Linux Forensics Tools Repository: Package Summary for Packages on October 10, 2014:

  • ddrescue-1.19-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors. Here are the changes for this version:
    • Fixed a race condition at start of run with '--timeout=0'.
    • Added new option '-P, --data-preview'.
    • Added new option '-u, --unidirectional'.
    • Added new option '-X, --exit-on-error'.
    • Added new option '--ask' to ask for user confirmation.
    • Added new option '--cpass' to select passes during copying phase.
    • Added new option '--pause' to insert a pause between passes.
    • Removed option '-l, --logfile-size'.
    • Skip on the first error during the copying phase.
    • rescuebook.cc: Trimming done in one pass, may be run in reverse.
    • The splitting phase has been replaced by a scraping phase.
    • Changed long name of option '-n' to '--no-scrape'.
    • rescuebook.cc: Alternate direction of passes during retrying phase.
    • Show ATA model and serial number with '--ask' or '-vv' on Linux.
    • configure: Added new option '--enable-linux'.
    • New files linux.h linux.cc.
    • License changed to GPL version 2 or later.

  • libsmdev{,-devel,-tools,-python}-20141004-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
  • partclone-0.2.71-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Partclone is a program similar to the well-known backup utility "Partition Image" a.k.a partimage. Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition. The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat. Here are the changes for this version:
    • fix configure.ac and add libblkid-dev check
    • fix xfs
    • merger btrfs to 3.14 and update makefile
    • try to merge btrfs 3.14.1
    • fix restore-to-raw option

  • ptk-1.0.5-5.{fc17,fc18,fc19,fc20,el5,el6,el7}.noarch.rpm - PTK is a computer forensic framework for the command line tools in the SleuthKit plus many more modules. PTK uses MySQL which is assumed to be configured, using the command line tool mysql_secure_installation or equivalent, and operating. It also assumes a web server, for example Apache, has been configured and is operational. Here are the list of changes:
    • For RHEL/CentOS 7, the package now depends on mysql-compat-server. All other versions are unchanged but were rebuilt for revision number compatibility.

  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-5.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This version correctly removes an incorrect Obsoletes: directive from the spec file.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-6.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This version was built to keep in step with the release 5 update noted above.
  • testdisk-6.14-3.1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Testdisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. This release correctly removes an incorrect Obsoletes: directive from the spec file.
  • Volatility-2.4-3.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i386,x86_64}.rpm - The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. See here for a list of changes and features in this major release. This version of Volatility uses the code as available from here as of 2014-10-09.