Linux Forensics Tools Repository: Package Summary for Packages on December 13, 2013:

  • libewf-{,devel,tools}-20131210-1.{fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm/{ewftools,libewf,libewf-devel}-20131210-1.fc19.{i686,x86_64}.rpm - Libewf is a library for support of the Expert Witness Compression Format (EWF). It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Note that in Fedora 19, the tools package is named ewftools to reflect the package name found in the Fedora 19 release. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Here are the changes from the previous version (20130416):
    • updated dependencies
    • worked on Python bindings
    • added libcthreads
    • fix in DFXML output for size values
    • worked on ewfmount

  • libfixbuf{,-devel}-1.4.0-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.8.0-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for the list of the changes since the previous version (3.7.2).
  • yaf{,-devel}-2.4.0-2.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm/yaf{,-devel}-2.2.1-5.el5.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. These packages were rebuilt to use libfixbuf version 1.4.0.
  • super_mediator-0.3.0-2.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. This package was rebuilt to use libfixbuf version 1.4.0.
  • python-apsw-3.8.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Python-apsw is a Python wrapper for the SQLite embedded relational database engine. In contrast to other wrappers such as pysqlite it focuses on being a minimal layer over SQLite attempting just to translate the complete SQLite API into Python. The documentation has a section on the differences between APSW and pysqlite. See here for a list of the changes.
  • pytsk-20131124-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. See here for a list of changes.
  • yara-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7):
    • BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
    • BUGFIX: Bug in "n of ()" operator
    • BUGFIX: Bug in get_process_memory could cause infinite loop
    • BUGFIX: Fix SIGABORT in ARM
    • BUGFIX: Failing to detect one-byte strings at the end of a file.
    • BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
    • BUGFIX: Stack overflow while following circular symlinks
    • BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
    • BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases

  • yara-python-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. Here are the changes since the last version (1.7):
    • BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
    • BUGFIX: Bug in "n of ()" operator
    • BUGFIX: Bug in get_process_memory could cause infinite loop
    • BUGFIX: Fix SIGABORT in ARM
    • BUGFIX: Failing to detect one-byte strings at the end of a file.
    • BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
    • BUGFIX: Stack overflow while following circular symlinks
    • BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
    • BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases

  • Volatility-2.3.1-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. See here for a list of changes. This version also includes the plugins from the Malware Analyst's Cookbook to version R134. See here for the list of recent changes.