Linux Forensics Tools Repository: Package Summary for Packages on July 10, 2012:

  • fred-0.1.0beta4-1.{fc14,fc15,fc16,fc17}.noarch.rpm - Fred Forensic Registry EDitor (fred) is a cross-platform Microsoft registry hive editor. This project was born out of the need for a reasonably good registry hive viewer for Linux to conduct forensic analysis. Therefore it includes some functions not found in normal "free" registry editors like a hex viewer with data interpreter and a reporting function that can easily be extended with custom ECMAScript report templates. The current version contains the following reports: NTUSER_RecentDocs, NTUSER_TypedUrls, SAM_UserAccounts, SOFTWARE_WindowsVersion, SYSTEM_CurrentNetworkSettings, SYSTEM_SystemTimeInfo and SYSTEM_UsbStorageDevices.
  • CERT-Forensics-Tools-1.0-41.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - This package was updated to do the following:
    • add fred for Fedora systems only

  • tcpflow-1.2.7-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. Tcpflow can also process stored tcpdump packet flows. Here are the changes in this version:
    • src/main.cpp (main): -r option now allows for multiple files to be specified.
    • src/main.cpp (main): -R option now allows for incomplete tcp connections to be finished.
    • src/main.cpp (main): removed global "tcpdemux demux" variable. Now it's passed as *user in the datalink methods, as it should be.
    • src/tcpdemux.h (class tcpip): bytes_printed renamed to bytes_processed, as it will be used in packet processing as well.

  • pytsk-20120626-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit.
  • python-xlwt-0.7.4-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Python-xlwt is a library for generating spreadsheet files that are compatible with Excel 97/2000/XP/2003, OpenOffice.org Calc, and Gnumeric. Python-xlwt has full support for Unicode. Excel spreadsheets can be generated on any platform without needing Excel or a COM server.
  • yaf{,-devel}-2.2.1-2.{el5}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that this release of Yaf is only available for CentOS/RHEL 5. All other versions use Yaf-2.2.2 and beyond. The change is to use libfixbuf-1.1.2-1.