixed issues in m4/libclocale.m4
- Made changes to setup.py for sdist
- Applied updates
- Worked on tests
- Made changes to URI and URI sub shell items
xlsxwriter-1.0.4-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6}.{i686,x86_64}.rpm and xlsxwriter-1.0.4-1.el7.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more. See here for a list of the changes since the last version (1.0.2).
pfring-7.0.0-1846.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1846.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.16-300 for FC27
- 4.15.15-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.16-300 for FC27
- 4.15.15-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.16-200 for FC26
- 4.15.15-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.16-200 for FC26
- 4.15.15-200 for FC26

April 10, 2018: The following changes have been made:

pfring-7.0.0-1833.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1833.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

April 6, 2018: The following changes have been made:

cert-forensics-tools-release-{6,7,22,23,24,25,26,27}-13.noarch.rpm - cert-forensics-tools-release is the package that connects a Fedora- and CentOS/RHEL-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR). This package has been changed to include a new Forensics team key which is also available here.
pfring-7.0.0-1826.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1826.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.14-300 for FC27
- 4.15.13-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.14-300 for FC27
- 4.15.13-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.14-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.14-200 for FC26

April 2, 2018: The following changes have been made:

yara-python-3.7.1-1.x86_64.el6.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in CentOS/RHEL 6.

March 30, 2018: The following changes have been made:

dtfabric-20180325-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and dtfabric-20180325-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
dfvfs-20180326-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
pfring-7.0.0-1816.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1816.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
sleuthkit{,‑devel,‑libs}-4.6.0-3.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.5.0) released to this repository. In this release, the file /usr/share/java/sleuthkit-4.6.0.jar was moved from sleuthkit-devel to sleuthkit.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.12-301 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.12-301 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.12-201 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.12-201 for FC26

March 26, 2018: The following changes have been made:

bro{,‑core,ctl}-2.5.3-1.2.el7.x86_64.rpm and libbroccoli{,‑devel}-2.5.3-1.2.el7.x86_64.rpm - Bro was recomplied for CentOS/RHEL 7 to use PF_Ring. See the instructions here that explains this capability. Note that since PF_Ring does not support Fedora, Bro for those systems were not recompiled.

March 23, 2018: The following changes have been made:

libevt{,‑devel,‑python,‑python3,‑tools}-20180317-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libevt{,‑devel,‑python,‑tools}-20180317-1.el6.{i686,x86_64}.rpm , and libevt{,‑devel,‑python,‑python3,‑tools}-20180317-1.el7.x86_64.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. See here for the list of changes.
snort-2.9.11.1-2.{el6,el7}.x86_64.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. This release was recomplied to use PF_Ring.
snort-openappid-2.9.11.1-2.{el6,el7}.x86_64.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- Here is the OpenAppId Detector Developer Guide .
To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf
This release was recomplied to use PF_Ring.
python-dfdatetime-20180318-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
bro{,‑core,ctl}-2.5.3-1.1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm and libbroccoli{,‑devel}-2.5.3-1.1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm - Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
pfring-7.0.0-1804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1804.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
guymager-0.8.8-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. See here for the list of changes.
ddrescue-1.23-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. See here for the changes since the last version (1.22) released to this repository.
analyzeMFT-2.0.19.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - AnalyzeMFT is a tool that fully parses the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. See here for the changes since the previously installed version 2.0.19.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.10-300 for FC27
- 4.15.9-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.10-300 for FC27
- 4.15.9-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.10-200 for FC26
- 4.15.9-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.10-200 for FC26
- 4.15.9-200 for FC26

March 16, 2018: The following changes have been made:

silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.16.1-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.16.1‑2.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.16.1‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This package was rebuilt to use libfixbuf 1.8.0.
analysis-pipeline-5.7-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This package was rebuilt to use silk 3.16.1.
silk-ipset{-devel,‑lib,‑tools}-3.16.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.8-300 for FC27
- 4.15.7-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.8-300 for FC27
- 4.15.6-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.7-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.7-200 for FC26
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.43.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.23.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-43.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.23.1 for EL6

March 9, 2018: The following changes have been made:

apfs-fuse-20180303-1.{fc24,fc25,fc26,fc27,el7}.x86_64.rpm - APFS-Fuse is a read-only FUSE driver for the new Apple File System. This is from the README:
Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental. It may not be able to read all files, it may return wrong data, or it may simply crash. Use at your own risk. But since it's read-only, at least the data on your apfs drive should be safe.
dislocker{,‑libs}-0.7.1-1.{el6,el7}.{i686,x86_64}.rpm and fuse-dislocker-0.7.1-1.{el6,el7}.{i686,x86_64}.rpm - Dislocker reads BitLocker encrypted partitions under a Linux system. The driver has the capability to read/write on:
- Windows Vista, 7, 8, 8.1 and 10 encrypted partitions - that's AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser, encrypted partitions;
- BitLocker-To-Go encrypted partitions - that's USB/FAT32 partitions.
The core driver is composed of a library, with multiple binaries (see the NOTES section below) using this library. Two binaries are of interest when wanting to decrypt a BitLocker encrypted partition:
1. dislocker-fuse: binary using FUSE to dynamically decrypt the BitLocker-ed partition. You have to give it a mount point where, once keys are decrypted, a file named dislocker-file appears. This file is a virtual NTFS partition, so you can mount it as any NTFS partition and then read from or write to it. Note that writing to the NTFS virtual file will change the underlying BitLocker partition's content.
2. dislocker-file: binary decrypting a BitLocker encrypted partition into a flat file. This file has to be given through command line and, once dislocker-file is finished, will be an NTFS partition. It won't have any link to the original BitLocker partition. Therefore, if you write to this file, the BitLocker volume won't change, only the NTFS file will. Note that this may take a long time to create that file, depending on the size of the encrypted partition. But afterward, once the partition is decrypted, the access to the NTFS partition will be faster. Another thing to think about is the size on your disk this binary needs: the same size as the volume you're trying to decrypt. Nevertheless, once the partition is decrypted, you can mount your file as any NTFS partition.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.6-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.6-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.6-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.6-200 for FC26
fmem-kernel-modules-el7-x86_64-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-693.21.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-693.21.1 for EL7
pfring-7.0.0-1797.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1797.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

March 1, 2018: The following changes have been made:

pfring-7.0.0-1788.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1788.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.4-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.4-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.4-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.4-200 for FC26
sleuthkit{,‑devel,‑libs}-4.6.0-2.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.5.0) released to this repository.
pytsk3-20180228-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit.
yara-python-3.7.1-1.x86_64.el7.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in CentOS/RHEL 7.

February 21, 2018: The following changes have been made:

fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.3-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.3-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.15.3-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.15.3-200 for FC26

February 16, 2018: The following changes have been made:

exfat-utils-1.2.8-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems. See here for the list of changes since the last released version (1.2.7).
ddrescueview-0.4.a3-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm - Ddrescueview is a small tool that allows the user to graphically examine ddrescue's log files in a user friendly GUI application. The Main window displays a block grid with each block's color representing the block types it contains. Many people know this type of view from defragmentation programs. The program is written in Object Pascal using the Lazarus IDE.
libfplist{,‑devel}-20180125-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Libfplist is a library for plist formats. Note: this is a library only - there are no tools provided by these packages.
libfwevt{,‑devel}-20180124-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Libfwevt is a library for Windows XML Event Log (EVTX) data types. Note: this is a library only - there are no tools provided by these packages.
radare2{,‑devel}-2.3.0-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and radare2{,‑devel}‑2.3.0‑1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
acr-1.4-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - ACR tries to replace autoconf functionality generating a full-compatible 'configure' script (runtime flags). But using shell-script instead of m4. This means that ACR is faster, smaller and easy to use.
python-radare2-2.3.0-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and python‑radare2‑2.3.0‑1.el7.x86_64.rpm- Python-Radare are bindings that allow Radare to be used from Python.
pfring-7.0.0-1764.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1764.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.18-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.18-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.18-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.18-200 for FC26

February 9, 2018: The following changes have been made:

fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.16-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.16-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.16-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.16-200 for FC26

February 2, 2018: The following changes have been made:

pfring-7.0.0-1736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1736.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.20.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.20.1 for EL6
python-certifi-2018.1.18-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This package was built to support plaso.
libsmraw{,‑devel,‑python,‑python3,‑tools}-20180123-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python,‑tools}-20180123-1.el6.{i686,x86_64}.rpm, and libsmraw{,‑devel,‑python,‑python3,‑tools}-20180123-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes.
libwrc{,‑devel,‑python,‑python3,‑tools}-20180124-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libwrc{,‑devel,‑python,‑tools}-20180124-1.el6.{i686,x86_64}.rpm , and libwrc{,‑devel,‑python,‑python3,‑tools}-20180124-1.el7.x86_64.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
plaso-20180127-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and plaso-20180127-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 21, 22, 23, 24, 25, 26, and 27 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.

January 26, 2018: The following changes have been made:

pfring-7.0.0-1727.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1727.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.14-300 for FC27
- 4.14.13-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.14-300 for FC27
- 4.14.13-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.14-200 for FC26
- 4.14.13-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.14-200 for FC26
- 4.14.13-200 for FC26
fmem-kernel-modules-el7-x86_64-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-693.17.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-693.17.1 for EL7

January 19, 2018: The following changes have been made:

pfring-7.0.0-1707.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1707.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
artifacts‑20180115‑1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i386,x86_64}.rpm and artifacts‑20180115‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libguytools-2.0.5-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Libguytools is a package of subroutines and header files needed to build and operate guymager. The changes are:
- Moved to Qt5
- Adapted to Debian 8 (Jessie)
guymager-0.8.7-2.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. This release was rebuilt for libguytools-2.0.5 .
libfwnt{,‑devel,‑python,‑python3}-20180117-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python}-20180117-1.el6.x86_64.rpm, and libfwnt{,‑devel,‑python,‑python3}-20180117-1.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. See here for the list of changes.

January 12, 2018: The following changes have been made:

libsmdev{,‑devel,‑python,‑python3,‑tools}-20171112-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python,‑tools}-20171112-1.el6.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python,‑python3,‑tools}-20171112-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
libfvde{,‑devel,‑python,‑python3,‑tools}-20180108-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python,‑tools}-20180108-1.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python,‑python3,‑tools}-20180108-1.el7.x86_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
python-dfdatetime-20180110-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
libfplist{,‑devel}-20180108-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Libfplist is a library for plist formats. Note: this is a library only - there are no tools provided by these packages.
pfring-7.0.0-1684.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1684.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

January 5, 2018: The following changes have been made:

pfring-7.0.0-1677.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1677.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python-dfdatetime-20171228-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
dfvfs-20171230-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
sleuthkit{,‑devel,‑libs}-4.5.0-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.4.2) released to this repository.
pytsk3-20171108-2.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit.
plaso-20171231-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and plaso-20171231-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 21, 22, 23, 24, 25, 26, and 27 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
analysis-pipeline-5.7-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release.
dd_rescue-1.99.8-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Dd_rescue is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue. does however not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors. See here for the changes since the last version (1.99.5) released to this repository.
libodraw{,‑devel,‑tools}-20171105-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm and libodraw{,‑devel,‑tools}-20171105-1.el6.{i686,x86_64}.rpm - Libodraw is a library to access to optical disc (split) RAW image files (bin/cue, iso/cue).
nDPI{,‑devel}-2.3-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.
radare2{,‑devel}-2.2.0-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and radare2{,‑devel}‑2.2.0‑1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
valabind-0.10.0-4.el7.x86_64.rpm - Valabind is a tool to parse vala or vapi files to transform them into swig interface files, C++, NodeJS-ffi, or GIR. With swig, you can create language bindings for any API written in vala or C with a vapi interface. It can also generate bindings for C++. This release was built for CentOS/RHEL 7 to build Python-Radare2 .
python-radare2-2.1.0-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and python‑radare2‑2.2.0‑1.el7.x86_64.rpm- Python-Radare are bindings that allow Radare to be used from Python.
xplico-1.2.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. See here for the changes since the last version (1.2.0) released to this repository.
yaf{,‑devel}-2.9.3-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Volatility-2.6-2.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6 that has been patched to January 2, 2018. You can read about this version here Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
python{2,3}-ssdeep-3.2-1.{fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and python2-ssdeep-3.2-1.{el6,el7}.{i686,x86_64}.rpm - Python-SSDeep is a Python wrapper for ssdeep by Jesse Kornblum, which is a library for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
Volatility-community-plugins-20180102-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/ and to use them you need to specify this location on the command line thusly:
volatility --plugins=/usr/share/volatility/plugins/community ...
Note: The following plugins were removed the el6: BartoszInglot, ESET_Browserhooks, LoicJaquemet, ThomasChopitea, TranVienHa, and YingLi.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.11-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.11-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.11-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.11-200 for FC26
fmem-kernel-modules-el7-x86_64-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-693.11.6 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-693.11.6 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.18.7 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.18.7 for EL6
snort-2.9.11.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
snort-sample-rules-2.9.11.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.11.1-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- Here is the OpenAppId Detector Developer Guide .
To install snort-openappid on your system, you must first remove snort. Here is an example:
if rpm -q --quiet snort; then sudo rpm -ev snort --nodeps; fi sudo dnf install snort-openappid # On CentOS/RHEL, use yum instead of dnf

December 29, 2017: The following changes have been made:

pfring-7.0.0-1664.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1664.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.7-300 for FC27
- 4.14.8-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.7-300 for FC27
- 4.14.8-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.8-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.8-200 for FC26
dfvfs-20171228-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.

December 21, 2017: The following changes have been made:

fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.5-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.5-200 for FC26
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.6-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.6-200 for FC26
dfvfs-20171216-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
python{2,3}‑bencode-2.0.0-1.{fc22,fc23,fc24,fc25,fc26,fc27}.noarch.rpm - Bencode re-packages the existing bencoding and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.6-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.6-300 for FC27
xlsxwriter-1.0.2-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6}.{i686,x86_64}.rpm and xlsxwriter-1.0.2-1.el7.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
pfring-7.0.0-1659.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1659.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

December 15, 2017: The following changes have been made:

fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.5-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.5-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.4-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.4-200 for FC26
pfring-7.0.0-1616.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1616.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

December 13, 2017: The following changes have been made:

fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.14.3-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.14.3-300 for FC27
pfring-7.0.0-1600.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1600.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python-dfdatetime-20171129-1.{fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
yara-python-3.7.0-1.x86_64.el7.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in CentOS/RHEL 7.

December 8, 2017: The following changes have been made:

fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.16-302 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.16-302 for FC27
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.16-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.16-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.16-202 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.16-202 for FC26
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.16-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.16-200 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.49.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.16-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-49.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.16-100 for FC25
fmem-kernel-modules-el7-x86_64-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-693.11.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-693.11.1 for EL7
pfring-7.0.0-1592.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1592.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
dfvfs-20171203-1.{fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.

December 1, 2017: The following changes have been made:

pfring-7.0.0-1569.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1569.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.15-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.15-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.15-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.15-200 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.48.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.15-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-48.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.15-100 for FC25
Fedora 21 - Updates to Fedora 21 for both the i686 and x86_64 CPU architectures has ceased.
ADIA - This item is the VMware and VirtualBox-based forensic appliances built with CentOS 7 for the x86_64 architecture. See here for more details. The release coonsistes of the following:
- The latest CERT Forensics Key is installed.
- All packages have been updated as of December 1, 2017.
- SElinux is disabled.
- Mate Desktop is the defaut desktop.

November 23, 2017: The following changes have been made:

Fedora 27 - The repository now supports Fedora 27 for the x86_64 and i386 CPU architectures. Here is the list of tools provided for Fedora 27:

2hash
aeskeyfind
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bokken
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
dd_rescue
ddrescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
dtfabric
efilter-1
eindeutig
epub
exfat-utils
fatback
fcrackzip
fmem-kernel-modules
fred
fundl
galleta
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata

hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
jafat
KHracker
kracked
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libpff
libphdi
libpst
libqcow

libregf
libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
partclone
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
protobuf-c
pstotext
ptfinder
ptk
pyew
python-apsw
python-construct
python-dpapick
python-haystack
python-ioc_writer
python-pycoin
python-radare

python-rarfile
python-registry
pytsk3
radare
rar
registrydecoder
reglookup
regripper
regripper-plugins
rifiuti2
rifiuti
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
undbx
unrar
untex
vala
valabind
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
xlsxwriter
xmount
xplico
yaf

lime-kernel-modules-1.1.r17-12.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 27 x86_64 and i386 architectures was added.
fmem-kernel-modules-1.6-1.12.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 27 x86_64 and i386 architectures was added.
snort-2.9.11-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
snort-sample-rules-2.9.11-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
snort-openappid-2.9.11-1.{fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- Here is the OpenAppId Detector Developer Guide .
Note: This version of snort is not yet avaiable for Fedora 26 or 27.
snarf{,‑devel,‑python}-0.3.0-3.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el7}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system. Applications can use snarf's C and Python APIs to construct and send network alert messages, which can then be routed to multiple destinations in a configurable manner. See here for the list of changes for this release. This version uses zeromq3. Note: due to the changing package requirements of snarf, there is no support for CentOS/RHEL 6.
pfring-7.0.0-1560.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1560.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python-dfdatetime-20170719-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
python-construct-2.5.2-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el6,el7}.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data.
dfvfs-20171022-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
plaso-20171118-1.{fc21,fc22,fc23,fc24,fc25,fc26,fc27}.{i686,x86_64}.rpm and plaso-20171118-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 21, 22, 23, 24, 25, 26, and 27 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.9-300 for FC27
- 4.13.13-300 for FC27
lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.9-300 for FC27
- 4.13.13-300 for FC27
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.13-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.13-200 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.47.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.13-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-47.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.13-100 for FC25

November 17, 2017: The following changes have been made:

pfring-7.0.0-1557.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1557.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.46.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.12-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-46.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.12-100 for FC25
fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.12-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.12-200 for FC26
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.16.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.16.1 for EL6

November 10, 2017: The following changes have been made:

fmem-kernel-modules-fc26-{i386,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.11-200 for FC26
lime-kernel-modules-fc26-{i386,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.11-200 for FC26
fmem-kernel-modules-fc26-x86_64-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.10-200 for FC26
lime-kernel-modules-fc26-x86_64-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.10-200 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.45.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.11-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-45.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.11-100 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.44.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.8-100 for FC25
- 4.13.10-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-44.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.8-100 for FC25
- 4.13.10-100 for FC25
pfring-7.0.0-1535.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1535.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
libfwsi{,‑devel,‑python,‑python3}-20171103-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm libfwsi{,‑devel,‑python}-20171103-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20171103-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. See here for the list of changes.
liblnk{,‑devel,‑python,‑python3,‑tools}-20171101-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python,‑tools}-20171101-1.el6.{i686,x86_64}.rpm, abnd liblnk{,‑devel,‑python,‑python3,‑tools}-20171101-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
libsmdev{,‑devel,‑python,‑python3,‑tools}-20171105-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python,‑tools}-20171105-1.el6}.{i686,x86_64}.rpm , and libsmdev{,‑devel,‑python,‑python3,‑tools}-20171105-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
libsmraw{,‑devel,‑python,‑python3,‑tools}-20171105-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python,‑tools}-20171105-1.el6.{i686,x86_64}.rpm, and libsmraw{,‑devel,‑python,‑python3,‑tools}-20171105-1.el7.86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes.
yaf{,‑devel}-2.9.1-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
artifacts‑20171107‑1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i386,x86_64}.rpm and artifacts‑20171107‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools. This package was built to support plaso.
python-certifi-2016.9.26-2.{fc21,fc22,fc23,fc24,fc25,el7}.noarch.rpm - Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. This package was built to support plaso.
python{2,3}-future-0.16.0-4.{fc21,fc22,fc23}.noarch.rpm - Future is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead. This package was built to support plaso.
python{2,3}-idna-2.5-1.{fc21,fc22,fc23,el7}.noarch.rpm - IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as “IDNA 2008”. This package was built to support plaso.
python{2,3}-pefile-2017.5.26-2.{fc21,fc22,fc23,fc24}.noarch.rpm and python-pefile-2017.5.26-2.el7.noarch.rpm - PEFile is a Portable Executable reader module. This package was built to support plaso.
plaso-20170930-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and plaso-201709301-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 21, 22, 23, 24, 25, and 26 for i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
libfixbuf{,‑devel}-1.8.0-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes. Libsmraw contains supports for multiple (split) RAW naming schemes.
yaf{,‑devel}-2.9.2-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or
analysis-pipeline-5.6-4.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release. This package was rebuilt to use libfixbuf 1.8.0.
libschemaTools{,‑devel}-1.2.1-2-{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 1.8.0.
pyfixbuf-0.2.1-2.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases. This package was rebuilt to use libfixbuf 1.8.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.16.0-3.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version. This package was rebuilt to use libfixbuf 1.8.0.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.16.0‑4.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.16.0‑4.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This package was rebuilt to use libfixbuf 1.8.0.
super_mediator-1.5.3-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the list of changes for this release. This package was rebuilt to use libfixbuf 1.8.0.

October 27, 2017: The following changes have been made:

yaf{,‑devel,‑common}-2.9.0-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.8.4).
fmem-kernel-modules-el7-x86_64-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-693.5.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-693.5.2 for EL7
super_mediator-1.5.3-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the list of changes for this release.
pfring-7.0.0-1513.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1513.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

October 22, 2017: The following changes have been made:

pfring-7.0.0-1506.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-7.0.0-1506.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
yaf{,‑devel}-2.8.4-3.{el6,el7}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. This package has been rebuilt for a new version of pf_ring. To install PF_Ring on your CentOS/RHEL system, please follow the directions found here.

October 20, 2017: The following changes have been made:

fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.13.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.13.2 for EL6
pfring-6.6.0-1459.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1459.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.43.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.5-100 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-43.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.5-100 for FC25
fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.5-200 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.5-200 for FC26

October 6, 2017: The following changes have been made:

libbde{,‑devel,‑python,‑python3,‑tools}-20170902-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20170902-1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20170902-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
libolecf{,‑devel,‑python,‑python3,‑tools}-20170825-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python,‑tools}-20170825-1.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python,‑python3,‑tools}-20170825-1.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
libvshadow{,‑devel,‑python,‑python3,‑tools}-20170902-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python,‑tools}-20170902-1.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python,‑python3,‑tools}-20170902-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. This version uses the external version of libbfio to support DFF, the Digital Forensics Framework.
pyparsing{,‑doc}-2.2.0-1.{el6,el7}.noarch.rpm and python3-pyparsing-2.2.0-1.el7.noarch.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The pyparsing module provides a library of classes that client code uses to construct the grammar directly in Python code. Pyparsing is provided by RedHat for Fedora 21. Pyparsing is needed by plaso.
sleuthkit{,‑devel,‑libs}-4.4.2-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.4.1) released to this repository.
libfvde{,‑devel,‑python,‑python3,‑tools}-20170930-1.{fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python,‑tools}-20170930-1.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python,‑python3,‑tools}-20170930-1.el7.x86_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.14-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.14-200 for FC25
fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.13.4-200 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.13.4-200 for FC26
guymager-0.8.7-1.{fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. See here for the list of changes.

September 29, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.13-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.13-200 for FC25
pfring-6.6.0-1435.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1435.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
xplico-1.2.0-3.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. This version adds the missing documetation file /usr/share/doc/xplico-1.2.0/README.md .
fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.14-300 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.14-300 for FC26
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.10.3 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.10.3 for EL6

September 22, 2017: The following changes have been made:

fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.13-300 for FC26
- 4.12.12-300 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.13-300 for FC26
- 4.12.12-300 for FC26
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.10.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.10.2 for EL6

September 15, 2017: The following changes have been made:

fmem-kernel-modules-el7-x86_64-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-693.2.2 for EL7
- 3.10.0-693.2.1 for EL7
- 3.10.0-693.1.1 for EL7
- 3.10.0-693 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-693.2.2 for EL7
- 3.10.0-693.2.1 for EL7
- 3.10.0-693.1.1 for EL7
- 3.10.0-693 for EL7
fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.11-300 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.11-300 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.11-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.11-200 for FC25

September 8, 2017: The following changes have been made:

snarf{,‑devel,‑python}-0.2.4-2.el6.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system. Applications can use snarf's C and Python APIs to construct and send network alert messages, which can then be routed to multiple destinations in a configurable manner. This version was rebuilt for CentOS/RHEL 6 to solve a dependency problem.
fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.9-300 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.9-300 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.9-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.9-200 for FC25
pfring-6.6.0-1401.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1401.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

September 1, 2017: The following changes have been made:

pfring-6.6.0-1396.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1396.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

August 25, 2017: The following changes have been made:

fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.8-300 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.8-300 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.8-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.8-200 for FC25
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.10.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.10.1 for EL6

August 18, 2017: The following changes have been made:

fmem-kernel-modules-fc26-{i686,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.12.5-300 for FC26
lime-kernel-modules-fc26-{i686,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.12.5-300 for FC26

August 11, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.12-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.12-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.47.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.12-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-47.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.12-100 for FC24
yara-python-3.6.3-1.{i386,x86_64}.{el6,el7}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in CentOS/RHEL 6 and 7.
artifacts‑20170727.‑1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i386,x86_64}.rpm and artifacts‑8209;20170727‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools. This package was built to support plaso.
binplist-0.1.5-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Binplist is a binary property list (plist) parser module written in python.
python-dfdatetime-20170719-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
dfvfs-20170723-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
libfsntfs{,‑devel,‑python,‑python3,‑tools}-20170315-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libfsntfs{,‑devel,‑python,‑tools}-20170315-1.el6.{i686,x86_64}.rpm, and libfsntfs{,‑devel,‑python,‑python3,‑tools}-20170315-1.el7.x86_64.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). See here for the list of changes.
libfwnt{,‑devel,‑python,‑python3}-20170115-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python}-20170115-1.el6.x86_64.rpm, libfwnt{,‑devel,‑python,‑python3}-20170115-1.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. See here for the list of changes. This package is needed by dfvfs and plaso.
libpst{,‑devel,‑devel-doc,‑doc,‑libs,‑python}-0.6.71-1.1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.
libscca{,‑devel,‑python,‑python3,‑tools}-20170205-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libscca{,‑devel,‑python,‑tools}-20170205-1.el6.x86_64.rpm, and libscca{,‑devel,‑python,‑python3,‑tools}-20170205-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. See here for the list of changes.
libsmraw{,‑devel,‑python,‑python3,‑tools}-20170803-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python,‑tools}-20170803-1.el6.{i686,x86_64}.rpm , and libsmraw{,‑devel,‑python,‑python3,‑tools}-20170803-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes.
libvshadow{,‑devel,‑python,‑python3,‑tools}-20170715-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libvshadow{,‑devel,‑python,‑tools}-20170715-1.el6.{i686,x86_64}.rpm, and libvshadow{,‑devel,‑python,‑python3,‑tools}-20170715-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. This version uses the external version of libbfio to support DFF, the Digital Forensics Framework.
libwrc{,‑devel,‑python,‑python3,‑tools}-20170304-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm and libwrc{,‑devel,‑python,‑tools}-20170304-1.el6.{i686,x86_64}.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
epub-0.5.2-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i386,x86_64}.rpm - Epub is the distribution and interchange format standard for digital publications and documents based on Web Standards. Epub defines a method for representing, packaging, and encoding structured and semantically enhanced web content - including XHTML, CSS, SVG, images, and other resources - for distribution in a single-file format. Epub allows publishers to produce and send a single digital publication file through distribution and offers interoperability between consumers software / hardware for unencrypted reflowable digital books and other publications. Epub is a helper application for recoll.
ghostpdl-9.21-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages. Ghostpdl is used by Xplico.
nDPI{,‑devel}-2.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.
xplico-1.2.0-3.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. This version was recompiled for nDPI-2.0 and add python3.6 list of valid Python executables.
perl-File-Mork-0.4-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.noarch.rpm - perl-File-Mork is a module to read Mozilla URL history files.
perl-Mac-PropertyList-1.412-1{fc20,fc21,fc22,fc23.f24,fc25,fc26,el7}.noarch.rpm - perl-Mac-PropertyList is a low-level interface to the Mac OS X Property List (plist) format. See here for the list of changes
perl-Alien-wxWidgets-0.67-6.el7.x86_64.rpm - perl-Alien-wxWudgets can be used to detect and get configuration settings from an installed wxWidgets.
perl-Wx-0.9928-3.el7.x86_64.rpm - perl-Wx is a wrapper for the wxWidgets (formerly known as wxWindows) GUI toolkit. This module comes with extensive documentation in HTML format; you can download it from http://wxperl.sourceforge.net.
perl-Parse-Win32Registry-1.0-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.noarch.rpm - perl-Parse-Win32Registry is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API. It provides an object-oriented interface to the keys and values in a registry file. Registry files are structured as trees of keys, with each key containing further subkeys or values. The module is intended to be cross-platform, and run on those platforms where Perl will run. It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition). It is intended to be used to parse offline registry files. If a registry file is currently in use, you will not be able to open it. However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
pfring-6.6.0-1377.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1377.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
python-apsw-3.19.3-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Python-apsw is a Python wrapper for the SQLite embedded relational database engine. In contrast to other wrappers such as pysqlite it focuses on being a minimal layer over SQLite attempting just to translate the complete SQLite API into Python. The documentation has a section on the differences between APSW and pysqlite. See here for a list of the changes.
python-haystack-0.42-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}noarch.rpm - Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
python-rarfile-3.0-1.{fc20,fc21,fc22,fc213,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Python-rarfile is a Python module for RAR archive reading. See here for the list of changes since the last release version (2.6);
regripper-plugins-20170809-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.noarch.rpm - Regripper-plugins are the plugins packaged separately from the regripper application. This package is taken from the plugins directory at the Github source code site as of 2017-08-09.
radare{,‑devel}-2.1.6.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and radare{,‑devel}‑2.1.6.0‑1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
python-radare-2.1.6.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and python‑radare‑2.1.6.0‑1.el7.x86_64.rpm- Python-Radare are bindings that allow Radare to be used from Python.
rifiuti2-0.6.1-1.{fc20,fc21,fc22,fc213,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.

July 27, 2017: The following changes have been made:

Fedora 26 - The repository now supports Fedora 26 for the i386 CPU architecture. Support for the x86_64 architecture was previously announced. Here is the list of tools provided for Fedora 26:

2hash
aeskeyfind
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bloom
bokken
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
ddrescue
dd_rescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
dtfabric
efilter-1
eindeutig
epub
exfat-utils
fatback
fcrackzip
ffmpeg
fmem-kernel-modules
fred
fundl
fuse-exfat
galleta
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata

libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
opencore-amr
partclone
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
python-apsw
python-construct
python-dpapick
python-haystack
python-ioc_writer
python-pycoin
python-radare
python-rarfile
python-registry
pytsk3
radare
rar

registrydecoder
reglookup
regripper
regripper-plugins
rifiuti
rifiuti2
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
undbx
unrar
untex
valabind
videosnarf
vinetto
vmfs-tools
vo-amrwbenc
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
x264
x265
xlsxwriter
xmount
xplico
xvidcore
yaf

lime-kernel-modules-1.1.r17-11.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 26 i386 architecture was added.
fmem-kernel-modules-1.6-1.11.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 26 i386 architecture was added.

July 26, 2017: The following changes have been made:

fmem-kernel-modules-fc26-x86_64-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.11-300 for FC26
lime-kernel-modules-fc26-x86_64-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.11-300 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.11-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.11-200 for FC25
yara-python-3.6.3-1.{fc24,fc25}.x86_64.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in Fedora 24 and 25.
pfring-6.6.0-1372.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1372.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.

July 21, 2017: The following changes have been made:

Fedora 26 - The repository now supports Fedora 26 for the x86_64 CPU architecture only. Here is the list of tools provided for Fedora 26:

2hash
aeskeyfind
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bloom
bokken
CERT-Forensics-Tools
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
ddrescue
dd_rescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
dtfabric
efilter-1
eindeutig
epub
exfat-utils
fatback
fcrackzip
ffmpeg
fmem-kernel-modules
fred
fundl
fuse-exfat
galleta
ghostpdl
grokevt
guymager
hachoir-core

hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
jafat
KHracker
kracked
libagdb
libbde
libbfio
libcreg
libesedb
libevt
libevtx
libewf
libexe
libfixbuf
libfplist
libfsext
libfshfs
libfsntfs
libfvde
libfwevt
libfwnt
libfwsi
libguytools
libhibr
libiconv
liblnk
libluksde
libmdmp
libmodi
libmsiecf
libnk2
libodraw
libolecf
libp0f
libpff
libphdi
libpst
libqcow
libregf

libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
libvsmbr
libwrc
libwtcdb
lime-kernel-modules
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
opencore-amr
partclone
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
python-apsw
python-construct
python-dpapick
python-haystack
python-ioc_writer
python-pycoin
python-radare
python-rarfile
python-registry
pytsk3
radare

rar
registrydecoder
reglookup
regripper
regripper-plugins
rifiuti
rifiuti2
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snarf
snort
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
undbx
unrar
untex
valabind
videosnarf
vinetto
vmfs-tools
vo-amrwbenc
Volatility
Volatility-community-plugins
winevt-kb
winreg-kb
x264
x265
xlsxwriter
xmount
xplico
xvidcore
yaf

lime-kernel-modules-1.1.r17-10.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 26 x86_64 architecture was added.
fmem-kernel-modules-1.6-1.10.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 26 x86_64 architecture was added.
fmem-kernel-modules-fc26-x86_64-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.10-300 for FC26
lime-kernel-modules-fc26-x86_64-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.10-300 for FC26
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.10-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.10-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.46.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.10-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-46.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.10-100 for FC24
pfring-6.6.0-1353.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1353.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
CERT-Forensics-Tools-1.0-75.fc26.{i686,x86_64}.rpm - This package was updated not install tools that are only OpenSSL 1.0 compliant, namely aimage, bloom, bulk_extractor, bulk_extractor-stoplist, and frag_find.

July 14, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.9-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.9-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.8-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.8-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.7-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.7-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.44.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.8-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-44.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.8-100 for FC24
fmem-kernel-modules-el7-x86_64-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.26.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.26.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.6.3 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.6.3 for EL6
libfsext{,‑devel,‑python,‑python3,‑tools}-20170624-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libfsext{,‑devel,‑python,‑tools}-20170624-1.el6.{i686,x86_64}.rpm - Libfsext is a lbrary and tools to access the Extended File System (EXT). Note that this project currently only focuses on the analysis of the format.
libfshfs{,‑devel,‑python,‑python3,‑tools}-20170626-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libfshfs{,‑devel,‑python,‑tools}-20170626-1.el6.{i686,x86_64}.rpm - Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS). Note that this project currently only focuses on the analysis of the format.
libhibr{,‑devel,‑tools}-20170530-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libhibr{,‑devel,‑tools}-20170530-1.el6.{i686,x86_64}.rpm - libhibr is a lbrary and tools to access the Windows Hibernation File (hiberfil.sys) format. Note that this project currently only focuses on the analysis of the format.
libmdmp{,‑devel,‑tools}-20170522-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libmdmp{,‑devel,‑tools}-20170522-1.el6.{i686,x86_64}.rpm - Libmdmp is a library to access the Windows Minidump (MDMP) format. Note that this project currently only focuses on the analysis of the format.
libmodi{,‑devel,‑python,‑python3,‑tools}-20170527-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libmodi{,‑devel,‑python,‑tools}-20170527-1.el6.{i686,x86_64}.rpm - Libmodi is a lbrary and tools to access the Mac OS disk image formats.
libnk2{,‑devel,‑python,‑python3,‑tools}-20170527-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libnk2{,‑devel,‑python,‑tools}-20170527-1.el6.{i686,x86_64}.rpm - Libnk2 is a lbrary and tools to access Microsoft Outlook Nickfile (NK2) format files.
libodraw{,‑devel,‑tools}-20170217-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libodraw{,‑devel,‑tools}-20170217-1.el6.{i686,x86_64}.rpm - Libodraw is a library to access to optical disc (split) RAW image files (bin/cue, iso/cue).
libphdi{,‑devel,‑python,‑python3,‑tools}-20170529-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libphdi{,‑devel,‑python,‑tools}-20170529-1.el6.{i686,x86_64}.rpm - Libphdi is a library to access the Parallels Hard Disk image format.
libexe{,‑devel,‑python,‑python3,‑tools}-20170123-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libexe{,‑devel,‑python,‑tools}-20170123-1.el6.{i686,x86_64}.rpm, and libexe{,‑devel,‑python,‑python3,‑tools}-20170123-1.el7.x86_64.rpm - Libexe is a library and tools to access the executable (EXE) format.
libwtcdb{,‑devel,‑tools}-20170201-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm libwtcdb{,‑devel,‑tools}-20170201-1.el6.{i686,x86_64}.rpm - Libwtcdb is a library and tools to access the Windows (Vista/7) Explorer thumbnail cache database format (thumbcache.db).
libfplist{,‑devel}-20170112-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Libfplist is a library for plist formats. Note: this is a library only - there are no tools provided by these packages.
libfwevt{,‑devel}-20170114-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Libfwevt is a library for Windows XML Event Log (EVTX) data types. Note: this is a library only - there are no tools provided by these packages.
libagdb{,‑devel,‑tools}-20170201-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Libagdb is a library to access the SuperFetch database format.
libcreg{,‑devel,‑python,‑python3,‑tools}-20170119-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libcreg{,‑devel,‑python,‑tools}-20170119-1.el6.{i686,x86_64}.rpm - Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
libvsmbr{,‑devel,‑tools}-20170525-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system.
libwrc{,‑devel,‑python,‑python3,‑tools}-20160419-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm and libwrc{,‑devel,‑python,‑tools}-20160419-1.el6.{i686,x86_64}.rpm - Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
winevt-kb-20170527-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and winevt-kb-20170527-1.el7.x86_64.rpm - Winevt-kb is a project to build a Windows Event Log knowledge base. winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources. See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them. Note that winevt-kb is not available for CentOS/RHEL 6 because of the old version of Python 2.
dtfabric-20170630-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and dtfabric-20170630-1.el7.x86_64.rpm - Dtfabric is a project to manage data types and structures, as used in the libyal projects.
winreg-kb-20170525-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and winreg-kb-20170525-1.el7.x86_64.rpm - Winreg-kb-kb winreg-kb is a project to build a Windows Registry Knowledge Base. winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources. See these scripts that make use of package. Note that winreg-kb is not available for CentOS/RHEL 6 because of the old version of Python 2.
dfwinreg-20170706-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and dfwinreg-20170706-1.{el6,el7}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
CERT-Forensics-Tools-1.0-74.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-74.el7.x86_64.rpm - This package was updated as follows:
- libagdb-tools
- libcreg-tools
- libexe-tools
- libfsext-tools
- libfshfs-tools
- libhibr-tools
- libmdmp-tools
- libmodi-tools
- libnk2-tools
- libodraw-tools
- libphdi-tools
- libvsmbr-tools
- libwrc-tools
- libwtcdb-tools
- winevt-kb (not for CentOS/RHEL 6)
- winreg-kb (not for CentOS/RHEL 6)
pfring-6.6.0-1334.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1334.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
yara-python-3.6.2-1.{fc24,fc25}.x86_64.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in Fedora 24 and 25.

June 30, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.6-201 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.6-201 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.43.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.6-101 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-43.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.6-101 for FC24
fmem-kernel-modules-el7-x86_64-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.26.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.26.1 for EL7
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.16.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.16.0‑2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.16.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
silk-ipset{-devel,‑lib,‑tools}-3.16.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
analysis-pipeline-5.6-3.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release. This package was rebuilt to use silk 3.16.0.

June 26, 2017: The following changes have been made:

partclone-0.3.6-2.el7.x86_64.rpm and partclone-0.3.6-2.el6.{i386,x86_64}.rpm- Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), exfat, xfs, vmfs3 and vmfs5. See the /usr/share/doc/partclone/ChangeLog for the list of changes in this release. This version was rebuilt because of an update to ntfs-3g in EL6 and EL7.
testdisk-7.0-4.1.el6.{i686,x86_64}.rpm and qphotorec-7.0-4.1.el6.{i386,x86_64}.rpm - Testdisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. These releases were built to use the latest version of libewf that is installed in this repository.

June 23, 2017: The following changes have been made:

fmem-kernel-modules-el7-x86_64-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.21.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.21.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.3.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.3.2 for EL6

June 20, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.5-200 for FC25
- 4.11.4-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.5-200 for FC25
- 4.11.4-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.42.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.5-100 for FC24
- 4.11.4-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-42.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.5-100 for FC24
- 4.11.4-100 for FC24
yara-python-3.6.0-1.{fc24,fc25}.x86_64.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of an update to yara in Fedora 24 and 25.
partclone-0.3.6-2.{fc24,fc25}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), exfat, xfs, vmfs3 and vmfs5. See the /usr/share/doc/partclone/ChangeLog for the list of changes in this release. This version was rebuilt because of an update to ntfs-3g in Fedora 24 and 25.

June 19, 2017: The following changes have been made:

yara-python-3.6.0-1.el7.x86_64.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. This version was rebuilt because of the update to yara in EPEL for CentOS/RHEL 7.

June 14, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.3-202 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.3-202 for FC25
partclone-0.3.6-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), exfat, xfs, vmfs3 and vmfs5. See the /usr/share/doc/partclone/ChangeLog for the list of changes in this release.
exfat-utils-1.2.7-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems. See here for the list of changes since the last released version (1.2.3).
xmount-0.7.5-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Xmount is a tool that allows you to convert on-the-fly between multiple input and output harddisk image types. The changes in this version are the following: Here are the changes for this version:
- New for version 0.7.5
  - Improved and fixed the way fsname is built.
  - Added a patch fixing a bug in libxmount_input_aewf (supplied by Guy Voncken)
- New for version 0.7.4
  - Re-enabled full OSx support
  - libxmount_input_aewf input library is now able to decompress EWF chunks in parallel, which will increase read speed
sleuthkit{,‑devel,‑libs}-4.4.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.4.0) released to this repository.

June 2, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.11.3-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.11.3-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.17-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.17-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.41.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.17-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-41.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.17-100 for FC24
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.3.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.3.1 for EL6
lime-kernel-modules-common-1.1.r17-4.noarch.rpm - LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page. This package also obsoletes tie lime-kernel-objects package which contained the source code and all of the kernel objects. This repackaging increases the number of packages but decreases their size. This revision fixes a problem that resulted from the release of the 4.11 kernel for Linux.

Note: this RPM is hard-linked between all of the supported architectures, Fedora 20-25 and CentOS 6 and 7 If you use rsync, make certain that you use the -H option to preserve those hard links.

May 26, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.16-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.16-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.15-100 for FC24
- 4.10.16-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.15-100 for FC24
- 4.10.16-100 for FC24
fmem-kernel-modules-el7-x86_64-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.21.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.21.1 for EL7
jansson{,‑devel}-2.9-1.el7.x86_64.rpm and jansson-devel-doc-2.9-1.el7.noarch.rpm - Jansson is a C library for encoding, decoding and manipulating JSON data. It features:
- Simple and intuitive API and data model
- Comprehensive documentation
- No dependencies on other libraries
- Full Unicode support (UTF-8)
- Extensive test suite
This tool was built to be used by yara-python.
yara{,‑doc,‑devel}-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Note that the -devel and -doc packages split out the files needed for development and documentation respectively.
yara-python-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts.
dislocker{,‑libs}-0.7.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm and fuse-dislocker-0.7.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Dislocker reads BitLocker encrypted partitions under a Linux system. The driver has the capability to read/write on:
- Windows Vista, 7, 8, 8.1 and 10 encrypted partitions - that's AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser, encrypted partitions;
- BitLocker-To-Go encrypted partitions - that's USB/FAT32 partitions.
The core driver is composed of a library, with multiple binaries (see the NOTES section below) using this library. Two binaries are of interest when wanting to decrypt a BitLocker encrypted partition:
1. dislocker-fuse: binary using FUSE to dynamically decrypt the BitLocker-ed partition. You have to give it a mount point where, once keys are decrypted, a file named dislocker-file appears. This file is a virtual NTFS partition, so you can mount it as any NTFS partition and then read from or write to it. Note that writing to the NTFS virtual file will change the underlying BitLocker partition's content.
2. dislocker-file: binary decrypting a BitLocker encrypted partition into a flat file. This file has to be given through command line and, once dislocker-file is finished, will be an NTFS partition. It won't have any link to the original BitLocker partition. Therefore, if you write to this file, the BitLocker volume won't change, only the NTFS file will. Note that this may take a long time to create that file, depending on the size of the encrypted partition. But afterward, once the partition is decrypted, the access to the NTFS partition will be faster. Another thing to think about is the size on your disk this binary needs: the same size as the volume you're trying to decrypt. Nevertheless, once the partition is decrypted, you can mount your file as any NTFS partition.
CERT-Forensics-Tools-1.0-73.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-73.el7.x86_64.rpm - This package was updated as follows:
- The dislocker suite was added for all supported systems.

May 19, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.15-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.15-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.39.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.14-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-39.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.14-100 for FC24
pfring-6.6.0-1231.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.6.0-1231.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
aeskeyfind-1.0-3.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Aeskeyfind illustrates automatic techniques for locating 128-bit and 256-bit AES keys in a captured memory image. The program uses various algorithms and also performs a simple entropy test to filter out blocks that are not keys. It counts the number of repeated bytes and skips blocks that have too many repeats. This method works even if several bits of the key schedule have been corrupted due to memory decay. This package is useful to several activities, as forensics investigations.
CERT-Forensics-Tools-1.0-72.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-72.el7.x86_64.rpm - This package was updated as follows:
- The package aeskeyfind was added for all supported systems.

May 8, 2017: The following changes have been made:

nDPI{,‑devel}-1.8-3.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.

This version eliminates a dependency for CentOS/RHEL 6 for the x86_64 architecture. The other revisions for all other systems and architectures are to maintain revision compatibility.

April 28, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.10-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.10-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.9-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.9-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.38.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.10-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-38.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.10-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.9-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.9-100 for FC24
fmem-kernel-modules-el7-x86_64-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.16.1 for EL&
- 3.10.0-514.10.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.16.1 for EL&
- 3.10.0-514.10.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696.1.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696.1.1 for EL6
libvslvm{,‑devel,‑python,‑python3,‑tools}-20160110-2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python,‑tools}-20160110-2.el6.{i686,x86_64}.rpm , and libvslvm{,‑devel,‑python,‑python3,‑tools}-20160110-2.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. This release added the missing FUSE dependencies.
CERT-Forensics-Tools-1.0-71.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-71.el7.x86_64.rpm - This package was updated as follows:
- The package libvslvm-tools was added for all supported systems.

April 13, 2017: The following changes have been made:

fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-696 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-696 for EL6
Volatility-community-plugins-20170405-2.fc25.noarch.rpm - The Volatility Community Plugins for Fedora 25 had an incorrect dependency which has been fixed.

April 7, 2017: The following changes have been made:

sleuthkit{,‑devel,‑libs}-4.4.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. See here for the changes since the last version (4.3.0) released to this repository.
pytsk3-20170324-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit.
ddrescue-1.22-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. See here for the changes since the last version (1.21) released to this repository.
ddrutility-2.8-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Ddrutility is meant to be a compliment to gnuddrescue. It is a set of utilities to help with hard drive data rescue. It currently contains the following utilities:
- ddru_findbad
- ddru_ntfsbitmap
- ddru_ntfsfindbad
- ddru_diskutility
- ddru_diskutility
See here for the list of changes in this release.
dd_rescue-1.99.5-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Dd_rescue is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue. does however not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors. See here for the changes since the last version (1.99) released to this repository.
dc3dd-7.2.646-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - dc3dd is a patched version of GNU dd that includes several features useful for computer forensics.
guymager-0.8.4-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. See here for the list of changes.
dfvfs-20170324-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
libbde{,‑devel,‑python,‑python3,‑tools}-20170204-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20170204-1.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20170204-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here for the list of changes.
libbfio,{-devel}-20170123-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - Libbfio is a library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff. It is used to chain I/O to support file-in-file access. See here for the list of changes.
libesedb{,‑devel,‑python,‑python3,‑tools}-20170121-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python,‑tools}-20170121-1.el6.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python,‑python3,‑tools}-20170121-1.el7.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. See here for the list of changes.
libevt{,‑devel,‑python,‑python3,‑tools}-20170120-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libevt{,‑devel,‑python,‑tools}-20170120-1.el6.{i686,x86_64}.rpm , and libevt{,‑devel,‑python,‑python3,‑tools}-20170120-1.el7.x86_64rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. See here for the list of changes.
libevtx{,‑devel,‑python,‑python3,‑tools}-20170122-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libevtx{,‑devel,‑python,‑tools}-20170120-1.el6.{i686,x86_64}.rpm, and libevt{,‑devel,‑python,‑python3,‑tools}-20170120-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. See here for the list of changes.
libfwsi{,‑devel,‑python,‑python3}-20160110-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libfwsi{,‑devel,‑python}-20160110-1.el6.{i686,x86_64}.rpm, and libfwsi{,‑devel,‑python,‑python3}-20160110-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. See here for the list of changes.
libiconv{,‑devel,‑static,‑utils}-1.15-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Libiconv provides an iconv() implementation, for use on systems which don't have one, or whose implementation cannot convert from/to Unicode. Due to conflicts with other packages, notably glibc, the libiconv packages are installed in /usr/libiconv. This release makes the library files also available at /usr/liboconv/lib for the x86_64 architecture which makes the package easier to use when building packages that use libiconv.
liblnk{,‑devel,‑python,‑python3,‑tools}-20170111-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, liblnk{,‑devel,‑python,‑tools}-20170111-1.el6.{i686,x86_64}.rpm, liblnk{,‑devel,‑python,‑python3,‑tools}-20170111-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
libmsiecf{,‑devel,‑python,‑python3,‑tools}-20170116-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python,‑tools}-20170116-1.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python,‑python3,‑tools}-20170116-1.el7.x86_64}.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. See here for the list of changes.
libolecf{,‑devel,‑python,‑python3,‑tools}-20170129-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libolecf{,‑devel,‑python,‑tools}-20170129-1.el6.{i686,x86_64}.rpm, and libolecf{,‑devel,‑python,‑python3,‑tools}-20170129-1.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. See here for the list of changes.
libqcow{,‑devel,‑python,‑python3,‑tools}-20170222-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libqcow{,‑devel,‑python,‑tools}-20170222-1.el6.{i686,x86_64}.rpm, and libqcow{,‑devel,‑python,‑python3,‑tools}-20170222-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. See here for the list of changes.
libsigscan{,‑devel,‑python,‑python3,‑tools}-20170124-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python,‑tools}-20170124-1.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python,‑python3,‑tools}-20170124-1.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. See here for the list of changes.
libsmdev{,‑devel,‑python,‑python3,‑tools}-20170225-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python,‑tools}-20170225-1.el6}.{i686,x86_64}.rpm , and libsmdev{,‑devel,‑python,‑python3,‑tools}-20170225-1.el7.86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
libvhdi{,‑devel,‑python,‑python3,‑tools}-20170223-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libvhdi{,‑devel,‑python,‑tools}-20170223-1.el6.{i686,x86_64}.rpm, and libvhdi{,‑devel,‑python,‑python3,‑tools}-20170223-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
libvmdk{,‑devel,‑python,‑python3,‑tools}-20170226-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libvmdk{,‑devel,‑python,‑tools}-20170226-1.el6.{i686,x86_64}.rpm , and libvmdk{,‑devel,‑python,‑python3,‑tools}-20170226-1.el7.x86_64.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. See here the list of changes.
nDPI{,‑devel}-1.8-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.

This version brings the code base used to build this package up to 2017-03-28.
partclone-0.2.90-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. See here for the list of changes in this release.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.15.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.15.0‑2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.15.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
silk-ipset{-devel,‑lib,‑tools}-3.15.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
analysis-pipeline-5.6-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release. This package was rebuilt to use silk 3.15.0.
capstone{,‑devel,‑python,‑python3}-3.0.4-4.{fc20,fc21}.{i686,x86_64}.rpm and capstone-java-3.0.4-4.noarch.rpm - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. See here for the list of changes and future features.
capstone{,‑devel,‑python,‑python3}-3.0.4-4.el7.x86_64.rpm - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. See here for the list of changes and future features.
capstone{,‑devel,‑python,}-3.0.4-4.el6.{i386,x86_64}.rpm - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. See here for the list of changes and future features.
pyew-2.3.0.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool.
radare{,‑devel}-2.1.3.0-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and radare{,‑devel}‑2.1.3.0‑1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
python-radare-2.1.3.0-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and python‑radare‑2.1.3.0‑1.el7.x86_64.rpm- Python-Radare are bindings that allow Radare to be used from Python.
Volatility-2.6-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.6. You can read about this version here Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
Volatility-community-plugins-20170405-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/. Note: The following plugins were removed the el6: PhilipHuppert, ThomasChopitea, TranVienHa, YingLi, DaveLasalle, LoïcJaquemet, and artoszInglot.
python-haystack-0.36-0.noarch.rpm - Python-Haystack is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
python-pycoin-0.77-0.noarch.rpm - Python-Pycoin is an implementation of several utility routines that may be useful when dealing with bitcoin and some alt-coins. It has been tested with Python 2.7, 3.3, 3.4 and 3.5.
python-dpapick-0.3-0.noarch.rpm - Python-Dpapick is a Python toolkit to provide a platform-independant implementation of Microsoft's cryptography subsytem called DPAPI (Data Protection API). It can be used either as a library or as a standalone tool. It is also the first open-source tool that allows decryption of DPAPI structures in an offline way and, moreover, from another plateform than Windows. It is provided with some application probes that includes the built-in logic to retreive the corresponding secrets that are protected. For more information go here.
python-typing-3.6.1.0-0.noarch.rpm - Python-Typing is a backport of the standard library typing module to Python versions older than 3.6. Typing defines a standard notation for Python function and variable type annotations. The notation can be used for documenting code in a concise, standard format, and it has been designed to also be used by static and runtime type checkers, static analyzers, IDEs and other tools. Note: this package was installed only for Fedora 20, 21, and 22. All other versions of Fedora and CentOS provide this package.
python-M2Crypto-0.26.0-0.noarch.rpm - Python-M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python’s httplib, urllib, and xmlrpclib; unforgeable HMAC’ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. M2Crypto can also be used to provide SSL for Twisted. Smartcards are supported through the Engine interface.
python-ioc_writer-0.3.3-0.noarch.rpm - Python-IOC_Writer is a Python library that allows for basic creation and editing of OpenIOC objects. It supports a basic CRUD (Create, Read, Update, Delete) for various items.
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.8-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.8-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.6-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.6-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.5-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.5-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.8-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.8-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.10.6-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.10.6-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.17-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.17-100 for FC24

March 20, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.13-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.13-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.13-201 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.13-201 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.13-101 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.13-101 for FC24

March 10, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.13-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.13-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.13-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.13-100 for FC24
super_mediator-1.5.2-1.{fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the list of changes for this release.
snarf{,‑devel,‑python}-0.3.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system. Applications can use snarf's C and Python APIs to construct and send network alert messages, which can then be routed to multiple destinations in a configurable manner. See here for the list of changes for this release. Note: due to the changing package requirements of snarf, there is no support for Fedora 20 and CentOS/RHEL 6.
CERT-Forensics-Tools-1.0-70.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-70.el7.x86_64.rpm - This package was updated as follows:
- The package xplico is now installed for Fedora 25.
- The package snarf is now installed for Fedora 25, 24, 23, 22, and 20, and CentOS/RHEL 6 and 7. Snarf is not available for Fedora 21.

March 3, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.11-200 for FC25
- 4.9.12-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.11-200 for FC25
- 4.9.12-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.12-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.12-100 for FC24
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.13.2 for EL6
- 2.6.32-642.15.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.13.2 for EL6
- 2.6.32-642.15.1 for EL6

February 23, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.10-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.10-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.9-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.9-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.8-201 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.8-201 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.10-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.10-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.9-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.9-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.8-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.8-100 for FC24
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-418 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-418 for EL5
pyfixbuf-0.2.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building, collecting, and exporting processes. Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.). See this page for a list of problems fixed in this and all releases.
libpst{,‑devel,‑devel-doc,‑doc,‑libs,‑python}-0.6.70-1.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.
socat-1.7.3.2-1.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals. Socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an external socksifier, for attacking weak firewalls, as a shell interface to UNIX sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to logically connect serial lines on different computers, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. See the change log that is part of the RPM package for a list of changes since the last version (1.7.3.0).
pfring-6.4.1-1143.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.4.1-1143.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
bokken-1.8-2.{fc20,fc21,fc22,fc23,fc24,fc24,el6,el7}.{i686,x86_64}.rpm and bokken‑1.8‑1.{el6,el7}.x86_64.rpm - Bokken is a GUI for the Pyew and Radare projects so it offers almost all the same features that Pyew has and and some of the Radare's ones. It's intended to be a basic disassembler, mainly, to analyze malware and vulnerabilities. This release was built to correct a configuration error in the bokken script that set the shell variable BOKKEN_DIR incorrectly for systms of the x86_64 architecture.

February 10, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.7-201 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.7-201 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.7-101 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.7-101 for FC24

February 4, 2017: The following changes have been made:

fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.6-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.6-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.5-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.5-200 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.4-201 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.4-201 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.3-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.3-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.6-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.6-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.5-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.5-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.9.4-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.9.4-100 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.16-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.16-200 for FC24
fmem-kernel-modules-el7-x86_64-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.6.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.6.1 for EL7
xplico-1.2.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. Here are the chanes for this version:
- Migration from PHP5 to PHP7
- CakePHP 2.8
- IMAP bug fix
- Bugfix: reported on Security Onion
pfring-6.4.1-1064.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package contains header files and libraries, among other files, to support the PF_Ring network socket.
pfring-dkms-6.4.1-1064.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed. This package conains the code and supporting files needed to create the PF_Ring kernel module.
yaf{,‑devel}-2.8.4-2.{el6,el7}.x86_64.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. This package has been rebuilt to assert the --with-pfring configuration option. Note that this is a package that supports PR_Ring sockets. To install PF_Ring on your CentOS/RHEL system, please follow the directions found here.

January 15, 2017: The following changes have been made:

super_mediator-1.5.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the list of changes for this release.
libschemaTools{,‑devel}-1.2.1-1-{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records. See here for the list of changes for this release.
analysis-pipeline-5.6-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the list of changes for this release.
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.16-300 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.16-300 for FC25
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.13.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.13.1 for EL6

December 31, 2016: The following changes have been made:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.15-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.15-200 for FC24
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.15-300 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.15-300 for FC25
fmem-kernel-modules-el7-x86_64-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-514.2.2 for EL7
- 3.10.0-514 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-514.2.2 for EL7
- 3.10.0-514 for EL7
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-417 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-417 for EL5
daq-2.0.6-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - The Data Acquisition Library (Daq) is a library used by snort. Changes made to support NFQ which is the new and improved way to process iptables packets.
snort-2.9.9.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
snort-openappid-2.9.9.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- Here is the OpenAppId Detector Developer Guide .
snort-sample-rules-2.9.9.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.

December 22, 2016: The following changes have been made:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.14-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.14-200 for FC24
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.14-300 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.14-300 for FC25

December 15, 2016: The following changes have been made:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.13-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.13-100 for FC23
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.12-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.12-100 for FC23
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.13-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.13-200 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.12-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.12-200 for FC24
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.13-300 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.13-300 for FC25
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.12-300 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.12-300 for FC25

December 12, 2016: The following changes have been made:

Fedora 8 - The repository files for Fedora 8 have beem removed.
Fedora 9 - The repository files for Fedora 9 have beem removed.
Fedora 10 - The repository files for Fedora 10 have beem removed.
Fedora 11 - The repository files for Fedora 11 have beem removed.
Fedora 12 - The repository files for Fedora 12 have beem removed.
Fedora 13 - The repository files for Fedora 13 have beem removed.
Fedora 14 - The repository files for Fedora 14 have beem removed.
Fedora 15 - The repository files for Fedora 15 have beem removed.
Fedora 16 - The repository files for Fedora 16 have beem removed.

December 8, 2016: The following have been released:

Fedora 25 - The repository now supports Fedora 25 for both the i686 and x86_64 CPU architectures. Here is the list of tools provided for Fedora 25:

2hash
afflib
aimage
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bloom
bokken
bulk_extractor
bulk_extractor-stoplist
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
ddrescue
dd_rescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
efilter-1
eindeutig
epub
exfat-utils
fatback
fcrackzip
fmem-kernel-modules
fmem-kernel-modules-common
frag_find
fred

fundl
fuse-exfat
galleta
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
jafat
KHracker
kracked
libbde
libbfio
libesedb
libevt
libevtx
libewf
libfixbuf
libfsntfs
libfvde
libfwnt
libfwsi
libguytools
libiconv
liblnk
libluksde
libmsiecf
libolecf
libp0f
libpff
libpst
libqcow
libregf
libscca

libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
lime-kernel-modules
lime-kernel-modules-common
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
partclone
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
ptk
pyew
python-apsw
python-construct
python-radare
python-rarfile
python-registry
pytsk3
radare
rar
registrydecoder

reglookup
regripper
regripper-plugins
rifiuti
rifiuti2
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snort
snort-openappid
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
testdisk
undbx
unrar
untex
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
xlsxwriter
xmount
xplico
yaf
yara
yara-python

fmem-kernel-modules-1.6-1.9.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 25 x86_64 and i686 architectures was added.
lime-kernel-modules-1.1.r17-9.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 25 x86_64 and i686 architectures was added.
fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.11-300 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.11-300 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.11-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.11-200 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.10-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.10-200 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.8-200 for FC24
- 4.8.7-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.8-200 for FC24
- 4.8.7-200 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.11-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.11-100 for FC23
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.10-100 for FC23
- 4.8.8-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.10-100 for FC23
- 4.8.8-100 for FC23
libpff-20161119-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Libpff is used by DFF,the Digital Forensics Framework. See here for the list of changes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.14.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.14.0‑2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.14.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.5-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This release was built using SiLKSiLK version 3.14.0.
silk-ipset{,‑devel,‑lib,‑tools}-3.14.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
Volatility-community-plugins-20161202-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/.
dff-1.3.6-20161201.1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examiners, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. This version is the developer version as of December 1, 2016.

To support this version, the following were also installed:
- Fedora 25 (From RPM Fusion)
  - ffmpeg-3.1.5-1.fc25.i686.rpm
  - ffmpeg-devel-3.1.5-1.fc25.i686.rpm
  - ffmpeg-libs-3.1.5-1.fc25.i686.rpm
  - lame-3.99.5-6.fc25.i686.rpm
  - lame-devel-3.99.5-6.fc25.i686.rpm
  - lame-libs-3.99.5-6.fc25.i686.rpm
  - libavdevice-3.1.5-1.fc25.i686.rpm
  - x264-devel-0.148-13.20160924git86b7198.fc25.i686.rpm
  - x264-libs-0.148-13.20160924git86b7198.fc25.i686.rpm
  - x265-devel-1.9-3.fc25.i686.rpm
  - x265-libs-1.9-3.fc25.i686.rpm
  - xvidcore-1.3.4-2.fc24.i686.rpm
  - xvidcore-devel-1.3.4-2.fc24.i686.rpm
xplico-1.1.1-6.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder. Xplico needs various variables set in the /etc/php.ini file. These used to be set in the scripts provided by the package and in the script that starts Xplico. They are now set in the configuration file for the Apache Web Server. Nonetheless, when Xplico is installed, the Apache Web Server must be restarted if it was running and started otherwise.

Note also that Xplico is not avaible for Fedora 25. This is because of an incompatibility between PHP 7 which is provided with Fedora 25 and the version of CakePHP that was used to build Xplico (1.3.20).
CERT-Forensics-Tools-1.0-69.fc25.{i686,x86_64}.rpm - This package was updated as follows: The package Xplico was temporarily removed for Fedora 25. It will be re-added when it supports PHP 7.

November 14, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.6-201 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.6-201 for FC24
libpst{,‑devel,‑devel-doc,‑doc,‑libs,‑python}-0.6.69-1.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.13.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.13.0‑2.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.13.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.5-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes since the last version (5.4.1).
silk-ipset{,‑devel,‑lib,‑tools}-3.13.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
super_mediator-1.4.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. This release was rebuilt to use silk-ipset-3.13.0.
libvshadow{,‑devel,‑python,‑tools}-20161111-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libvshadow{,‑devel,‑python,‑tools}-20161111-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. This version uses the external version of libbfio to support DFF, the Digital Forensics Framework.
libfwnt{,‑devel,‑python,‑python3}-20151103-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python}-20160418-1.el6.{i686,x86_64}.rpm, and libfwnt{,‑devel,‑python,‑python3}-20151103-1.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. See here for the list of changes. This package is needed by dfvfs and plaso.
libscca{,‑devel,‑python,‑python3,‑tools}-20161031-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libscca{,‑devel,‑python,‑tools}-20161031-1.el6.x86_64.rpm, and libscca{,‑devel,‑python,‑python3,‑tools}-20161031-1.el7.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. See here for the list of changes.

November 8, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.8.4-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.8.4-200 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.10-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.10-100 for FC23
python-dfdatetime-20161104-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.

October 31, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.9-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.9-200 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.9-100 for FC23
- 4.7.8-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.9-100 for FC23
- 4.7.8-100 for FC23
fmem-kernel-modules-el7-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.36.3 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.36.3 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.11.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.11.1 for EL6
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.6.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.6.2 for EL6
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-416 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-416 for EL5
xplico-1.1.1-5.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder. Xplico needs various variables set in the /etc/php.ini file. In all releases before this one, these variables were set only when the package was installed, and unset when the package was removed. This method did not take into account new releases of the package of which /etc/php.ini is a part. To solve this problem, the script that start xplico - /usr/sbin/xplico - has been changed to set these variables every time xplico is started and return them to their previous values when xplico is stopped. This technique makes xplico immune to changes in other packages installed on a system.
artifacts‑20161022‑1.{fc20,fc21,fc22,fc23,fc24,el6}.{i386,x86_64}.rpm and artifacts‑20161022‑1.el7.x86_64.rpm - Artifacts is a free, community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools. This package was built to support plaso.
python-dfdatetime-20161017-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision. This package is needed by dfvfs.
libexe{,‑devel,‑python,‑python3,‑tools}-20160418-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libexe{,‑devel,‑python,‑tools}-20160418-2.el6.{i686,x86_64}.rpm, and libexe{,‑devel,‑python,‑python3,‑tools}-20160418-1.el7.x86_64.rpm - Libexe is a library to access the executable (EXE) format. See here for the list of changes.
libwrc{,‑devel,‑python,‑python3,‑tools}-20160418-1.{fc20,fc21,fc22,fc23,fc24,el7}.{i686,x86_64}.rpm and libwrc{,‑devel,‑python,‑tools}-20160418-2.el6.{i686,x86_64}.rpm - Libwrc is a library to access the Windows Resource Compiler (WRC) format. See here for the list of changes.
pytsk3-20160721-1.{fc20,fc21,fc22,fc23,fc24,el7}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. Note that this version is now named pytsk3 and it obsoletes pytsk.
plaso-1.5.1-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, plaso-1.5.0-1.el7.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the 1.5.0 release announcement here. There is no comprehensive list of changes for 1.5.1.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, 23, and 24 for i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso. Installation as an update and as a new install of have been successfully tested.
dfvfs-20160918-2.{fc20,fc21,fc22,fc23,fc24,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This version was rebuilt to use the renamed pytsk3.

October 21, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.7-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.7-100 for FC23
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.7-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.7-200 for FC24
xplico-1.1.1-4.el7.x86_64.rpm - xplico is an Internet traffic decoder. This release uses systemctl instead of systemon CentOS/RHEL 7.
xplico-1.1.1-3.el7.x86_64.rpm - xplico is an Internet traffic decoder. This release was rebuilt to use the Python 3.3 code for CentOS/RHEL 7.

October 14, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.6-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.6-200 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.6-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.6-100 for FC23
fmem-kernel-modules-el7-x86_64-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.36.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.36.2 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.6.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.6.1 for EL6

October 7, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.5-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.5-200 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.5-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.5-100 for FC23

September 30, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.4-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.4-100 for FC23

September 23, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.4-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.4-200 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.3-200 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.3-200 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.3-100 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.3-100 for FC23
libpst{,‑devel,‑devel-doc,‑doc,‑libs,‑python}-0.6.68-1.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.
libbde{,‑devel,‑python,‑python3,‑tools}-20160731-2.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libbde{,‑devel,‑python,‑tools}-20160731-2.el6.{i686,x86_64}.rpm, and libbde{,‑devel,‑python,‑python3,‑tools}-20160731-2.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here for the list of changes.
libesedb{,‑devel,‑python,‑python3,‑tools}-20160622-2.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libesedb{,‑devel,‑python,‑tools}-20160622-2.el6.{i686,x86_64}.rpm, and libesedb{,‑devel,‑python,‑python3,‑tools}-20160622-2.el7.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. See here for the list of changes.
libmsiecf{,‑devel,‑python,‑python3,‑tools}-20160904-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libmsiecf{,‑devel,‑python,‑tools}-20160904-2.el6.{i686,x86_64}.rpm, and libmsiecf{,‑devel,‑python,‑python3,‑tools}-20160904-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. See here for the list of changes.
libfvde{,‑devel,‑python,‑python3,‑tools}-20160918-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libfvde{,‑devel,‑python,‑tools}-20160918-1.el6.{i686,x86_64}.rpm, and libfvde{,‑devel,‑python,‑python3,‑tools}-20160918-1.el7.x86_64.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. See here for a list of changes since the last release (20150222).
libsmraw{,‑devel,‑python,‑python3,‑tools}-20160424-2.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libsmraw{,‑devel,‑python,‑tools}-20160424-2.el6.{i686,x86_64}.rpm, and libsmraw{,‑devel,‑python,‑python3,‑tools}-20160424-2.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. This release was rebuilt to remove debugging information and to support Python 3 where possible and practical.
dfvfs-20160918-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
dfwinreg-20160428-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm and dfwinreg-20160428-1.{el6,el7}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
xlsxwriter-0.9.3-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and xlsxwriter-0.9.3-1.el7.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
efilter-1-1.5-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and efilter-1-1.5-1.el7.x86_64.rpm - Efilter is a general purpose query language designed to be embedded in Python applications and libraries. It supports SQL-like syntax to filter your application's data and provides a convenient way to directly search through the objects your applications manages. A second use case for EFILTER is to translate queries from one query language to another, such as from SQL to OpenIOC and so on. A basic SQL-like syntax and a POC lisp implementation are included with the language, and others are relatively simple to add.
python-psutil-2.1.3-1.el6.{i686,x86_64}.rpm - Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python. This package was built to support plaso.
plaso-1.5.0-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, plaso-1.5.0-1.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. See the release announcement here.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, 23, and 24 for i686 and x86_64 architectures and CentOS/RHEL versions 6 and 7 for the x86_64 architecture for this version of plaso. Installation as an update and as a new install of CERT-Forensics-Tools have been successfully tested.
fmem-kernel-modules-el7-x86_64-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.36.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.36.1 for EL7

September 11, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.2-201 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.2-201 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.7.2-101 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 4.7.2-101 for FC23
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-412 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-412 for EL5
fmem-kernel-modules-common-1.6-1.3.noarch.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This package contains the source code for making the FMEM kernel modules and the install-fmem script. Note: this RPM is hard-linked between all of the supported architectures, Fedora 20-24 and CentOS 6 and 7. If you use rsync, make certain that you use the -H option to preserve those hard links.
lime-kernel-modules-common-1.1.r17-3.noarch.rpm - LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page. This package also obsoletes tie lime-kernel-objects package which contained the source code and all of the kernel objects. This repackaging increases the number of packages but decreases their size.

Note: this RPM is hard-linked between all of the supported architectures, Fedora 20-24 and CentOS 6 and 7 If you use rsync, make certain that you use the -H option to preserve those hard links.
yara{,‑doc,‑devel}-3.5.0-5.1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. This release (5.1) was rebuilt to coincide with the version from Fedora (3.5.0-5)but to eliminate some dependency problems on Fedora 23 and 24. Note also that the -devel and -doc packages split out the files needed for development and documentation respectively.

August 26, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.7-300 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.7-300 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.7-200 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.7-200 for FC23
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.4.2 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-25.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.4.2 for EL6
analyzeMFT-2.0.19-1.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - AnalyzeMFT is a tool that fully parses the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. See here for the changes since the previously installed version 2.0.19.

August 22, 2016: The following have been released:

yara-3.5.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.4.0):
- Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
- Performance improvements
- Less memory consumption while scanning processes
- Exception handling when scanning memory blocks
- Negative integers in meta fields
- Added the --stack-size command-argument
- Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
- Functions rich_signature.toolid and rich_signature.version added to PE module
- Lots of bug fixes
yara-python-3.5.0-2.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. Here are the changes since the last version (3.4.0):
- Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
- Performance improvements
- Less memory consumption while scanning processes
- Exception handling when scanning memory blocks
- Negative integers in meta fields
- Added the --stack-size command-argument
- Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
- Functions rich_signature.toolid and rich_signature.version added to PE module
- Lots of bug fixes
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.6-300 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.6-300 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.6-200 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.6-200 for FC23
cert-forensics-tools-release-2{3,4}-12.noarch.rpm - cert-forensics-tools-release is the package that connects a Fedora-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR). This package has been changed to require either a Fedora release or a Generic release to be able to install this package. Note that this feature is entitied Boolean Dependencies and as such requires a version of rpm version 4.13 or newer. See here for an explanation of Boolean Dependencies.
fmem-kernel-modules-el7-x86_64-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.28.3 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.28.3 for EL7

August 12, 2016: The following have been released:

fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.5-300 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.5-300 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.5-200 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.5-200 for FC23
libpst{,‑devel,‑devel-doc,‑doc,‑libs,‑python}-0.6.67-1.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.

August 5, 2016: The following have been released:

opencl-headers-1.2-7.el6.noarch.rpm - OpenCL-Headers: The OpenCL registry contains specifications of the core API and the OpenCL C language; a portable intermediate representation of OpenCL programs; specifications of Khronos- and vendor-approved OpenCL extensions; and links to header files corresponding to the specifications, which are now hosted in the OpenCL-Headers Github repository.
hashcat-3.00-1-{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. Hashcat currently supports CPUs, GPUs other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable distributed password cracking.
fmem-kernel-modules-el7-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.28.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.28.2 for EL7
RPMForge -
According to this website: https://wiki.centos.org/AdditionalResources/Repositories, the RPMForge and RepoForge repositories are dead and are no longer recommended for use. To that end, all of the packages used by CentOS/RHEL 6 and 7 have been added to this repository. To remove these packages and the RPMForge repository from your system and to install the needed replacement packages from the CERT Linux Forensics Tools Repository, do the following:
```
			sudo yum -y erase `yum list installed | grep -i rpmforge | awk '{print $1}'`
			sudo yum -y install CERT-Forensics-Tools
```
This is the list of tools that have been rebuilt and added to the CERT Linux Forensics Tools Repository.
- 2hash-0.2-1.el6.{i686,x86_64}.rpm - 2hash is a tool to calculate the md5 and sha1 hashes of a file in a single read. If you’re regularly checking/calculating hashes of large files this’ll save you a lot of disk I/O.
- adns-0.2-1.el6.{i686,x86_64}.rpm - ADNS is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities.
- cryptcat-1.2.1-1.1-{el6,el7}.{i686,x86_64}.rpm - Cryptcat is the standard netcat enhanced with twofish encryption with ports for Windows NT, BSD and Linux. Twofish is courtesy of counterpane, and cryptix. TCP/IP swiss army knife extended with twofish encryption - Cryptcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Cryptcat has been added to the CERT Linux Forensics Tools (LFTR) Repository from the now defunct RPMForge repository.
- etherape-0.9.13-1.el6.{i386,x86_64} - etherape is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network. Note: this version is the latest available from the Sourceforge website which is newer than the version available from the standard Fedora repositories.
- fatback-1.3-1.el6.{i686,x86_64}.rpm - Fatback is a tool that undeletes files from FAT filesystems.
- lame{,‑libs}-3.99.5-1.el6.{i686,x86_64}.rpm - LAME > is an open source MP3 encoder whose quality and speed matches commercial encoders. LAME handles MPEG1,2 and 2.5 layer III encoding with both constant and variable bitrates.
- missidentify-1.0-1.el6.{i686,x86_64}.rpm - missidentify is a program to find Win32 applications. In its default mode it displays the filename of any executable that does not have an executable extension (i.e. exe, dll, com, sys, cpl, hxs, hxi, olb, rll, or tlb). The program can also be run to display all executables encountered, regardless of the extension. This is handy when looking for all of the executables on a drive. Other options allow the user to record the strings found in an executable and to work recursively. See the manual page for more information.
- mount_ewf-20090113-1.el6.noarch.rpm - Mount_ewf is a tool that mounts EWF files as mounted images using the loopback capability.
- pasco-1.0-1.el6.{i686,x86_64}.rpm - Pasco is a tool that parses the information in an index.dat file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
- perl-Data-Hexify-1.00-1.el6.noarch.rpm - perl-Data-Hexify formats arbitrary (possible binary) data into a format suitable for hex dumps in the style of xdor hexl.
- perl-File-Mork-0.3-1.el6.{i686,x86_64}.rpm - perl-File-Mork is a module to read Mozilla URL history files.
- perl-Mac-PropertyList-1.33-1.el7.noarch.rpm - perl-Mac-PropertyList is a low-level interface to the Mac OS X Property List (plist) format.
- perl-Parse-Win32Registry-0.51-1.el6.noarch.rpm - perl-Parse-Win32Registry is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API. It provides an object-oriented interface to the keys and values in a registry file. Registry files are structured as trees of keys, with each key containing further subkeys or values. The module is intended to be cross-platform, and run on those platforms where Perl will run. It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition). It is intended to be used to parse offline registry files. If a registry file is currently in use, you will not be able to open it. However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
- python-tidy-0.2-1.{el6,el7}.noarch.rpm - Python-tidy pleans up, regularizes, and reformats the text of Python scripts.
- rar-5.3.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Rar is a powerful archive manager. It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format. See here for a list of changes in this version.
- socat-1.7.3.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals. Socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an external socksifier, for attacking weak firewalls, as a shell interface to UNIX sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to logically connect serial lines on different computers, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. See the change log that is part of the RPM package for a list of changes.
- tcpflow-1.4.4-1.el7.x86_64.rpm - Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. Tcpflow can also process stored tcpdump packet flows.
- tre-0.8.0-1.el6.{i686,x86_64}.rpm - Tre is a lightweight, robust, and efficient POSIX compliant regexp matching library with some exciting features such as approximate (fuzzy) matching. The matching algorithm used in TRE uses linear worst-case time in the length of the text being searched, and quadratic worst-case time in the length of the used regular expression. In other words, the time complexity of the algorithm is O(M^2N), where M is the length of the regular expression and N is the length of the text. The used space is also quadratic on the length of the regex, but does not depend on the searched string. This quadratic behaviour occurs only on pathological cases which are probably very rare in practice.
- unrar-5.3.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Unrar is a powerful archive manager. It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format. See here for a list of changes in this version.

July 27, 2016: The following have been released:

plaso-1.4.0-4.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, plaso-1.4.0-4.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release is version 1.4.0 and not a beta release as was previously installed in the repository.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, 23, and 24 for i686 and x86_64 architectures and CentOS/RHEL versions 7 for the x86_64 architecture for this version of plaso.
dfvfs-20160726-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This version uses the source code dated 2016-03-06 to fix this error: https://github.com/log2timeline/plaso/issues/803.
python-dfdatetime-20160706-1.el6.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision. This package is needed by dfvfs.

July 24, 2016: The following have been released:

undbx-0.21-1.el7.x86_64.rpm - Undbx extracts, recovers and undeletes e-mail messages from Outlook Express .dbx files. This package was orphaned in RedHat EPEL and has been installed in this repository.

July 22, 2016: The following have been released:

fmem-kernel-modules-common-1.6-1.2.noarch.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This package contains the source code for making the FMEM kernel modules and the install-fmem script. Note: this RPM is hard-linked between all of the supported architectures, Fedora 20-24 and CentOS 6 and 7. If you use rsync, make certain that you use the -H option to preserve those hard links.
foremost-1.5.7-13.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i386,x86_64}.rpm - Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, EnCase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery. Originally developed by the United States Air Force Office Special Investigation and Center for Information Systems Security Studies and Research, foremost has been opened to the general public. Send any comments, suggestions, patches, or feedback you have on this program to namikus@users.sf.net.
libewf{,-devel,‑tools,‑python}-20160718-20140608.1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm, libewf{,-devel,‑tools,‑python}-20160718-20140608.1.el7.x86_64.rpm, ewftools-20160718-20140608.1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm, and ewftools-20160718-20140608.1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. This package is built from the libewf source code dated 20140608 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140608). To install this version, do the following: Disable the forensics-test repository with this command: sudo yum-config-manager --disable forensics-test Save the list of installed libewf tools with this command: LIBEWF=`rpm -qa|grep 'ewf.*2014060801'|sed 's/-2014.*//` Remove this list of installed libewf tools with this command: sudo rpm -ev $LIBEWF --nodeps Install the new versions of these libewf tools with this command: sudo yum -y install $LIBEWF Update all packages with this command: sudo yum -y update
sleuthkit{,‑devel,‑libs}-4.2.0-4.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This release was brought up to current with the version of code in github dated 2016-07-18. Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error.
testdisk-7.0-3.1.el6.{i686,x86_64}.rpm - Testdisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. This release was built to use the latest version of libewf that is installed in this repository.
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem: 4.6.4-301 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME: 4.6.4-301 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem: 4.6.4-201 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME: 4.6.4-201 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem: 4.4.14-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME: 4.4.14-200 for FC22

July 15, 2016: The following have been released:

Fedora 24 - The repository now supports Fedora 24 for both the i686 and x86_64 CPU architectures. Here is the list of tools provided for Fedora 24:

2hash
a52dec
afflib
aimage
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bloom
bokken
bulk_extractor
bulk_extractor-stoplist
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
ddrescue
dd_rescue
ddrescueview
ddrutility
dfdatetime
dff
dfvfs
dfwinreg
disktype
distorm3
DropboxReader
eindeutig
epub
exfat-utils
faad2
fatback
fcrackzip
ffmpeg
fmem-kernel-modules
fmem-kernel-modules-common
frag_find

fred
fundl
galleta
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
jafat
KHracker
kracked
lame
libbde
libbfio
libesedb
libevt
libevtx
libewf
libfixbuf
libfsntfs
libfvde
libfwnt
libfwsi
libguytools
libiconv
liblnk
libluksde
libmad
libmsiecf
libolecf
libp0f
libpff
libpst
libqcow
libregf

libscca
libschemaTools
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
libvslvm
lime-kernel-modules
lime-kernel-modules-common
log2timeline
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
partclone
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
python-apsw
python-construct
python-radare
python-rarfile
python-registry
pytsk
radare
radare-extras
rar
registrydecoder

reglookup
regripper
regripper-plugins
rifiuti
rifiuti2
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snort
snort-openappid
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
testdisk
undbx
unrar
untex
valabind
videosnarf
vinetto
vmfs-tools
Volatility
Volatility-community-plugins
xlsxwriter
xmount
xplico
xvidcore
yaf
yara
yara-python

libpff-20160110-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i386,x86_64}.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Libpff is used by DFF,the Digital Forensics Framework. See here for the list of changes.
libvshadow{,‑devel,‑python,‑tools}-20160110-2.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libvshadow{,‑devel,‑python,‑tools}-20160110-2.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. This version uses the external version of libbfio to support DFF, the Digital Forensics Framework.
dff-1.3.6-20160630.1.{fc20,fc21,fc22,fc23,fc24,el7}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examiners, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. This version is the developer version as of June 30, 2016.

To support this version, the following were also installed:
- Fedora 24 (From RPM Fusion)
  - ffmpeg-libs-2.8.7-1.fc24.{i386,x86_64}.rpm
  - ffmpeg-2.8.7-1.fc24.{i386,x86_64}.rpm
  - ffmpeg-devel-2.8.7-1.fc24.{i386,x86_64}.rpm
  - lame-devel-3.99.5-5.fc24.{i386,x86_64}.rpm
  - libavdevice-2.8.7-1.fc24.{i386,x86_64}.rpm
  - x264-devel-0.148-7.20160614gita5e06b9.fc24.{i386,x86_64}.rpm
  - x265-devel-1.9-1.fc24.{i386,x86_64}.rpm
  - x265-libs-1.9-1.fc24.{i386,x86_64}.rpm
  - xvidcore-1.3.4-2.fc24.{i386,x86_64}.rpm
  - xvidcore-devel-1.3.4-2.fc24.{i386,x86_64}.rpm
- Fedora 23 (From RPM Fusion)
  - libbfio-devel-20160108-1.fc23.{i386,x86_64}.rpm
  - libbfio-20160108-1.fc23.{i386,x86_64}.rpm
  - libavdevice-2.8.7-1.fc23.{i386,x86_64}.rpm
  - ffmpeg-libs-2.8.7-1.fc23.{i386,x86_64}.rpm
  - ffmpeg-devel-2.8.7-1.fc23.{i386,x86_64}.rpm
- CentOS 7 (From NUX)
  - faac-1.28-6.0.el7.nux.x86_64.rpm
  - fdk-aac-0.1.4-1.x86_64.rpm
  - ffmpeg-devel-2.6.8-3.el7.nux.x86_64.rpm
  - ffmpeg-libs-2.6.8-3.el7.nux.x86_64.rpm
  - libavdevice-2.6.8-3.el7.nux.x86_64.rpm
  - x264-libs-0.142-11.20141221git6a301b6.el7.nux.x86_64.rpm
  - x265-libs-1.9-1.el7.nux.x86_64.rpm
  - xvidcore-1.3.2-5.el7.nux.x86_64.rpm
libbde{,‑devel,‑python,‑tools}-20160418-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libbde{,‑devel,‑python,‑tools}-20160418-1.el7.x86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here for the list of changes.
libbfio{-devel,‑python}-20160108-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i386,x86_64}.rpm - Libbfio is a library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff. It is used to chain I/O to support file-in-file access.
libevt{,‑devel,‑python,‑tools}-20160421-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. See here for the list of changes.
libevtx{,‑devel,‑python,‑tools}-20160421-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libevtx{,‑devel,‑python,‑tools}-20160421-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. See here for the list of changes.
liblnk{,‑devel,‑python,‑tools}-20160420-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and liblnk{,‑devel,‑python,‑tools}-20160420-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
libmsiecf{,‑devel,‑python,‑tools}-20160421-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libmsiecf{,‑devel,‑python,‑tools}-20160421-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. See here for the list of changes.
libfsntfs{,‑devel,‑python,‑tools}-20160418-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). See here for the list of changes.
libolecf{,‑devel-,‑python,‑tools}-20160423-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libolecf{,‑devel-,‑python,‑tools}-20160423-1.el7.x86_64.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. See here for the list of changes.
libpst{,‑devel,‑devel-doc,‑doc,‑libs,‑python}-0.6.66-1.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. See here for the list of changes.
libregf{,‑devel,‑python,‑tools}-20160424-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libregf{,‑devel,‑python,‑tools}-20160424-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. See here for the list of changes.
libsmraw{,‑devel,‑python,‑tools}-20160424-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python,‑tools}-20160424-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. See here for the list of changes.
libvhdi{,‑devel,‑python,‑tools}-20160424-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and libvhdi{,‑devel,‑python,‑tools}-20160424-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
fmem-kernel-modules-1.6-1.8.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 24 x86_64 and i686 architectures was added.
lime-kernel-modules-1.1.r17-8.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 24 x86_64 and i686 architectures was added.
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.6.3-300 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.6.3-300 for FC24
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.1.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.5.7-300 for FC24
- 4.5.5-300 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-1.noarch.rpm - Support for the following kernels were added for LiME:
- 4.5.7-300 for FC24
- 4.5.5-300 for FC24
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.5.7-202 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.5.7-202 for FC23
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.3.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.3.1 for EL6
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-411 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-411 for EL5
lime-kernel-modules-common-1.1.r17-2.noarch.rpm - LiME is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. This package contains only the source code for making the LiME kernel modules, the CaptureMemoryWithLime script and the corresponding manual page. This package also obsoletes tie lime-kernel-objects package which contained the source code and all of the kernel objects. This repackaging increases the number of packages but decreases their size.

Note: this RPM is hard-linked between all of the supported architectures, Fedora 20-24 and CentOS 6 and 7 If you use rsync, make certain that you use the -H option to preserve those hard links.
snort-2.9.8.3-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
snort-openappid-2.9.8.3-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- The files found here and named snort-openappid.tar.gz are installed in /usr/share/snort/cisco/apps.
- Here is the OpenAppId Detector Developer Guide .
snort-sample-rules-2.9.8.3-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
dfvfs-20160706-1.{fc20,fc21,fc22,fc23,fc24,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, 23, and 24 for i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of dfvfs.
libfwnt{,‑devel,‑python,‑python3}-20160418-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libfwnt{,‑devel,‑python}-20160418-1.el6.{i686,x86_64}.rpm, and libfwnt{,‑devel,‑python,‑python3}-20160418-1.el7.x86_64.rpm - LibFWNT, is a library for Windows NT data types. See here for the list of changes. This package is needed by dfvfs.
python-dfdatetime-20160706-1.{fc20,fc21,fc22,fc23,fc24,el7}.noarch.rpm - dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision. This package is needed by dfvfs.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.12.2-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.2‑2.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.2‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
distorm3-3.3.4-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework. The changes are listed here.
Volatility-2.5-4.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.5. It also contains the mimikatz plugin. This release was build using the code as of 2016-07-08.
Volatility-community-plugins-20160708-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/.
exfat-utils-1.2.4-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems. See here for the list of changes since the last released version (1.2.3).
nDPI{,‑devel}-1.8-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.
xplico-1.1.1-2.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. This release was rebuilt to work with nDPI-1.8.
python-registry-1.2.0-1.{fc20,fc21,fc22,fc23,fc23,el6,el7}.{i386,x86_64}.rpm - Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE. The interface is two-fold: a high-level interface suitable for most tasks, and a low level set of parsing objects and methods which may be used for advanced study of the Windows Registry.
valabind-0.10.0-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm and valabind‑0.10.0‑1.el7.x86_64.rpm - Valabind is a tool to parse vala or vapi files to transform them into swig interface files, C++, NodeJS-ffi, or GIR. With swig, you can create language bindings for any API written in vala or C with a vapi interface. It can also generate bindings for C++.
radare{,‑devel}-2.0.10.4-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm and radare{,‑devel}‑2.0.10.4‑1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
python-radare-2.0.10.4-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm and python‑radare‑2.0.10.4‑1.el7.x86_64.rpm- Python-Radare are bindings that allow Radare to be used from Python.
radare-extras-2.0.10.4-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm and radare‑extras‑2.0.10.4‑1.el7.x86_64.rpm- Radare-Extras are are extra plugins for radare2.
disktype-9-19.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Disktype detects the content format of a disk or disk image. This version is based on the standard version with support for exfat, LUKS, f2fs, btrfs, and EXT 2, 3, and 4, all courtesy Erik Uitto from the Silicon Valley Regional Computer Forensics Laboratory in Menlo Park, CA. This version was rebuilt to increment the release number to be higher (19.1) than the current version provided for either Fedora (19) or CentOS/RHEL (12).
netsa-rayon-1.4.3-2.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm and netsa-rayon-pipevis-0.0-3.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Netsa-rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations. Netsa-rayon can be used to automate reporting; provide data visualization in command-line, GUI or web applications; or do ad-hoc exploratory data analysis. Netsa-rayon can generate visualizations in PDF, PNG, SVG and PostScript formats using Pycairo. It can also be used in wxPython GUI applications. Netsa-rayon is compatible with Python versions 2.6 and greater, and requires netsa-python and at least one of Pycairo (for static output) or wxPython,/a> (for GUI output). See here for a list of changes. This release was rebuilt to use Syhinx version 1.2.2 to produce the documentation.
analysis-pipeline-5.4.1-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes since the last version (5,4).

June 24, 2016: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.13-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.13-200 for FC22
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.5.7-200 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.5.7-200 for FC23
fmem-kernel-modules-el7-x86_64-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.22.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.22.2 for EL7

June 10, 2016: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.12-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.12-200 for FC22
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.5.6-200 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.5.6-200 for FC23
analysis-pipeline-5.4-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).

June 7, 2016: The following have been released:

netsa-python-1.5-1.{fc20,fc21,fc22,fc23,el6,el7}.{i386,x86_64}.rpm, netsa_silk-1.5-1.{fc20,fc21,fc22,fc23,el6,el7}.{i386,x86_64}.rpm - Netsa-python is a library of Python routines and frameworks that the NetSA team at CERT has found helpful when developing analyses using the SiLK toolkit. Of particular note are the netsa.script NetSA Scripting Framework, which provides a standard framework for writing scripts that process flow data, and the netsa.util.shell command line processing system, which provides tools for managing extremely complicated collections of shell processes that should fail or succeed together (extremely useful when working with named pipes). Netsa-python is compatible with Python versions 2.4 and greater. See here for a list of the changes since the last release which was version 1.4.3.
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.11-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.11-200 for FC22
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642.1.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642.1.1 for EL6
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.5.5-201 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.5.5-201 for FC23

May 27, 2016: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.32.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.10-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-32.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.10-200 for FC22
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-642 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-642 for EL6

May 26, 2016: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.9-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.9-200 for FC22

May 16, 2016: The following have been released:

CERT-Forensics-Tools-1.0-68.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-68.el7.x86_64.rpm - This package was updated as follows:
- The package fuse-exfat was incorrectly obsoleted by CERT-Forensics-Tools. This incorrect obsoleting directive was removed since it was already in exfat-utils, where it belongs.

May 13, 2016: The following have been released:

silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.12.1-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.1‑2.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.1‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-410 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-410 for EL5
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.9-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.9-300 for FC23
fmem-kernel-modules-el7-x86_64-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.18.2 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.18.2 for EL7

May 9, 2016: The following have been released:

fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-573.26.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-573.26.1 for EL6
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.30.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.8-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-30.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.8-200 for FC22
libewf{,-devel,‑tools,‑python}-2014060801-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm , libewf{,-devel,‑tools,‑python}-2014060801-1.el7.x86_64.rpm, ewftools-2014060801-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm, andTT>ewftools-2014060801-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. These packages have been installed in the forensics-test repository. To use this repository, you will need to enable it with this command: sudo yum-config-manager --enable forensics-test.
sleuthkit{,‑devel,‑libs}-4.2.0-4.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This release was brought up to current with the version of code in github dated 2015-10-07. Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error. These packages have been installed in the forensics-test repository. To use this repository, you will need to enable it with this command: sudo yum-config-manager --enable forensics-test. Note: if you install libewf-2014060801 you will need this version of The Sleuth Kit.

April 29, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.8-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.8-300 for FC23

April 21, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.14.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.7-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-14.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.7-300 for FC23
yaf{,‑devel}-2.8.4-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.8.2).
partclone-0.2.88-1.{fc22,fc21,fc20}.x86_64.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. See here for the list of changes in this release. This version is being released due to changes dictated by the ntfs-3g, version 2016.2.22, which was released on April 21, 2016 for Fedora 22. All other versions were rebuilt to maintain release numbering consistency.

April 14, 2016: The following have been released:

partclone-0.2.88-1.el7.x86_64.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. See here for the list of changes in this release. This version is being released due to changes dictated by the ntfs-3g, version 2016.2.22, which was released on April 14, 2016 for CentOS/RHEL 7. This version will be installed on all other supported OSes and architectures by April 22, 2016.
partclone-0.2.71-5.el6.{i386,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. See here for the list of changes in this release. This version is being released due to changes dictated by the ntfs-3g, version 2016.2.22, which was released on April 14, 2016 for CentOS/RHEL 6. This version will be installed on all other supported OSes and architectures by April 22, 2016.

April 11, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.6-301 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.6-301 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.6-201 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.6-201 for FC22
partclone-0.2.88-1.fc23.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. See here for the list of changes in this release. This version is being released due to changes dictated by the ntfs-3g, version 2016.2.22, which was released on April 10, 2016 for Fedora 23. This version will be installed on all other supported OSes and architectures by April 22, 2016.

April 8, 2016: The following have been released:

silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.12.0-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.0‑2.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.12.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.3.2-2.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.12.0.
silk-ipset{,‑devel,‑lib,‑tools}-3.12.0-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
super_mediator-1.3.0-2.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. This release was rebuilt to use silk-ipset-3.12.0.
yaf{,‑devel}-2.8.2-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.8.1).
fmem-kernel-modules-el7-x86_64-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.13.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.13.1 for EL7
byacc-1.9.20130304-3.el6.{i386,x86_64}.rpm - BYacc is a parser generator utility that reads a grammar specification from a file and generates an LR(1) parser for it. The parsers consist of a set of LALR(1) parsing tables and a driver routine written in the C programming language. It has a public domain license which includes the generated C. Byacc was installed on CentOS/RHEL 6 so that libewf could be built.
libewf{-,devel,-python}-20160209-2.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm , libewf{,-devel,-python}-20160209-2.el7.x86_64.rpm, ewftools-20160209-2.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm, and ewftools-20160209-2.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. This version fixes the error that results when the deflate compression method (which is the default) is selected.

These packages have been installed in the forensics-test repository. To use the, you will need to enable this repository in the /etc/yum.repos.d/cert-forensics-tools.repo file and you must be root to do this.

March 24, 2016: The following have been released:

ddrescue-1.21-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. Here are the changes for this version (1.21):
- mapbook.cc (Mapbook): Fix iobuf alignment. (Reported by Heikki Tauriainen).
- Removed short option names '-1' and '-2'.
- Allow only regular files for '--log-rates' and '--log-reads'.
- Option '-D, --odirect' now works also in fill mode.
- rescuebook.cc (copy_block): Return 1 on unaligned read error. Set e_code on any error if verify_on_error.
- Option '-X, --exit-on-error' has been extended to all phases.
- Assigned short name '-Z' to option '--max-read-rate'.
- mapbook.cc (update_mapfile): 'fsync' the mapfile every 5 minutes.
- Rescuebook: Show full range of sizes from non-tried to finished.
- rescuebook.cc (show_status): Show percent rescued.
- configure: Avoid warning on some shells when testing for g++.
- Makefile.in: Detect the existence of install-info.
libguytools-2.0.4-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libguytools is a package of subroutines and header files needed to build and operate guymager. The changes are:
- Removed arch specific code in toolsignal.cpp.
guymager-0.8.1-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. See here for the list of changes.
libsigscan{,‑devel,‑python,‑python3,‑tools}-20160312-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, libsigscan{,‑devel,‑python,‑tools}-20160312-1.el6.{i686,x86_64}.rpm, and libsigscan{,‑devel,‑python,‑python3,‑tools}-20160312-1.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. See here for the list of changes.
libsmdev{,‑devel,‑python,‑python3,‑tools}-20160320-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, libsmdev{,‑devel,‑python,‑tools}-20160320-1.el6.{i686,x86_64}.rpm, and libsmdev{,‑devel,‑python,‑python3,‑tools}-20160320-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
dfvfs-20160306-1.{fc20,fc21,fc22,fc23,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 6 and 7 for the x86_64 architecture for this version of dfvfs.
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.6-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.6-300 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.6-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.6-200 for FC22
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-573.22.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-573.22.1 for EL6
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-409 for EL5
- 2.6.18-408 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-409 for EL5
- 2.6.18-408 for EL5

March 18, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.5-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.5-300 for FC23
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.4-301 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.4-301 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.5-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.5-200 for FC22
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.4-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.4-200 for FC22
super_mediator-1.3.0-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the changes since the last released version (1.2.1).

March 11, 2016: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.25.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.3-201 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.3-201 for FC22

March 4, 2016: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.24.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.3.6-201 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-24.noarch.rpm - Support for the following kernels were added for LiME:
- 4.3.6-201 for FC22
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.9.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.3-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-9.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.3-300 for FC23
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.4.2-301 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
- 4.4.2-301 for FC23
ghex{,‑devel,libs}-3.18.0-1.el7.x86_64.rpm - The Ghex hex editor was installed for RHEL/CentOS 7. The previous version for RHEL/CentOS 7 (2.24) required packages that are no longer provided as part of the standard RHEL/CentOS 7 distribution. This version does not require those packages.

February 26, 2016: The following have been released:

fmem-kernel-modules-el7-x86_64-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.10.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.10.1 for EL7
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.3.5-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
- 4.3.5-200 for FC22
analysis-pipeline-5.3.2-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes to the Version 5 release of analysis-pipeline.

February 12, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.3.5-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
- 4.3.5-300 for FC23
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-573.18.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-573.18.1 for EL6
libewf{,-devel,-python}-20160209-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm , libewf{,-devel,-python}-20160209-1.el7.x86_64.rpm, ewftools-20160209-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm, and ewftools-20160209-1.el7.x86_64.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files.

These packages have been installed in the forensics-test repository. To use the, you will need to enable this repository in the /etc/yum.repos.d/cert-forensics-tools.repo file and you must be root to do this.
yaf{,‑devel}-2.8.1-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.8.0).
libschemaTools{,‑devel}-1.2.0-1-{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
analysis-pipeline-5.3.1-3.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes to the Version 5 release of analysis-pipeline.

February 7, 2016: The following have been released:

libvslvm{,‑devel,‑python,‑python3,‑tools}-20160110-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, libvslvm{,‑devel,‑python,‑tools}-20160110-1.el6.{i686,x86_64}.rpm, and libvslvm{,‑devel,‑python,‑python3,‑tools}-20160110-1.el7.x86_64.rpm - Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format. See here for the list of changes.
dfvfs-20160203-1.{fc20,fc21,fc22,fc23,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 6 and 7 for the x86_64 architecture for this version of dfvfs.
xlsxwriter-0.8.4-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and xlsxwriter-0.8.4-1.{el6,el7}.x86_64.rpm - XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format. XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more, including:
- 100% compatible Excel XLSX files.
- Full formatting.
- Merged cells.
- Defined names.
- Charts.
- Autofilters.
- Data validation and drop down lists.
- Conditional formatting.
- Worksheet PNG/JPEG images.
- Rich multi-format strings.
- Cell comments.
- Integration with Pandas.
- Textboxes.
- Memory optimization mode for writing large files.
It supports Python 2.5, 2.6, 2.7, 3.1, 3.2, 3.3, 3.4, 3.5, Jython and PyPy and uses standard libraries only. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
plaso-1.4-3.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, plaso-1.4-3.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release adds the missing artifacts and python-requests dependencies.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 7 for the x86_64 architecture for this version of plaso.

February 5, 2016: The following have been released:

fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.3.4-300 for FC23
- 4.3.3-303 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
- 4.3.4-300 for FC23
- 4.3.3-303 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.3.4-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for LiME:
- 4.3.4-200 for FC22
fmem-kernel-modules-el7-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.4.5 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.4.5 for EL7
splunk-6.3.2-aaff59bb082c-linux-2.6-x86_64.rpm and splunk-6.3.2-aaff59bb082c.i386.rpm - This version of Splunk was added to the Splunk repository for Fedora 20 through 23 and Fedora 6 and 7 for the i386 and x86_64 architectures. Follow these instructions after upgrading to this version. Make sure that you following these instruction after upgrading but before rebooting. If you do not following these instructions your system may hang when it reboots.
libbde{,‑devel,‑python,‑tools}-20160110-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libbde{,‑devel,‑python,‑tools}-20160110-1.el7}.86_64.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here for the list of changes.
libevt{,‑devel,‑python,‑tools}-20160107-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. See here for the list of changes.
libevtx{,‑devel,‑python,‑tools}-20160107-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libevtx{,‑devel,‑python,‑tools}-20160107-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. See here for the list of changes.
libfwsi{,‑devel,‑python}-20160110-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libfwsi{,‑devel,‑python}-20160110-1.el7.x86_64.rpm - Libfwsi is a library to access the Windows Shell Item format. See here for the list of changes.
liblnk{,‑devel,‑python,‑tools}-20160107-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and liblnk{,‑devel,‑python,‑tools}-20160107-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
libmsiecf{,‑devel,‑python,‑tools}-20160107-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm and libmsiecf{,‑devel,‑python,‑tools}-20160107-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. See here for the list of changes.
libolecf{,‑devel-,‑python,‑tools}-20160107-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. See here for the list of changes.
libqcow{,‑devel,‑tools,‑python}-20160123-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libqcow{,‑devel,‑tools,‑python}-20160123-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. See here for the list of changes.
libregf{,‑devel,‑python,‑tools}-20160107-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libregf{,‑devel,‑python,‑tools}-20160107-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. See here for the list of changes.
libsigscan{,‑devel,‑python,‑tools}-20160108-1.{fc20,fc21,,fc22,fc23,el6}.{i686,x86_64}.rpm and libsigscan{,‑devel,‑python,‑tools}-20160108-1.el7.x86_64.rpm - Libsigscan is a library and tools used to binary signature scanning. See here for the list of changes.
libsmdev{,‑devel,‑python,‑tools}-20160109-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsmdev{,‑devel,‑python,‑tools}-20160109-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
libsmraw{,‑devel,‑python,‑tools}-20160108-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python,‑tools}-20160108-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. See here for the list of changes.
libvhdi{,‑devel,‑python,‑tools}-20160108-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libvhdi{,‑devel,‑python,‑tools}-20160108-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
libvmdk{,‑devel,‑python,‑tools}-20160119-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. See here the list of changes.
libvshadow{,‑devel,‑python,‑tools}-20160110-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libvshadow{,‑devel,‑python,‑tools}-20160110-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
dfwinreg-20160116-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and dfwinreg-20160116-1.{el6,el7}.x86_64.rpm - DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
libscca{,‑devel,‑python,‑python3,‑tools}-20160108-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and libscca{,‑devel,‑python,‑python3,‑tools}-20160108-1.{el6,el7}.x86_64.rpm - Libscca is a library to access the Windows Prefetch File (SCCA) format. See here for the list of changes.
plaso-1.4-2.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, plaso-1.4-2.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. This release adds the missing artifacts and python-requests dependencies.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 7 for the x86_64 architecture for this version of plaso.
libfsntfs{,‑devel,‑python,‑tools}-20160108-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). See here for the list of changes.

January 8, 2016: The following have been released:

super_mediator-1.2.1-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the changes since the last released version (1.1.3).
yaf{,‑devel}-2.8.0-1.{fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.7.1).
libesedb{,‑devel,‑python,‑tools}-20151213-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libesedb{,‑devel,‑python,‑tools}-20151213-1.el7.x86_64.rpm - Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc. See here for the list of changes.
libevt{,‑devel,‑python,‑tools}-20151206-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. See here for the list of changes.
libevtx{,‑devel,‑python,‑tools}-20160103-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libevtx{,‑devel,‑python,‑tools}-20160103-1.el7.x86_64.rpm - Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. See here for the list of changes.
liblnk{,‑devel,‑python,‑tools}-20151205-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and liblnk{,‑devel,‑python,‑tools}-20151205-1.el7.x86_64.rpm - Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
libmsiecf{,‑devel,‑python,‑tools}-20151220-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libmsiecf{,‑devel,‑python,‑tools}-20151220-1.el7.x86_64.rpm - Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. See here for the list of changes.
libolecf{,‑devel-,‑python,‑tools}-20151223-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. See here for the list of changes.
libqcow{,‑devel,‑tools,‑python}-20151219-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libqcow{,‑devel,‑tools,‑python}-20151219-1.el7.x86_64.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. See here for the list of changes.
libsmdev{,‑devel,‑python,‑tools}-20151219-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsmdev{,‑devel,‑python,‑tools}-20151219-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
libsmraw{,‑devel,‑python,‑tools}-20151219-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python,‑tools}-20151219-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. See here for the list of changes.
libvhdi{,‑devel,‑python,‑tools}-20151220-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libvhdi{,‑devel,‑python,‑tools}-20151220-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
libvshadow{,‑devel,‑python,‑tools}-20151220-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libvshadow{,‑devel,‑python,‑tools}-20151220-1.el7.x86_64.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. See here for the list of changes.
dfvfs-20151227-1.{fc20,fc21,fc22,fc23,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 6 and 7 for the x86_64 architecture for this version of dfvfs.
libregf{,‑devel,‑python,‑tools}-20151223-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libregf{,‑devel,‑python,‑tools}-20151223-1.el7.x86_64.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. See here for the list of changes.
exfat-utils-1.2.3-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities for creating, checking, dumping and labeling exFAT file systems. See here for the list of changes since the last released version (1.2.0).
nDPI{,‑devel}-1.7.1-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols.
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.8-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.8-300 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.8-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.8-200 for FC22
fmem-kernel-modules-el7-x86_64-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.4.4 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.4.4 for EL7

December 18, 2015: The following have been released:

fmem-kernel-modules-el7-x86_64-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-327.3.1 for EL7
- 3.10.0-327 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-327.3.1 for EL7
- 3.10.0-327 for EL7
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-573.12.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-573.12.1 for EL6
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.7-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.7-300 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.7-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.7-200 for FC22
regripper-28000000-5.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool. This package is contains version 2.8 of the regripper tool. The plugins are packaged separately. This release contains version 08-26-13 of the auto_rip.pl. See here for more details about this script. This version is based on on the December 16, 2015 version of the regripper code.
regripper-plugins-20151216-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.noarch.rpm - Regripper-plugins are the plugins packaged separately from the regripper application. This package is taken from the plugins directory at the Github source code site.
libfsntfs{,‑devel,‑python,‑tools}-20151205-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.{i686,x86_64}.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS). See here for the list of changes.
libsmdev{,‑devel,‑python,‑tools}-20151216-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6}.{i686,x86_64}.rpm and libsmdev{,‑devel,‑python,‑tools}-20151216-1.el7.x86_64.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
libsmraw{,‑devel,‑python,‑tools}-20151005-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6}.{i686,x86_64}.rpm and libsmraw{,‑devel,‑python,‑tools}-20151005-1.el7.x86_64.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. See here for the list of changes.
libvhdi{,‑devel,‑python,‑tools}-20150105-1.{fc17,fc18,fc19,fc20,fc21,el5,el6}.{i686,x86_64}.rpm and libvhdi{,‑devel,‑python,‑tools}-20150105-1.el7.x86_64.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
pytsk-20150406-4.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. This version was rebuilt to use The Sleuth Kit version 4.2.0 for all systems except CentOS/RHEL 5 which uses The Sleuth Kit version 4.1.3. In addition, it was rebuilt to specify the correct version of CC for Fedora 23.
dfvfs-20151218-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.

At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 17, 18, 19, 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 6 and 7 for the x86_64 architecture for this version of dfvfs.
ghostpdl-9.18-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages. Ghostpdl is used by Xplico.
super_mediator-1.1.3-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the changes since the last version (1.1.2).
Fedora 19 Support for Fedora 19 i686 and x86_64 architectures - Updates to Fedora 19 for both the i686 and x86_64 CPU architectures has ceased.
Fedora 18 Support for Fedora 18 i686 and x86_64 architectures - Updates to Fedora 18 for both the i686 and x86_64 CPU architectures has ceased.
Fedora 17 Support for Fedora 17 i686 and x86_64 architectures - Updates to Fedora 17 for both the i686 and x86_64 CPU architectures has ceased.

December 4, 2015: The following have been released:

CERT-Forensics-Tools-1.0-67.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-67.el7.x86_64.rpm - This package was updated as follows:
- For CentOS/RHEL 7, the hexedit replaced the ghex program.
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.6-201 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.6-201 for FC22
snort-2.9.8.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
snort-openappid-2.9.8.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - This is the snort package built with the following additions:
- The --enable-open-appid option was added to the configure script that configures the build of snort. See here for more details.
- The files found here and named snort-openappid.tar.gz are installed in /usr/share/snort/cisco/apps.
- Here is the OpenAppId Detector Developer Guide .
snort-sample-rules-2.9.8.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.

November 30, 2015: The following have been released:

fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.29.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.1.13-100 for FC21
lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-29.noarch.rpm - Support for the following kernels were added for LiME:
- 4.1.13-100 for FC21
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.6-301 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.6-301 for FC23

November 20, 2015: The following have been released:

distorm3-3.1-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework. The changes are listed here. This version is build from distorm3 version 3.1 which is needed to address the issue noted here.
Volatility-2.5-3.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version of Volatility is the official version of Volatility 2.5. It also contains the mimikatz plugin. This release was also built with Distorm3 version 3.1 as noted above.
Volatility-community-plugins-20151112-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/.
CERT-Forensics-Tools-1.0-66.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-66.el7.x86_64.rpm - This package was updated to add the following packages:
- Added Volatility-community-plugins.
fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.6-300 for FC23
lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.6-300 for FC23
fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.6-200 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.6-200 for FC22

November 13, 2015: The following have been released:

Fedora 23 - The repository now supports Fedora 23 for both the i686 and x86_64 CPU architectures. Here is the list of tools provided for Fedora 23:

2hash
afflib
aimage
analysis-pipeline
analyzeMFT
artifacts
ataraw
autopsy
bencode
binplist
bloom
bokken
bulk_extractor
bulk_extractor-stoplist
CERT-Forensics-Tools
cert-forensics-tools-release
cryptcat
daq
dc3dd
ddrescue
dd_rescue
ddrescueview
ddrutility
dff
dfvfs
dino
disktype
distorm3
DropboxReader
eindeutig
epub
exfat-utils
fatback
fcrackzip
ffmpeg
fmem-kernel-modules
frag_find
fred

fundl
fuse-exfat
galleta
ghostpdl
grokevt
guymager
hachoir-core
hachoir-metadata
hachoir-parser
hachoir-regex
hachoir-subfile
hachoir-urwid
hachoir-wx
ip4r
ipa
jafat
KHracker
kracked
lame
libbde
libbfio
libesedb
libevt
libevtx
libewf
libfixbuf
libfsntfs
libfvde
libfwsi
libguytools
libiconv
liblnk
libluksde
libmsiecf
libolecf
libp0f
libpff
libpst

libqcow
libregf
libsigscan
libsmdev
libsmraw
libvhdi
libvmdk
libvshadow
lime-kernel-modules
log2timeline
LogAnalysisToolKit
md5deep
mdbtools
missidentify
mount_ewf
nDPI
netsa-python
netsa-rayon
partclone
pasco
perl-File-Mork
perl-Mac-PropertyList
perl-Parse-Evtx
perl-Parse-Win32Registry
plaso
prism
pstotext
ptfinder
ptk
pyew
python-apsw
python-construct
python-radare
python-rarfile
python-registry
pytsk
radare
rar

registrydecoder
reglookup
regripper
regripper-plugins
rifiuti
rifiuti2
scrounge-ntfs
sfdumper
shellbags
silk
silk-ipa
silk-ipset
sleuthkit
snort
snort-openappid
snort-sample-rules
ssdeep
stegdetect
super_mediator
tln_tools
testdisk
undbx
unrar
untex
videosnarf
vinetto
vmfs-tools
Volatility
x264
x265
xmount
xplico
yaf
yara
yara-python

fmem-kernel-modules-1.6-1.7.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 23 x86_64 and i686 architectures was added.
lime-kernel-modules-1.1.r17-7.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 23 x86_64 and i686 architectures was added.
nDPI{,‑devel}-1.7-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience. Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while being them un-necessary for network traffic monitoring.

nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.

See here for the list of supported protocols. Note that RHEL/CentOS 5 is not supported due to issues with autoconf.
xplico-1.1.1-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. This release was rebuilt to work with nDPI-1.6. All other suported systems were upgraded for release version consistency. Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support. Here are the changes since the last version (1.1.0):
- Whatsapp OS and Phone number
- Added MGCP dissector
- IMAP bug fixed
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.32-573.8.1 for EL6
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.32-573.8.1 for EL6
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
- 2.6.18-407 for EL5
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
- 2.6.18-407 for EL5

November 6, 2015: The following have been released:

fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.2.5-201 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
- 4.2.5-201 for FC22
fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
- 4.1.10-100 for FC21
lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
- 4.1.10-100 for FC21
fmem-kernel-modules-el7-x86_64-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
- 3.10.0-229.20.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
- 3.10.0-229.20.1 for EL7

October 30, 2015: The following have been released:

super_mediator-1.1.2-1.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplica