Linux Forensics Tools Repository: Package Summary for Packages on January 22, 2014:

  • analysis-pipeline-4.3.2-1.{fc17,fc18,fc9,fc20,el5,el6}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See the release notes for a list of changes.
  • ffmpeg{,-libs,-devel}-2.1.1-1.{fc17,fc18,fc19,fc20}.{i686,x86_64}.rpm - FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec - the leading audio/video codec library. These packages have been made available in are support of dff.
  • dff-1.3.0-4.{fc17,fc18,fc19,fc20}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examiners, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. Note that only Fedora 17, 18, 19, and 20 supported in this release. This release uses ffmpeg version 2.
  • fmem-kernel-objects-1.6-1.25.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. The changes added support for the following kernels:
    • 3.12.6-300 for FC20
    • 3.12.5-302 for FC20
    • 3.11.10-301 for FC20
    • 3.12.6-200 for FC19
    • 3.12.5-200 for FC19
    • 3.11.10-200 for FC19
    • 3.11.9-200 for FC19
    • 3.11.8-200 for FC19
    • 3.11.7-200 for FC19
    • 3.11.10-100 for FC18
    • 3.11.9-100 for FC18
    • 3.11.7-100 for FC18
    • 3.11.4-101 for FC18
    • 2.6.32-431.3.1 for EL6
    • 2.6.32-431.1.2.0.1 for EL6
    • 2.6.32-431 for EL6
    • 2.6.18-371.3.1 for EL5

  • guymager-0.7.3-1.{fc17,fc18,fc19,fc20,el6}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. See here for the list of changes.
  • netsa-rayon-1.4.3-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm and netsa-rayon-pipevis-0.0-3.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Netsa-rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations. Netsa-rayon can be used to automate reporting; provide data visualization in command-line, GUI or web applications; or do ad-hoc exploratory data analysis. Netsa-rayon can generate visualizations in PDF, PNG, SVG and PostScript formats using Pycairo. It can also be used in wxPython GUI applications. Netsa-rayon is compatible with Python versions 2.6 and greater, and requires netsa-python and at least one of Pycairo (for static output) or wxPython,/a> (for GUI output). See here for a list of changes.
  • python-rarfile-2.2-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Python-rarfile is a Python module for RAR archive reading.
  • python-registry-1.0.1-1.{fc17,fc18,fc19,fc20}.{i386,x86_64}.rpm - Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE. The interface is two-fold: a high-level interface suitable for most tasks, and a low level set of parsing objects and methods which may be used for advanced study of the Windows Registry. Python-registry is written in pure Python, making it portable across all major platforms.
  • pytsk-20131230-1.{fc17,fc18,fc19,fc20,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. See here for a list of changes.
  • yaf{,-devel}-2.4.0-3.{fc17,fc18,fc19,fc20,el6}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap dumpfiles as generated by tcpdump, from live capture from an interface using pcap, an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. These packages were rebuilt to remove support for p0f.
  • yara-2.0.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
    • Faster
    • Better multi-thread support
    • Rules can be saved in binary form

  • yara-python-2.0.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. Here are the changes since the last version (1.7.2):
    • Faster
    • Better multi-thread support
    • Rules can be saved in binary form

  • Volatility-2.3.1-2.el5.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. See here for a list of changes. This version also includes the plugins from the Malware Analyst's Cookbook to version R134. This version was rebuilt to use the latest version of yara.
  • xrdp-0.7.0-1.el6.{i386,x86_64}.rpm - XRDP is an open source Remote Desktop Protocol (RDP) server. CentOS/RHEL 6 did not have such a server so this version was added and released through the repository.
  • CERT-Forensics-Tools-1.0-57.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - This package was updated to add the following:

    • analyzeMFT
    • hdparm
    • kracked, for Fedora and CentOS/RHEL 6 only
    • libpff-tools
    • snarf, for Fedora and CentOS/RHEL 6 only
    • super_mediator
    • vmfs-tools