Linux Forensics Tools Repository: Package Summary for Packages on April 5, 2010:

  • CERT-Forensics-Tools-1.0-14.fc{8,9,10,11,12}.noarch.rpm - This package was updated to reflect the addition of all of the following tools and supporting packages:

    • rifiuti2-0.5.1-1.fc{8,9,10,11,12}.*.rpm - rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
    • stegdetect-0.61-1.fc{8,9,10,11,12}.*.rpm - stegdetect is an automated tool for detecting steganographic content in images.
    • regripper-2008909-1.fc{8,9,10,11,12}.*.rpm - regripper is a Windows Registry data extraction and correlation tool.
    • rar-3.9.3-1.fc{8,9,10,11,12}.*.rpm - rar is a compression and decompresson program.
    • unrar-3.8.4-1.fc{8,9,10,11,12}.*.rpm - unrar is for extracting, testing and viewing the contents of archives created with the RAR archiver version 1.50 and above.
    • missidentify-1.0-1.fc{8,9,10,11,12}.*.rpm - missidentify is a program to find Win32 applications.
    • log2timeline-0.42.1.fc{{8,9,10,11,12}.*.rpm - log2timeline is a framework for the automatic creation of a super timeline. log2timeline required the following additional Perl package be built and installed:

      • perl-Data-Hexify-1.00-1.fc{8,9,10,11,12}.noarch.rpm
      • perl-DBD-SQLite-1.29-1.fc{8,9,10,11,12}.*.rpm
      • perl-Digest-Crc32-0.01-1.fc{8,9,10,11,12}.noarch.rpm
      • perl-NetPacket-0.42.0-1.fc{8,9,10,11,12}.noarch.rpm
      • perl-Net-Pcap-0.16-1.fc{8,9,10,11,12}.*.rpm
      • perl-Parse-Win32Registry-0.51-1.fc{8,9,10,11,12}.noarch.rpm
    • In addition, the following tools have been added by reference. They are all part of the standard Fedora repositories:

      • aimage - A disk imager.
      • ewftools - Tools to acquire, verify and export EWF files.
      • afftools - Tools that use the Advanced Forensic Format (AFF) library.
      • mdbtools - A suite of programs for accessing data stored in Microsoft Access databases.
      • antiword - A free Microsoft Word reader. It converts the documets from Word 6, 7, 97 and 2000 to ASCII and Postscript. Antiword tries to keep the layout of the document intact.
      • perl-Image-ExifTool - A Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF, PNG, MNG, JNG, MIFF, EPS, PS, AI, PDF, PSD, BMP, THM, CRW, CR2, MRW, NEF, PEF, ORF, DNG, and many other types of images. ExifTool also extracts information from the maker notes of many digital cameras by various manufacturers including Canon, Casio, FujiFilm, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Ricoh, Sanyo, Sigma/Foveon, and Sony.
      • p7zip - A file archiver with a very high compression ratio.
      • safecopy - A data recovery tool which tries to extract as much data as possible from a problematic (i.e. damaged sectors) source - like floppy drives, harddisk partitions, CDs, tape devices, ..., where other tools like dd would fail doe to I/O errors. Note: safecopy is not available in Fedora 8.
      • poppler-utils - Command line tools for converting PDF files to a number of other formats.