Linux Forensics Tools Repository: Package Summary for Packages on August 7, 2012:

  • guymager-0.6.12-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. Here are the changes since the last release (0.6.11):
    • Avoiding -O3 / inline compiler bug
    • Correct srceen output if no log file is in use
    • DD verification: retry with NOATIME switched off if open fails
    • DD verification: Do not exit if open fails

  • distorm3-3-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework.
  • ghostpdl-9.05-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages. Ghostpdl is used by Xplico.
  • libpff-20120802-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Libpff is used by DFF - the Digital Forensics Framework.
  • tcpflow-1.2.8-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. Tcpflow can also process stored tcpdump packet flows. Here are the changes in this version:
    • src/main.cpp (main): added calling process_infile(expression,device,"",true) when no files are provided to fix bug of no live capture.
    • src/sysdep.h: removed; put code in tcpflow.h for simplicity
    • src/datalink.cpp (dl_null): moved ETHERTYPE_IPV6 from sysdep.h to datalink.cpp
    • bootstrap.sh: added --add-missing to bootstrap.sh