Linux Forensics Tools Repository: Package Summary for Packages on March 5, 2013:

  • Fedora 18 - The repository now supports Fedora 18 for both the i686 and x86_64 CPU architectures. All packages have been moved from the forensics-test repository to the standard cert repository. If you find any unexpected behavior with the packages as currently distributed, please send email to
  • partclone-0.2.48-2.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. This release was built to use the latest libntfs-3g shared library.
  • dff-1.3.0-1.{fc17,fc18}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examinors, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. Note that only Fedora 17 and 18 are supported in this release. See here for a list of recent changes
  • fmem-kernel-objects-1.6-1.16.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. The changes added support for the following Fedora kernels:
    • 3.7.9-205 for FC18
    • 3.8.1-201 for FC18
    • 3.7.9-101 for FC17
    • 3.7.9-104 for FC17

  • xplico-1.0.1-3.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support. This release includes support for Python version 3.3 which is the default for Fedora 18.
  • snort-2.9.4.1-1.1.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - (Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • libvshadow{,-devel,-tools,-python}-20130304-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Libvshadow is a ibrary and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. Here are the changes since the last version.
    • added PackageMaker files
    • updated include/types.h
    • fixed typo in vhsadowmount

  • regripper-plugins-20130218-1.{fc15,fc16,fc17,fc18,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from the regripper application. The plugins added are the following:
    • NEW PLUGIN by Corey Harrell: uac.pl that gets UAC configuration values (SOFTWARE)
    • UPDATE by Harlan Carvey to comdlg32.pl, many updates (NTUSER)
    • NOTE profile software-all was updated
    • NOTE profiles all DO NOT contain plugins TLN versions: you must create your own profiles or use them directly
    • NOTE RegRipperPluginsPackage (RRPP) counts 236 plugins