Linux Forensics Tools Repository: Package Summary for Packages on June 14, 2011:

  • sleuthkit-{,devel,libs,debuginfo}-3.2.2-1.{fc11,fc12,fc13,fc14,fc15,el5}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
  • yaf{,-devel}-2.0.2-1.{fc11,fc12,fc13,fc14,fc15,el5}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Here are the changes in this version:
    • Improvements with Reassembly of TCP Fragments
    • Bug Fix for DNS Deep Packet Inspection
    • --no-frag switch now works
    • Bug Fix for expiring flows that exceed the idle timeout when reading from a file
    • Added the ability to configure YAF with WinPCAP