Linux Forensics Tools Repository: Package Summary for Packages on December 12, 2014:

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.17.4-200 for FC20

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.17.4-200 for FC20

  • lime-kernel-modules-el7-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.10.0-123.13.1 for EL7

  • fmem-kernel-modules-el7-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.10.0-123.13.1 for EL7

  • lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.18-400 for EL5

  • fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.18-400 for EL5

  • lime-kernel-modules-{fc17,fc18,fc19,fc20,el5,el6,el7}-{i686,x86_64}-1.1.r17-*.noarch.rpm - Building errors were discovered the solution to which was to rebuild all lime modules for all supported versions of Fedora and CentOS/RHEL for all supported architectures. Steps were taken to verify future builds for LiME for each OS/Architecture pair.
  • fmem-kernel-modules-{fc17,fc18,fc19,fc20,el5,el6,el7}-{i686,x86_64}-1.1.r17-*.noarch.rpm - No changes were made but the release numbers were changed to remain in sync with the lime-kernel-modules release numbers.
  • libewf{,-devel,-tools,-python}-20141129-1.{fc17,fc18}.{i686,x86_64}.rpm, libewf{-devel,-tools,-python}-20141129-1.{fc19,fc20}.{i686,x86_64}.rpm, ewftools-20141129-1.{fc19,fc20}.{i686,x86_64}.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Note: Beginning with Fedora 19, the tools package is named ewftools to reflect the package name found in those releases of Fedora. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Note: This package is not provided for CentOS/RHEL 5 and 6. Here are the changes from the previously released version (20140608):
    • 20141129
      • code clean up
    • 20141102
      • bug fixes
      • ewf.net added FileEntry::GetType
    • 20141030
      • bug fix in Python-bindings
      • changes for updated dependencies
    • 20141021
      • changes for deployment
    • 20141012
      • bug fixes
    • 20141007
      • updated dependencies and corresponding changes
      • worked on autogen.sh and synclibs.sh scripts
    • 20141002
      • removed README.macosx
      • changes for project site move
    • 20140801
      • bug fix in Python-bindings

    In addition, this version was built to include the Version 1 API. Because of this, the shared object library libewf.so.1 and libewf.so.1.0.4 are no longer provided in this package. If your application requires these shared object libraries, they should be rebuilt to use the shared objects that come with this package, namely libewf.so.2 and libewf.so.2.1.0.
  • aff{lib,lib-devel,tools}-3.7.4-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Afflib is the library and tools to manipulate files using the Advanced Forensic Format.
  • pytsk-20141207-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. See here for a list of changes. In addition, the following changes were also made:
    • The scripts ewf.py, tskfuse.py, and imgfuse.py were also installed in /usr/bin.
    • The runtime dependency fuse-python was also added.

  • libfixbuf{,-devel}-1.6.2-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-9.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This release was rebuilt with libfixbuf version 1.6.2.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.9.0-10.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root. This release was rebuilt with libfixbuf version 1.6.2.
  • super_mediator-0.3.0-7.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. This release was rebuilt to use libfixbuf version 1.6.2.
  • yaf{,-devel}-2.6.0-4.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. This release was rebuilt to use libfixbuf version 1.6.2.
  • yaf{,-devel}-2.2.1-9.el5.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter. Note that this version of Yaf is only available for CentOS/RHEL 5. This release was rebuilt to use libfixbuf version 1.6.2.