Linux Forensics Tools Repository: Package Summary for Packages on September 12, 2014:

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.15.10-201 for FC20

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.15.10-201 for FC20

  • lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.32-431.29.2 for EL6
    • 2.6.32-431.23.3 for EL6

  • fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.32-431.29.2 for EL6
    • 2.6.32-431.23.3 for EL6

  • lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-4.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.18-371.12.1 for EL5

  • fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.4.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.18-371.12.1 for EL5

  • xplico-1.1.0-2.{fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. This release was rebuilt specifically for CentOS/RHEL 7. All other suported systems were upgraded for release version consistency. Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support. Note that Fedora 17 is not supported yet but support is expected soon.
  • python-psycopg2{,-debug,-docs}-2.5.1-2.el7.x86_64.rpm - Python-psycopg2 is a PostgreSQL adapter for the Python programming language. At its core it fully implements the Python DB API 2.0 specifications. Several extensions allow access to many of the features offered by PostgreSQL. This package was installed for CentOS/RHEL 7 to support xplico.
  • yaf{,-devel}-2.6.0-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Here are the changes from the last version (2.5.0):
    • Added a new tool, ipfixDump, to read and dump the contents of IPFIX files. Requires Fixbuf 1.4.0 or later.
    • Add LDAP application label
    • Filedaemon can now move files from one directory to another without passing to a child program
    • SSL/TLS DPI modification to capture SSL record version
    • Update CERT PEN Information Elements to use full information model if Fixbuf 1.4.0 or later is available
    • Fix for Modbus application label to reduce false positives
    • Bug Fix for TOS field when running with --uniflow
    • Bug Fix in RPM spec file
    • Bug Fix for labeling malformed DNS packets
    • Bug Fix for processing out of order packets with --force-read-all
    • Bug Fix for exporting reverse payload
    • Other minor bug fixes

  • jafat-1.1.6-2.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i386,x86_64}.rpm - JAFAT is an assortment of tools to assist in the forensic investigation of computer systems. The changes in this release were to put the doc files in the correct place in the file system.