Linux Forensics Tools Repository: Package Summary for Packages on August 26, 2013:

  • libvshadow{,-devel,-tools,-python}-20130723-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Libvshadow is a ibrary and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. Here are the changes since the last version:
    • fixes for 32-bit WINAPI build of pyvshadow in file object glue code
    • Changes for stand-alone libbfio build
    • updated msvscpp files
    • remove unnecessary restriction in library include headers
    • updated dependencies

  • daq-2.0.1-1.{fc16,fc17,fc18,fc19,el6}.{i386,x86_64}.rpm - The Data Acquisition Library (Daq) is a library used by snort. here are the changes since the last version:
    • daq.h, daq_api.h, daq_base.c, daq_common.h, daq_mod_ops.c, daq_afpacket.c, daq_dump.c, daq_ipfw.c, daq_ipq.c, daq_nfq.c, daq_pcap.c, daq_static_modules.c, daq_static_modules.h, sf_bpf_filter.c, sf_bpf_printer.c, sf_gencode.c, sf_nametoaddr.c, sf_optimize.c, sfbpf-int.c, sfbpf-int.h, sfbpf.h, sfbpf_dlt.h: Update copyright year.
    • daq_dump.c, daq_ipfw.c, daq_ipq.c, daq_nfq.c: Ensure verdict is in range before bumping peg counts. Thanks to John Menerick for reporting the issue.

  • snort-2.9.5.3-1.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - (Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-sample-rules-2.9.5.3-1.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
  • dd_rescue-1.34-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Dd_rescue is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue. does however not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors. Here are the changes from the previous distributed version (1.33):
    • This version provides better support for various *nix systems (specifically had a few fixes for FreeBSD), better compatibility with compilers (clang and g++ and clang++). It can now also load libfallocate at runtime (libdl) and detects a few more fatl write errors as such.

  • ddrescue-1.17-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. Here are the changes from the previous distributed version (1.16):
    • Added new option -l, --logfile-size.
    • Added new option -w, --ignore-write-errors.
    • Option --fill has been renamed to --fill-mode.
    • Option --generate-logfile has been renamed to --generate-mode.
    • Added option --sector-size as a synonym of --block-size.
    • Added option --retries as a synonym of --max-retries.
    • Added option --size as a synonym of --max-size.
    • rescuebook.cc: Trimming is now done from both edges of each non-trimmed block. Largest blocks are trimmed first.
    • rescuebook.cc: Largest blocks are now split first until logfile reaches --logfile-size entries.
    • logbook.cc (extend_sblock_vector, truncate_vector): Terminate if truncation would discard finished blocks.
    • rescuebook.cc: Mark failed blocks with 1 sector as bad-sector.
    • logbook.cc (extend_sblock_vector): Remove last block of logfile if it starts at isize and is not marked as finished.
    • io.cc (show_status,update_rates): Detect a jump back in time and adjust status.
    • ddrescue.h (slow_read): Return false for the first 10 seconds.
    • io.cc (show_status) Leave cursor after message so that ^C does not overwrite it.
    • main.cc: Do not require --force for generate mode.
    • ddrescue.h (Logbook::logfile_exists): Do not return false if logfile exists but is empty.
    • Added new chapter 'Using ddrescue safely' to the manual.
    • Documented that 'direct disc access' only reads whole sectors.
    • configure: Options now accept a separate argument.
    • Makefile.in: Added new target install-bin.

  • libpst{,-devel,-devel-doc,-doc,-libs,-python}-0.6.61-1.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - The libpst utilities convert Outlook .pst files to other formats. Here are the changes from the previous distributed version (0.6.61):
    • Move documentation to unversioned directory

  • netsa-rayon-1.4.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm and netsa-rayon-pipevis-0.0-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Netsa-rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations. Netsa-rayon can be used to automate reporting; provide data visualization in command-line, GUI or web applications; or do ad-hoc exploratory data analysis. Netsa-rayon can generate visualizations in PDF, PNG, SVG and PostScript formats using Pycairo. It can also be used in wxPython GUI applications. Netsa-rayon is compatible with Python versions 2.6 and greater, and requires netsa-python and at least one of Pycairo (for static output) or wxPython (for GUI output). See here for a list of changes.
  • snarf{,-devel,-python}-0.2.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system. Applications can use snarf's C and Python APIs to construct and send network alert messages, which can then be routed to multiple destinations in a configurable manner. Here are the changes:
    • Initial release to open source community.
    • Additional documentation.
    • Bug fixes.

  • ghostpdl-9.09-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages. Ghostpdl is used by Xplico. This version attempts to update Xplico's version of pcl6 - the binary installed as part of ghostpdl - as stored in /opt/xplico/bin if Xplico is installed.
  • ssdeep-2.10-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Ssdeep is a program for computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. See here for the list of changes.
  • testdisk-6.14-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Testdisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. Here are the changes from the last version (6.13):
    • General Improvements
      • The log file generated by the Windows version (cygwin) reports bad sectors in a more readable fashion, example
      • ReadFile Data error (cyclic redundancy check).
      • As openssl isn't used, don't link with this cryptographic library (Debian tries to avoid mixing GPL code and openssl)
    • TestDisk
      • Improvements
        • testdisk /list now displays the disk model, serial number, firmware version and hpa or dco presence if detected
        • Recover WBFS (Wii Backup File System) partition
        • Make FAT RebuildBS works when there is a single FAT table
        • Interface: Display the partition table type if autodetected
        • Interface: modified warning about mismatching geometry between FAT or NTFS boot sector and HD geometry information (Debian #651756)
        • Interface: Remove "Allow partial last cylinder" option
      • Bug fixes
        • Fix crc in EFI backup GPT
        • Rewrote how TestDisk aligns partition on cylinder or 1MB boundary. It avoids to create partition entry where the partition ends after the end of the disk.
    • PhotoRec
      • Improvements
        • Improve Olympus .orf recovery
        • Improve WP Mac/WP5/WP6 Corel Documents .wpd files recovery
        • Fix thumbs.db recovery, avoid some false positive with .doc
        • Interface: if less than 10 file families are enabled, display the results even if zero has been found yet
        • New file formats:
          • .aep After Effects
          • .axx AxCrypt
          • .dp Designer, a Photobook Designer Software
          • .lzh archive
          • .mmap MindManager
          • .plt Gerber Graphix Advantage
          • .prproj Adobe Premiere project
          • .psb Adobe Photoshop Image
          • .pts PTGui, panoramic stitching software
          • .qcp The QCP File Format and Media Types for Speech Data (RFC3625)
          • .shn Shorten audio file
          • .snt Windows Sticky Notes
          • .ttd TinyTag Data
          • .wallet Armory bitcoin wallet
          • .wim Windows imaging (WIM) image
      • Bug fixes
        • Fix an endless loop during .caf file recovery
        • Fix tiff recovery including some raw file formats, 64-bit version wasn't affected