Linux Forensics Tools Repository: Package Summary for Packages on February 7, 2012:

  • dff-1.2.0-3.{fc12,fc13,fc14,fc15,el6}.{i386,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. This release adds missing support for Expert Witness Format Compression Format (ewf) files.
  • regripper-20120206-1.{fc13,fc14,fc15,fc16,el5,el6}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool. This version includes version 20120206 of the plugins from here. This version adds the filesnottosnapshot.pl (extracts from SYSTEM registry files and folders not backed up in Volume Shadow Copies) and spp_clients.pl (list volumes currently monitored by the Volume Shadow Copy Service) plugins.
  • xmount-0.4.7-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Xmount is a tool that allows you to convert on-the-fly between multiple input and output harddisk image types. This release uses Version 2 of the libewf API.
  • Volatility-2.0.1-3.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version updates the plugins from the Malware Analyst's Cookbook to version R134. See here for the list of recent changes.
  • registrydecoder-20120202-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_84}.rpm - Registrydecoder is tool for the acquisition, analysis, and reporting of registry contents. This is version 1.2 of this tool. See here for a list of changes.
  • tcpflow-1.1.0-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored tcpdump packet flows. The changes are: C++ rewrite, improved performance, and DFXML output.