Linux Forensics Tools Repository: Package Summary for Packages on September 19, 2014:

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-11.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.16.2-200 for FC20

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.11.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.16.2-200 for FC20

  • dff-1.3.0.20140123-2.{fc17,fc18,fc19,fc20,el7}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examiners, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. This version is the developer version as of January 23, 2014. The changes were to add missing dependencies, specifically PyQt4-webkit for CentOS/RHEL 7 and python-poppler-qt4 for all supported architectures.
  • python-poppler-qt4-0.16.2-8.el7.x86_64.rpm - Python-poppler-qt4 is a Python interface to the Poppler Qt4 interface library, libpoppler-qt4, which is a library that allows Qt4 programmers to easily load and render PDF files. The Poppler Qt4 interface library uses poppler internally to do its job, but the Qt4 programmer will never have to worry about poppler internals.
  • analysis-pipeline-4.4-1.{fc17,fc18,fc9,fc20,el5,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes in this release.
  • libevtx-{,devel,python,tools}-20140901-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. See here for the list of changes.
  • libfvde{,-devel,-tools}-20140907-1.{fc17,fc18,fc9,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes. The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume. Here are the changes from the last version (20130305):
    • exposed some encryption context plist functions in API
    • updated dependencies
    • updated msvscpp files, not operational yet
    • worked on libcthreads build support

  • liblnk-{,devel,python,tools}-20140905-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. Here are the changes from the last version (20140731):
    • updated libfwsi version check
    • bug fix in Python-bindings
    • worked on property store data block support

  • libregf-{,devel,python,tools}-20140905-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - libregf contains libraries and tools to access the Windows NT Registry File files. Here are the changes from the last version (20140803):
    • updated libfwsi version check
    • bug fix in Python-bindings
    • code clean

  • ssdeep-2.11-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Ssdeep is a program for computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. See here for the list of changes.
  • xplico-1.1.0-2.{fc17,el6}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder. This release was rebuilt to work under CentOS/RHEL 7. All other suported systems were upgraded for release version consistency. Note that RHEL/CentOS 5 is not supported due to a lack of Python Version 3 support.
  • bulk_extractor-1.5.5-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Bulk_extractor bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This version fixes many issues. In addition, it also contains the BEViewer GUI front-end for bulk_extractor. Note that this release of bulk_extractor is not available for CentOS/RHEL 5 due to an outdated version of flex for that OS.