Linux Forensics Tools Repository: Package Summary for Packages on December 24, 2014:

  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.0-2.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
  • analysis-pipeline-4.4.1-2.{fc17,fc18,fc9,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This version was rebuilt to use the latest version of SiLK, specifically 3.10.0-1.
  • silk-ipset{,-devel,-lib,-tools}-3.10.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
  • lime-kernel-modules-el7-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.10.0-123.13.2 for EL7

  • fmem-kernel-modules-el7-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.10.0-123.13.2 for EL7

  • lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.32-504.3.3 for EL6

  • fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.32-504.3.3 for EL6

  • lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.18-400.1.1 for EL5

  • fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.18-400.1.1 for EL5

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.17.7-200 for FC20

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.17.7-200 for FC20

  • fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.17.7-300 for FC21

  • lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.17.7-300 for FC21

  • pytsk-20141220-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i386,x86_64}.rpm - Pytsk is Python bindings for The Sleuth Kit. See here for a list of changes.
  • libfwsi{,-devel,-python}-20141116-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libfwsi is a library to access the Windows Shell Item format. See here for the list of changes.
  • dfvfs-20141220-1.(fc17,fc18,fc19,fc20,fc21,el6,el7}.noarch.rpm - Dfvfs, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See hre for the list of changes.
  • pyparsing{,-doc}-2.0.3-1.{fc17,fc18,fc19,fc20,el6,el7}.{i386,x86_64}.rpm, python3-pyparsing-2.0.3-1.{fc17,fc18,fc19,fc20}.{i386,x86_64}.rpm - Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions. The module provides a library of classes that client code uses to construct the grammar directly in Python code. Pyparsing is provided by RedHat for Fedora 21. Pyparsing version 2.0.3 is needed by plaso.
  • plaso-1.2.0-2.{fc17,fc18,fc19,fc20,fc21}.{i686,x86_64}.rpm, plaso-1.2.0-2.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Go here to read about all of the changes and features in this release. In addition, this release is current up to the development version as of December 24, 2014.