Linux Forensics Tools Repository: Package Summary for Packages on July 10, 2013:

  • libpst{,-devel,-devel-doc,-doc,-libs,-python}-0.6.60-1.1.{fc15,fc16,fc17,fc18, el6}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats.
  • sleuthkit{,-devel,-libs}-4.1.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 4.0.2:
    • Core
      • Added YAFFS2 support (patch from viaForensics).
      • Added Ext4 support (patch from kfairbanks)
      • changed all include paths to be 'tsk' instead of 'tsk3' (IMPORTANT FOR ALL DEVELOPERS!)
    • Framework
      • Added Linux and MAC support.
      • Added L01 support.
      • Added APIs to find files by name, path and extension.
      • Removed deprecated TskFile::getAttributes methods.
      • moved code around for AutoBuild tool support.
    • Java Bindings
      • added DerivedFile datamodel support
      • added a public method to Content to add ability to close() its tsk handle before the object is gc'd
      • added faster skip() and random seek support to ReadContentInputStream
      • refactored datamodel by pushing common methods up to AbstractFile
      • fixed minor memory leaks
      • improved regression testing framework for java bindings datamodel

  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.7.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See the release notes for a list of changes since the previous version, 2.5.0.
  • analysis-pipeline-4.2-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See the release notes for a list of changes since the previous version, 3.0.0.
  • silk-ipset-{devel,lib,tools}-3.7.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
  • super_mediator-0.3.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF.
  • netsa-python-1.4.3-1.{fc15,fc16,fc17,fc18,el5,el6}.{i386,x86_64}.rpm - Netsa-python is a library of Python routines and frameworks that the NetSA team at CERT has found helpful when developing analyses using the SiLK toolkit. Of particular note are the netsa.script NetSA Scripting Framework, which provides a standard framework for writing scripts that process flow data, and the netsa.util.shell command line processing system, which provides tools for managing extremely complicated collections of shell processes that should fail or succeed together (extremely useful when working with named pipes). Netsa-python is compatible with Python versions 2.4 and greater. See here for a list of the changes since the last release which was version 1.3.
  • netsa-rayon-1.4.1-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm and netsa-rayon-pipevis-0.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Netsa-rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations. Netsa-rayon can be used to automate reporting; provide data visualization in command-line, GUI or web applications; or do ad-hoc exploratory data analysis. Netsa-rayon can generate visualizations in PDF, PNG, SVG and PostScript formats using Pycairo. It can also be used in wxPython GUI applications. Netsa-rayon is compatible with Python versions 2.4 and greater, and requires netsa-python and at least one of Pycairo (for static output) or wxPython (for GUI output). See here for a list of changes.
  • snarf{,-devel,-python}-0.2.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system. Applications can use snarf's C and Python APIs to construct and send network alert messages, which can then be routed to multiple destinations in a configurable manner.
  • prism-1.2-3.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool. The script can be used directly, or might be used as a component in other more specialized scripts. In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup. This is a new release keeping up with the latest SiLK 3 tools.
  • CERT-Forensics-Tools-1.0-54.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - This package was updated to do the following:
    • Added libbde-tools for all supported architectures
    • Added libfvde-tools for all supported architectures
    • Added libvhdi-tools for all supported architectures
    • Obsoletes rayon and replaces it with netsa-python

  • pytsk-2012113-3.{fc15,fc16,fc17,fc18,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. This release has been rebuilt to use version 4.1.0 of The Sleuth Kit.