Linux Forensics Tools Repository: Package Summary for Packages on May 7, 2013:

  • partclone-0.2.48-3.el6}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. This release (3) was built to use the latest libntfs-3g shared library which comes from the fuse-ntfs-3g package. It has only be rebuilt for RHEL/CentOS 6 to fix a conflict with this shared library.
  • prism-1.2-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. The changes in this version are the following:
    • Added new wsgi web UI.
    • Filter DeprecationWarnings to prevent user confusion.
    • Correct runtime dependencies.

  • rayon-1.3.3-2.{fc13,fc14,fc15,fc16,el5,el6}.{i686,x86_64}.rpm - Rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations. Rayon can be used to automate reporting; provide data visualization in command-line, GUI or web applications; or do ad-hoc exploratory data analysis. Rayon can generate visualizations in PDF, PNG, SVG and PostScript formats using Pycairo. It can also be used in wxPython GUI applications. Rayon is compatible with Python versions 2.4 and greater, and requires netsa-python and at least one of Pycairo (for static output) or wxPython (for GUI output). This version has been rebuilt to more precisely defined the build and operational dependencies.
  • libvshadow{,-devel,-tools,-python}-20130501-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Libvshadow is a ibrary and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. Here are the changes since the last version>
    • added initial version of qcowmount with Dokan library support

  • yaf{,-devel}-2.4.0-1.{fc15,fc16,fc17,fc18,el6}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Note that this release of Yaf is not available for CentOS/RHEL 5 due to an outdated version of PCRE for that OS. Here are the changes since the last version:
    • New HTTP DPI Fields
    • Updated DPI Elements
    • Bug Fix to not replace yaf.conf on install
    • New application label: VMware server console
    • Added support to decode ERSPAN headers
    • Drop statistics are updated when statistics messages are exported
    • yafcollect bug fix
    • Other Bug Fixes

  • fmem-kernel-objects-1.6-1.21.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. The changes added support for the following kernels:
    • 3.8.11-200 for FC18
    • 3.8.11-100 for FC17