Linux Forensics Tools Repository: Package Summary for Packages on January 3, 2012:

  • aff{lib,lib-devel,tools}-3.6.15-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Afflib is the library and tools to manipulate files using the Advanced Forensic Format. Please note: as of AFFLIB 3.6, all tool names start with the string aff which marks a change from AFFLIB version 3.5. See /usr/share/doc/afflib-3.6.15/ChangeLog after the package has been installed.
  • fiwalk-0.6.16-1.{fc13,fc14,fc15,fc16,el6}.{i386,x86_64}.rpm - Fiwalk is a program that processes a disk image using the SleuthKit library and outputs its results in Digital Forensics XML, the Attribute Relationship File Format (ARFF) format used by the Weka Datamining Toolkit, or an easy-to-read textual format. See /usr/share/doc/fiwalk-0.6.16/ChangeLog after the package has been installed.
  • bulk_extractor-1.1.3-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. bulk_extractor also created a histograms of features that it finds, as features that are more common tend to be more important. See /usr/share/doc/bulk_extractor-1.1.3/ChangeLog after the package has been installed.
  • tcpflow-1.0.6-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored tcpdump packet flows.
  • ddrescue-1.15-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. See /usr/share/doc/ddrescue-1.15/ChangeLog after the package has been installed.
  • libewf-{,devel,tools}-20111231-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Libewf is a library for support of the Expert Witness Compression Format (EWF). It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Note the following:
    • This version provides the development environment for Version 2 of the API using the libewf-devel package. If the Version 1 API is required, install a version of libewf-devel from 2010, for example version 20100226.
    • This version provides the runtime environment for both Version 1 and Version 2 of the API. This means that both libewf.so.1 and libewf.so.2 are provided in this package for all supported operating systems and architectures.
    • This version provides the a set of tools (libewf-tools) that replace ewftools.

  • libfixbuf{,-devel}-1.1.1-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). This version contains bug fixes.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-2.4.5-6.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The only change was to recompile this package to use the libfixbuf{,-devel}-1.1.1 packages.
  • yaf{,-devel}-2.1.2-2.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. The only change was to recompile this package to use the libfixbuf{,-devel}-1.1.1 packages.
  • perl-Parse-Evtx-1.1.1-1.{fc13,fc14,fc15,fc16,el5,el6}.noarch.rpm - perl-Parse-Evtx is a Windows Event Log Parser library and tools collection.
  • xmount-0.4.6-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Xmount is a tool that allows you to convert on-the-fly between multiple input and output harddisk image types. This release uses Version 2 of the libewf API.