dd_rescue-1.31-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Dd_rescue
is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue. does however
not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors.
Here are the changes from the previous distributed version (1.28):
1.31: This version brings a few tiny improvements in the output (such as displaying the total elapsed time in the summary as opposed to ETA of 0,
and the amount of data really written with option -W). But importantly, it has the new mode of triple overwriting of data (options -3 and -4),
with random numbers, inverse random numbers, new random numbers (only for -4) and zeros, this way allowing paranoia-safe deletion of information.
1.30: This version brought a fix for outputting data to stdout and a fix for a possible double free operation (introduced in 1.29).
The message formatting has been streamlined a bit. The PRNG can now be initialized from a file (e.g. -Z /dev/urandom).
The program now can also avoid writing to a target block if the target block already has the same data (option -W).
Think of SSDs or other devices where you want to avoid writes.
1.29: This contains a bug was fixed, where the last bytes where not copied corrected if hardbs == softbs. 1.29 also brings a number
of new features; the ability to write the same (softbs sized) block again and again (option -R, automatically set if infile is /dev/zero),
the ability to limit transfer size such that the outfile won't be enlarged (-M) and the possibility to use userspace random numbers (libc/frandom)
to fill files with random data (options -z and -Z). Last not least, OBS also builds .deb binaries for Ubu12.04 / Deb6 now.
fuse-exfat-1.0.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Fuse-exfat is an exFAT file
system implementation with write support. exFAT is a simple file system created by Microsoft.
It is intended to replace FAT32 removing some of it's limitations.
exFAT is a standard file system for SDXC memory cards.
Here are the changes from the previous version:
Fixed unexpected removal of a directory if it is moved into itself.
Fixed "Operation not permitted" error on reading an empty file.
exfat-utils-1.0.1-1.1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The EXfat-utils are a set of utilities
for creating, checking, dumping and labeling exFAT file systems.
Here are the changes from the previous version:
Fixed unexpected removal of a directory if it is moved into itself.
Fixed "Operation not permitted" error on reading an empty file.
libewf{,-devel,-tools}-20130128-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Libewf
is a library for support of the Expert Witness Compression Format (EWF). It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Here are the changes from the previous version (20121209):
worked on sync with experimental version
docstring changes in pyewf
fix for corruption scenario
fixes in pyewf examples
updated msvscpp files
updated codegear files
updated pyewf
worked on sync with experimental version
replace libmfcache by new libfcache
updated configure files
updated dpkg files
updated rpm spec file
updated pyewf - fixes multiple issues
updated dependencies
worked on sync with experimental version
added pyewf/setup.py with thanks to Michael Cohen
bug fix for 31th day of the month issue
libvshadow{,-devel,-tools,-python}-20130131-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
Here are the changes since the last version:
worked on pyvshadow
worked on exposing block descriptors via vshadowinfo
sleuthkit{,-devel,-libs}-4.0.2-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
Here are the changes since 4.0.1:
New Features
Added fiwalk tool from Simson. Not supported in Visual Studio yet.
Bug Fixes
Fixed fcat to work on NTFS files (still doesn't support ADS though).
Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added.
NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree.
NTFS code uses sequence number when searching MFT entries for all files.
Libewf detection code change to support v2 API more reliably (ID: 3596212).
NTFS $SII code could crash in rare cases if $SDS was multiple of block size.
Framework
Added new API to TskImgDB that returns the base name of an image.
Numerous performance improvements to framework.
Removed requirement in framework to specify module extension in pipeline configuration file.
Added blackboard artifacts to represent both operating system and network service user accounts.
Java Bindings
added more APIs to find files by name, path and where clause
added API to get currently processed dir when image is being added,
added API to return specific types of children of image, volume system, volume, file system.
moved more common methods up to Content interface
deprecated context of blackboard attributes,
deprecated SleuthkitCase.runQuery() and SleuthkitCase.closeRunQuery()
fixed ReadContentInputStream bugs (ignoring offset into a buffer, implementing available() )
methods that are lazy loading are now thread safe
Hash class is now thread-safe
use more PreparedStatements to improve performance
changed source level from java 1.6 to 1.7
Throw exceptions from C++ side better
fiwalk-0.6.16-3.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Fiwalk
is a program that processes a disk image using the SleuthKit library and outputs its results in
Digital Forensics XML, the Attribute Relationship File Format (ARFF) format used by the
Weka Datamining Toolkit, or an easy-to-read textual format.
This release has been rebuilt to use version 4.0.2 of The Sleuth Kit, which because that release now contains both fiwalk and jpeg_extract, this release
no longer contains those to programs.
yaf{,-devel}-2.3.3-2.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do
flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from
pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter,
aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX
files) on the local file system.
Note that this release of Yaf is not available for CentOS/RHEL 5 due to an outdated version of PCRE.
See here for the list of changes.
fmem-kernel-objects-1.6-1.14.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates
device /dev/fmem, similar to /dev/mem but without limitations.
The changes are the following: