Linux Forensics Tools Repository: Package Summary for Packages on September 26, 2014:

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.16.2-201 for FC20

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.16.2-201 for FC20

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.16.3-200 for FC20

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.16.3-200 for FC20

  • lime-kernel-modules-el7-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.10.0-123.6.3 for EL7
    • 3.10.0-123.8.1 for EL7

  • fmem-kernel-modules-el7-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.10.0-123.6.3 for EL7
    • 3.10.0-123.8.1 for EL7

  • Volatility-2.4-2.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. See here for a list of changes and features in this major release. This version of Volatility uses the code as available from here as of 2014-09-23.
  • plaso-1.1.0-2.{fc17,fc18,fc19,fc20}.{i686,x86_64}.rpm, plaso-1.1.0-2.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. For this release, IPython was added as a dependency.
  • python-ipython{,-console,-doc,-gui,-notebook,-sphinx,-tests)-2.2.0-1.el7.x86_64.rpm - IPython is an enhanced interactive Python shell. This package was only provided for CentOS/RHEL 7 for the x86_64 architecture.
  • python-tornado{,-doc}-3.2.1-3.el7.x86_64.rpm - Python-tornado Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks (and certainly most Python frameworks) because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle thousands of simultaneous standing connections, which means it is ideal for real-time web services.
  • python-path-3.0.1-2.el7.x86_64.rpm - Python-path implements a path objects as first-class entities, allowing common operations on files to be invoked on those path objects directly. See documentation here.
  • matchjax-2.2-4.el7.noarch.rpm, mathjax{-ams,-caligraphic,-fraktur,-main,-math,-sansserif,-script,-size1,-size2,-size3,-size4,-typewriter,-winchrome,-winie6}-fonts-2.2-4.el7.noarch.rpm - Matchjax is an open source JavaScript display engine for mathematics that works in all browsers.
  • fontawesome-fonts{,-web}-4.1.0-1.el7.noarch.rpm - Font Awesome provides scalable vector icons that can instantly be customized — size, color, drop shadow, and anything that can be done with the power of CSS.
  • ttembed-1.1-3.el7.x86_64.rpm - TTembed removes embedding limitations from TrueType fonts by setting the fsType field in the OS/2 table to zero.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-2.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
  • analysis-pipeline-4.4-2.{fc17,fc18,fc9,fc20,el5,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.9.0-1.
  • silk-ipset{,-devel,-lib,-tools}-3.9.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.