Linux Forensics Tools Repository: Package Summary for Packages on July 24, 2014:

  • ddrescue-1.18.1-2.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. A patch from the developer was applied that adds the following arguments:
    • --no-reverse-pass: do not switch direction for each pass
    • --skip-on-first-err start skipping on first error
    • --trim-sequentially don't trim small blocks first
    • --split-sequentially don't split large blocks first
    • --no-reverse: This makes the second pass also go in the same direction as the first. This is for those who may ask for the option. But in my benchmark testing I can say there is no real benefit to turning off reverse.
    • --skip-on-first-err: By default, ddrescue doesn't start skipping until 2 errors are encountered in a row. Sometimes the errors are spread out so that skipping does not happen very often if at all. This option will make ddrescue skip on the first error on the first pass forwards, and also on the second pass in reverse. If used with --no-reverse, the second forward pass skips on the second error like normal. Note that if used with the --reverse option then ddrescue will behave as normal and this option will not do anything. This option does best when setting a higher skip size, as when used with the default skip size it does not have a positive effect.
    • --trim-sequentially: Normally ddrescue trims the smallest block first, which can cause unwanted head movement. This option makes it trim in order in one pass in the direction specified. My tests did not show any speed difference, but the small size of the test also did not have excessive head movement to begin with.
    • --split-sequentially: Normally ddrescue splits the largest blocks first (which can cause a lot of unwanted head movement), and then when there are only small blocks of less than 7 sectors in size it will split sequentially. This option makes it split in order in one pass in the direction specified. In my benchmarking tests this helped slightly with overall recovery time, which is likely a result of drive read-ahead. This was even with a small test size, so it is possible that there could be more to gain on a full size recovery. Note that this speed increase would not normally be noticed due to the amount of time errors take to process, and is a very small increase overall. The biggest benefit is the head movement.

  • ddrutility-2.5-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Ddrutility is meant to be a compliment to gnuddrescue. It is a set of utilities to help with hard drive data rescue. It currently contains the following utilities:

    • ddru_findbad
    • ddru_ntfsbitmap
    • ddru_ntfsfindbad

  • fmem-kernel-modules-1.6-1.3.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. This package is not linked between OS and Architectures.
  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.15.6-200
    • 3.15.5-200

  • ip4r-2.0.2-1.{fc17,fc18,fc19,fc20}.{i686,x86_64}.rpm and ip4r-2.0-1.{el6,el7}.x86_64.rpm - IP4R and ip4 are types that contain a single IPv4 address and a range of IPv4 addresses respectively. They can be used as a more flexible, indexable version of the cidr type. This version has been built for PostgreSQL version 9.3.4 for Fedora and CentOS/RHEL 7 and version 9.2 for CentOS/RHEL using the CentOS Software Collections Repository.
  • liblnk-{,devel,python,tools}-20140714-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
  • lime-kernel-modules-1.1.r17-3.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. This package is not linked between OS and Architectures.
  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.15.6-200
    • 3.15.5-200

  • python-rarfile-2.6-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Python-rarfile is a Python module for RAR archive reading.
  • snort-2.9.6.2-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-sample-rules-2.9.6.2-1.1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.
  • yara-2.1.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
    • Improve regexp engine
    • Improve multithreading support
    • Case-insensitive and single-line matching modes for "matches" operator's regexps
    • Added "error_on_warning" argument to "match" in yara-python
    • Recognize x64 PE files
    • BUGFIX: Mutex handle leak
    • BUGFIX: NULL pointer dereferences
    • BUGFIX: Buffer overflow
    • BUGFIX: Crash while using compiled rules with yara64 in Windows
    • BUGFIX: Infinite loop while scanning 64bits process in Windows
    • BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
    • BUGFIX: "x of them" not working with strings containing unbounded jumps

  • yara-python-2.1.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. Here are the changes since the last version (1.7.2):
    • Improve regexp engine
    • Improve multithreading support
    • Case-insensitive and single-line matching modes for "matches" operator's regexps
    • Added "error_on_warning" argument to "match" in yara-python
    • Recognize x64 PE files
    • BUGFIX: Mutex handle leak
    • BUGFIX: NULL pointer dereferences
    • BUGFIX: Buffer overflow
    • BUGFIX: Crash while using compiled rules with yara64 in Windows
    • BUGFIX: Infinite loop while scanning 64bits process in Windows
    • BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
    • BUGFIX: "x of them" not working with strings containing unbounded jumps