Linux Forensics Tools Repository: Package Summary for Packages on October 4, 2011:

  • bulk_extractor-1.0.7-1.{fc13,fc14,fc15,el6}.{i386,x86_64}.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. bulk_extractor also created a histograms of features that it finds, as features that are more common tend to be more important.
  • reglookup-1.0.1-1.{fc12,fc13,fc14,fc15,el5,el6}.{i686,x86_64}.rpm - The reglookup package version 1.0.0 was installed for all supported architectures.
  • ssdeep-2.7-1.{fc12,fc13,fc14,fc15,el5,el6}.{i686,x86_64}.rpm - ssdeep is a program for computing context triggered piecewise hashes (CTPH), also called fuzzy hashes.
  • yaf{,-devel}-2.1.2-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Here are the changes in this version:
    • Added new --plugin-conf switch for adding a configuration file to a plugin
    • Added new --p0f-fingerprints switch to give location of p0f fingerprint files
    • Bug Fixes

  • log2timeline-0.61-2.{fc12,fc13,fc14,fc15,el5,el6}.noarch.rpm - Log2timeline is a framework for the automatic creation of a super timeline. Here are the changes in this version:
    • Bug fixess
    • Changes to sqlite output
    • User contributed new input modules