Linux Forensics Tools Repository: Package Summary for Packages on November 14, 2012:

  • fmem-kernel-objects-1.6-1.7.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This device (physical RAM) can be copied using dd or other tool. Works on 2.6 Linux kernels and beyond. Contained in this package are pre-compiled versions of fmem.ko for all kernels release with Fedora 14, 15, 16, and 17. These are installed in /usr/share/fmem-kernel-objects-1.6 by the triple KernelVersion.FedoraRelease.Architecture. In addition, the source code is available in /usr/share/doc/fmem-kernel-object-1.6. Finally, there is a script entitled install-fmem which is installed in the /usr/bin directory that can be used to install the correct fmem.ko kernel object on the current system. This package is intended to provide pre-compiled versions of the fmem module so that they can be installed as needed when doing on-site memory captures during the data collection phase of an investigation that includes digital assets. The changes are the following:
    • Support for 3.6.6-1 for FC17
    • Support for 3.6.6-1 for FC16

  • libvshadow{,-devel,-tools,-python}-20121107-2.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Libvshadow is a ibrary and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. Here are the changes since the last version.
    • updates msvscpp 2010 build
    • pyvshadow: fixes for 32-bit build

  • pytsk-2012113-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit.
  • disktype-9-9beta.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Disktype detects the content format of a disk or disk image. It knows about common file systems, partition tables, and boot codes. This version adds support for ext4, btrfs, and exFAT file systems.
  • CERT-Forensics-Tools-1.0-47.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - This package was updated to do the following:
    • add kernel-modules-extra for both architectures. These kernel modules include support for ufs file systems.
    • add kernel-PAE-modules-extra for the x86 architecture. These kernel modules include support for ufs file systems.
    • added disktype