Linux Forensics Tools Repository: Package Summary for Packages on October 24, 2014:

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.15.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.16.6-200 for FC20

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-15.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.16.6-200 for FC20

  • lime-kernel-modules-fc19-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.14.22-100 for FC19

  • fmem-kernel-modules-fc19-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.14.22-100 for FC19

  • ddrutility-2.6-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Ddrutility is meant to be a compliment to gnuddrescue. It is a set of utilities to help with hard drive data rescue. It currently contains the following utilities:

    • ddru_findbad
    • ddru_ntfsbitmap
    • ddru_ntfsfindbad
    • ddru_diskutility
    Here are the changes since the last release (2.5):
    • Changes have been made for compiling compatibility:
      • Some unneeded items removed from configure.ac
      • Added lib check for iconv
    • Some improvements have been made to the documentation:
      • Added examples to the --mftdomain option of ntfs_bitmap
      • Updated info about ddru_findbad being slow

    • Ddru_findbad 1.11 released:
      • No longer relies on bash
      • Fixed a bug dealing with bad ntfscluster results
      • Images are now accessed as read only

    • Ddru_ntfsfindbad 1.4 released:
      • Fixed potential memory bug with name conversions
      • Fixed iconv BOM issue
      • Fixed a bug with mft data run length
      • Fixed issue with current postition in logfile

    • Ddru_ntfsbitmap 1.4 released:
      • Fixed potential memory bug with name conversions
      • Fixed iconv BOM issue

    • Ddru_diskutility 1.3 released:
      • Initial release

  • distorm3-3-2.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework. This version used the code release on September 20, 2012.
  • libsmdev{,-devel,-tools,-python}-20141021-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
  • libsmraw{,-devel,-tools,-python}-20141022-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. See here for the list of changes.
  • libvhdi{,-devel,-python,-tools}-20141021-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
  • libvmdk{,-devel,-tools,-python}-20141021-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. See here the list of changes.
  • libbde{,-devel,-python,-tools}-20141023-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here the list of changes.
  • libvshadow{,-devel,-tools,-python}-20141023-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. See here for the list of changes.
  • daq-2.0.4-1.{fc17,fc18,fc19,fc20,el6,el7}.{i386,x86_64}.rpm - The Data Acquisition Library (Daq) is a library used by snort. Here are the changes since the last version:
    • Changes in 2.0.4 Released on 2014-09-06
      • api/daq_common.h
        • Changed name from 'priv_flow_id' to 'flow_id'.
        • Changed the 'flow_id' field to an uint32_t rather than void * since that's how it is used and will be safer to pass around.
      • m4/sf.m4, sfbpf/Makefile.am
        • Fix DAQ macros to allow users to edit libpcap version in cache file.
        • Also fixed a parallel build error for individual make targets in spfbf.
      • os-daq-modules/daq_netmap.c, README, configure.ac, api/daq_common.h, os-daq-modules/Makefile.am, os-daq-modules/daq_afpacket.c
        • Add new open source netmap DAQ module for Linux/FreeBSD; see the README for more details.
        • Clean up error reporting during AFPacket DAQ module initialization.
    • Changes in 2.0.3 Released on 2014-06-06:
      • api/daq.h, api/daq_api.h, api/daq_base.c, api/daq_mod_ops.c, os-daq-modules/daq_afpacket.c, os-daq-modules/daq_pcap.c, os-daq-modules/daq_static_modules.c, os-daq-modules/daq_static_modules.h, sfbpf/sf_bpf_filter.c, sfbpf/sf_bpf_printer.c, sfbpf/sf_gencode.c, sfbpf/sf_nametoaddr.c, sfbpf/sfbpf-int.h, sfbpf/sfbpf_dlt.h
        • Update copyright.
      • configure.ac
        • Fixed FreeBSD 10 compatibility
      • os-daq-modules/daq_pcap.c
        • Fix compatibility with libpcap 1.5.1 and 1.5.2.

  • snort-2.9.7.0-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. See here for the changes in this version.
  • snort-sample-rules-2.9.7.0-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - These rules are sample rules only and are intended to allow snort to start successfully. These rules only flag HTTP traffic destined for port 80. Please see the snort rules page to acquire a current set of snort rules.