Linux Forensics Tools Repository: Package Summary for Packages on October 3, 2014:

  • bulk_extractor-1.5.5-2.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Bulk_extractor bulk_extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results are stored in feature files that can be easily inspected, parsed, or processed with automated tools. bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important. This version fixes many issues. In addition, it also contains the BEViewer GUI front-end for bulk_extractor. Note that this release of bulk_extractor is not available for CentOS/RHEL 5 due to an outdated version of flex for that OS. The change in this release fixes an issue where python3.2 was explicitly referenced in report_encodings.py.
  • dfvfs-20140928-1.(fc17,fc18,fc19,fc20,el6,el7}.noarch.rpm - Dfvfs, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.
  • xmount-0.7.2-1.{fc17,fc18,fc19,fc20,el7}.{i686,x86_64}.rpm - Xmount is a tool that allows you to convert on-the-fly between multiple input and output harddisk image types. The changes in this version are the following: Note that xmount is not available for CentOS/RHEL 5 and 6. Here are the changes for this version:
    • 0.7.0
      • Changed build system from autoconf / automake to cmake
      • Moved input image support into external libs
      • Added morphing functionality including combine, raid and unallocated
      • Added --offset and --sizelimit command line parameter
      • Massive code cleanup including some small bug fixes
    • 0.7.1
      • Fixed bug with --sizelimit command line option.
    • 0.7.2
      • Fixed bug in FreeResources(). Do not free vdi.p_vdi_block_map as it is part of vdi.p_vdi_header

  • ssdeep-2.11-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Ssdeep is a program for computing context triggered piecewise hashes (CTPH), also called fuzzy hashes. See here for the list of changes.
  • lime-kernel-modules-fc19-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.14.19-100 for FC19

  • fmem-kernel-modules-fc19-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.14.19-100 for FC19

  • lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-5.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.18-398 for EL5

  • fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.5.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.18-398 for EL5

  • libfixbuf{,-devel}-1.6.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-3.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This release was rebuilt with libfixbuf version 1.6.0.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-4.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This release was rebuilt with libfixbuf version 1.6.0.
  • super_mediator-0.3.0-6.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. This release was rebuilt to use libfixbuf version 1.6.0.
  • yaf{,-devel}-2.6.0-2.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. This release was rebuilt to use libfixbuf version 1.6.0.
  • yaf{,-devel}-2.2.1-7.el5.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter. Note that this version of Yaf is only available for CentOS/RHEL 5. This release was rebuilt to use libfixbuf version 1.6.0.
  • fred-0.1.1-1.{fc17,fc18,fc19,fc20}.{i686,x86_64}.rpm and fred-0.1.1-1.{el6,el7}.x86_64.rpm - Fred Forensic Registry EDitor (fred) is a cross-platform Microsoft registry hive editor. This project was born out of the need for a reasonably good registry hive viewer for Linux to conduct forensic analysis. Therefore it includes some functions not found in normal "free" registry editors like a hex viewer with data interpreter and a reporting function that can easily be extended with custom ECMAScript report templates.