Linux Forensics Tools Repository: Package Summary for Packages on September 2, 2013:

  • dd_rescue-1.40-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Dd_rescue is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue. does however not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors. Here are the changes from the previous distributed version (1.33):
    • Release 1.40-1 It brings copying of extended attributes (with -p/--preserve). It doubles the default soft block size for buffered IO, but brings sparse write optimization for half-empty blocks. It also optimizes copying by using the first write to get rid off odd file offsets. It also adds a lot more test cases to make check.
    • Release 1.39-1 It fixes an issue where a copied file could be appended zeros if hardblocksize copy was used (e.g. b/c hardbs==softbs, bnc #833765). There's also a bit better ARM asm optimization, yielding a ~15% performance increase. There's also a help/manpage clarification that syncfreq actually is a size. And we use autoconf now to determine the target system features. Default build target now uses libdl.
    • Release 1.38-1 Improving SSE sparse detection performance (by 40%), adding a testcase for the 1.35/1.36 bug and run it in make check. There's even an AVX version, but it's not enabled by default, as it's untested. --force/-f now allows to ignore a non-zero output position on non-seekable output and the curr.rate and ETA calculations have improved a bit.
    • Release 1.37-1 Fixing an issue with SSE2 sparse detection, which could spuriously detect zero-filled blocks and thus result in corrupted copies if option -a was used. (This would happen for blocks that had no bytes with the uppermost bit set, such as e.g. ASCII text.) Embarassing! Also fixed issues on big-endian machines (although these were inconsequential for dd_rescue).
    • Release 1.36-1 It fixes an overflow issue with the number output for long running dd_rescue processes. SSE2 is now also enabled in x86 (32bit, with runtime detection) and an optimized ARM version (assembler yeah!) to find zero blocks was added.
    • Release 1.35-1 It had some improvements on the output that it prints -- beyond internal improvements it introduces colours to the output unless the terminal type is clearly dumb; there is also an option to control this. Numbers are highlighted for readability. Output is rate limited (10/s). 1.35 also brings a simple rewrite logic for handling write errors. There's an SSE2 optimized version to find zero blocks for sparse writing.

  • python-apsw-3.8.0-2.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Python-apsw is a Python wrapper for the SQLite embedded relational database engine. In contrast to other wrappers such as pysqlite it focuses on being a minimal layer over SQLite attempting just to translate the complete SQLite API into Python. The documentation has a section on the differences between APSW and pysqlite. See here for a list of the changes.
  • pytsk-20130826-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. See here for a list of changes.
  • regripper-28000000-4.{fc16,fc17,fc18,fc19,el5,el6}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool. This package is contains version 2.8 of the regripper tool. The plugins are packaged separately. This release contains version 08-26-13 of the auto_rip.pl. See here for more details about this script.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. Here are the changes from the previous version (3.7.1):
    • PySiLK changes
      • Add IPSet.is_ipv6() and IPSet.convert() methods.
      • Fix a bug when saving an IPv6-IPset that contains only IPv4 addresses.
    • IPset bug fixes
      • Fix bugs when computing the union or intersection of an IPv4-IPset and an IPv6-IPset that contains only IPv4 addresses.
    • rwfilter bug fixes
      • Fix a spurious warning when loading an IPset.
      • Fix a memory issue during shutdown when an argument to one of the --*cidr switches (--scidr, --dcidr, etc) is mistyped.
    • rwflowpack, flowcap bug fixes
      • Fix a bug where the daemon failed to read TCP flags contained in a SubTemplateMultiList when reading IPFIX data over the network.
      • Fix a memory leak when receiving IPFIX data containing a SubTemplateList or a SubTemplateMultiList.

  • silk-ipset-{devel,lib,tools}-3.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.