Linux Forensics Tools Repository: Package Summary for Packages on August 1, 2013:

  • CERT-Forensics-Tools-1.0-55.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - This package was updated to do the following:
    • For Fedora 19, use ewftools.
    • For all else, use libewf-tools and obsolete ewftools.

  • libbfio{,devel}-20120425-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - Libbfio is a library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff. It is used to chain I/O to support file-in-file access. Here are the changes:
    • add VC_EXTRALEAN to config_msc.h
    • add autoconf/make test suite
    • add callback function to resize memory range if needed?
    • additional checks for system strings
    • allow re-set of pool entries?
    • bug fix for POSIX wide character support in path functions
    • check if libbfio.3 is up to date
    • code clean up
    • fixed memory leak due to recent changes
    • remove deprecated functions in libbfio_legacy.[ch]
    • removed deprecated functions
    • updated .pc and .spec file
    • updated codegear files
    • updated common
    • updated configure.ac
    • updated configure.ac and m4 files
    • updated dependencies
    • updated gettext
    • updated libcstring, libuna
    • updated libuna
    • updated list type, offset list
    • updated msvscpp and borlandc files
    • updated msvscpp files
    • updated spec and pc files
    • what about disk full on write
    • wide to narrow (ASCII with codepage) conversion
    • worked on absolute path support with /../
    • worked on file range back end
    • worked on full file name support for open on demand
    • worked on full path functions
    • worked on libcfile rewrite
    • worked on libcpath rewrite

  • libpff-20120802-2.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Libpff is used by DFF - the Digital Forensics Framework. See the libpff website for the list of changes
  • dff-1.3.0-3.{fc17,fc18,fc19}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examinors, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. Note that only Fedora 17, 18, and 19 supported in this release. Here are the changes (thanks to Danil Bazin for the bug report and suggested fixes):
    • Added a dynamic loader configuration file, activated them when dff is installed, and deactived them when dff is uninstalled.
    • Added missing PyQt4 dependency.
    • Added missing reglookup dependency.
    • Added the __init__.py file needed for searching.
    • Recomplied with latest libbfio and libpff libraries.
    • Installed the ffmpeg-devel package from the RPMFusion to add video support to dff. This required the installation of these additional pagkages, all also from RPMFusion:

      • ffmpeg-libs
      • librtmp
      • x264-libs
      • xvidcore

  • fmem-kernel-objects-1.6-1.23.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. The changes added support for the following kernels:
    • 2.6.32-358.11.1 for EL6
    • 3.9.8-108 for FC17
    • 3.9.10-100 for FC17
    • 3.9.5-201 for FC18
    • 3.9.6-208 for FC18
    • 3.9.9-201 for FC18
    • 3.9.10-200 for FC18
    • 3.9.11-200 for FC18
    • 3.9.5-301 for FC19
    • 3.9.9-302 for FC19
    • 3.10.3-300 for FC19

  • libbde{,-devel,-python,-tools}-20130729-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here for the support formats, protection methods, and additional features. Here are the changes for this release:
    • updated dependencies
    • pybde fixes for >2G file objects in BFIO glue code
    • worked on git support
    • updated dependencies
    • fixed some typos
    • fix for dealing with padding in FVE metadata block

  • partclone-0.2.48-3.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. This release was built to use the latest libntfs-3g shared library, bringing all of the releases to the same release level.
  • recoll-1.19.4-2.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - Recoll is a text search tool for Unix and Linux desktops. Recoll finds keywords inside documents as well as file names. See here for a list of changes in this version. In addition, tar archives have been enabled and the epub, pstotext, and aspell packages have been added as required packages.
  • stegdetect-0.6.0-2.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - stegdetect is an automated tool for detecting steganographic content in images. This package was rebuilt to remove compiler optimization, the inclusion of which caused stegdetect to crash. Thanks to Pete Troxell for the bug reports and suggested fixes.
  • kracked-0.1-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Kracked is a tool that creates word lists from files, memory captures for example.
  • {vmfs-tools,ilibvmfs-devel}-0.2.5-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - VMfs-tools is a collection of command-line tools for operating on VMware's VMFS file system. Included in this release is limited VMFS version 5 support.