Linux Forensics Tools Repository: Package Summary for Packages on August 29, 2014:

  • dfvfs-20140824-1.(fc17,fc18,fc19,fc20,el6,el7}.noarch.rpm - Dfvfs, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.
  • sqlite{,-devel,tcl}-3.7.17-4.l6}.x86_64.rpm, sqlite-doc-3.7.17-4.el6.noarch.rpm, and lemon-3.7.17-4.el6.x86_64.rpm - Sqlite, is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. SQLite is the most widely deployed SQL database engine in the world. The source code for SQLite is in the public domain. This version was installed for RHEL/CentOS 6 for the x86_64 archicture to support plaso.
  • CERT-Forensics-Tools-1.0-60.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - This package was updated to add the following packages: libesedb-tools , libqcow-tools , libsmdev-tools , libsmraw-tools , libvmdk-tools , and bokken.
  • libesedb-tools - Libesedb contains tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
  • libqcow-tools - Libqcow contains tools used to access the QEMU Copy-On-Write (QCOW) image format.
  • libsmdev-tools - Libsmdev contains tools used to access storage media devices.
  • libsmraw-tools - Libsmraw contains tools used to read and write (split) RAW storage media bitstream copies.
  • libvmdk-tools - Libvmdk contains tools used to access the VMware Virtual Disk (VMDK) image format.
  • bokken - Bokken is a GUI for the Pyew and Radare projects so it offers almost all the same features that Pyew has and and some of the Radare's ones. It's intended to be a basic disassembler, mainly, to analyze malware and vulnerabilities.
  • pyew-2.0-1.el7.x86_64.rpm - Pyew is a (command line) Python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool.
  • radare-2.0.9.7-1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
  • valabind-0.7.4-2.el7.x86_64.rpm - Valabind is a tool to parse vala or vapi files to transform them into swig interface files, C++, NodeJS-ffi, or GIR. With swig, you can create language bindings for any API written in vala or C with a vapi interface. It can also generate bindings for C++.
  • python-radare-2.0.9.7-1.el7.x86_64.rpm - Python-Radare are bindings that allow Radare to be used from Python.
  • python-tidy-0.2-1.el7.noarch.rpm - Python-tidy pleans up, regularizes, and reformats the text of Python scripts.
  • pygtksourceview - PyGtkSourceView provides Python bindings for the GtkSourceView widget and is built on top of PyGTK.