Linux Forensics Tools Repository: Package Summary for Packages on November 8, 2013:

  • snort-2.9.5.5-1.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-sample-rules-2.9.5.5-1.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
  • sleuthkit{,-devel,-libs}-4.1.2-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. Here are the changes since 4.1.0:
    • Core
      • Fixed more visual studio projects to work on 64-bit
      • Added FILE_SHARE_WRITE to all windows open calls
      • Removed unused methods in CRC code that caused compile errors
      • Added NTFS FNAME times to time2 struct in TSK_FS_META to make them easier to access -- should have done this a long time ago!
      • fls -m and tsk_gettimes output NTFS FNAME times to output for timelines
      • hfind with EnCase hashsets works when DB is specified (and not only index)
      • TskAuto now goes into UNALLOC partitions by default too
      • Added support to automatically find all Cellebrite raw dump files given the name of the first image
      • Added 64-bit windows targets to VisualStudio files
      • Added NTFS sequence to parent address in directory and directory itself
      • Updated SQLite code to use sequence when finding parent object ID
    • Java
      • Added method to Image to perform sanity check on image sizes
      • Java bindings JAR files now have native libraries in them
      • Logical files are added with a transaction
    • fiwalk
      • Fixed compile error on Linux etc

  • analyzeMFT-2.0.11-1.1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - AnalyzeMFT is a tool that fully parses the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.
  • Volatility-2.3-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. See here for a list of changes. This version also includes the plugins from the Malware Analyst's Cookbook to version R134. See here for the list of recent changes.
  • fmem-kernel-objects-1.6-1.24.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. The changes added support for the following kernels:
    • 3.11.6-201 for FC19
    • 3.11.6-200 for FC19
    • 3.11.4-201 for FC19
    • 3.11.3-201 for FC19
    • 3.11.2-200 for FC19
    • 3.11.1-200 for FC19
    • 3.10.11-200 for FC19
    • 3.10.10-200 for FC19
    • 3.10.9-200 for FC19
    • 3.10.7-200 for FC19
    • 3.10.6-200 for FC19
    • 3.10.5-201 for FC19
    • 3.10.4-300 for FC19
    • 3.11.4-101 for FC18
    • 3.10.14-100 for FC18
    • 3.10.13-101 for FC18
    • 3.10.12-100 for FC18
    • 3.10.11-100 for FC18
    • 3.10.10-100 for FC18
    • 3.10.9-100 for FC18
    • 3.10.7-100 for FC18
    • 3.10.6-100 for FC18
    • 3.10.4-100 for FC18
    • 2.6.32-358.23.2 for EL6
    • 2.6.32-358.18.1 for EL6
    • 2.6.18-348.18.1 for EL5
    • 2.6.18-371.1.2 for EL5