Linux Forensics Tools Repository: Package Summary for Packages on January 9, 2015:

  • lime-kernel-modules-fc19-{i686,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.14.27-100 for FC19

  • fmem-kernel-modules-fc19-{i686,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.14.27-100 for FC19

  • distorm3-3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i386,x86_64}.rpm - Distorm3 is a lightweight, easy-to-use and fast decomposer library. It disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD's SVM and AVX. Distorm3 is used by The Volatility Framework. The changes are listed here.
  • ghostpdl-9.15-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages. Ghostpdl is used by Xplico. This is the eleventh full release in the stable 9.x series, and is primarily a maintenance release. Highlights in this release include:
    • Ghostscript now supports the PDF security handler revision 6.
    • The pdfwrite and ps2write (and related) devices can now be forced to "flatten" glyphs into "basic" marking operations (rather than writing fonts to the output), by giving the -dNoOutputFonts command line option (defaults to "false")
    • PostScript programs can now use get_params or get_param to determine if a page contains color markings by reading the pageneutralcolor state from the device (so whether the page is "color" or "mono"). Note that this is only accurate when in clist mode, so -dMaxBitmap=0 and -dGrayDetection=true should both be used.
    • The pdfwrite device now supports Link annotations with GoTo and GoToR actions
    • The pdfwrite device now supports BMC/BDC/EMC pdfmarks
    • Regarding the new color management for the pdfwrite device introduced in the previous release, the proscription on using the new color management when producing PDF/A-1 compliant files is now lifted. To reiterate, also, with the new color management implementation, using the UseCIEColor option is strongly discouraged. For further information on the new pdfwrite color management, see: Color Conversion and Management
    • Plus the usual round of bug fixes, compatibility changes, and incremental improvements.
    To see all of the changes for all releases of ghostpdl, view ths file file:///usr/share/doc/ghostpdl/History9.htm on a system where ghostpdl is installed.
  • LogAnalysisToolKit-1.7-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.noarch.rpm - LogAnalysisToolkit is a collection of command line and web-based tools for use in incident response and long-term analysis of web server and proxy server log data. LATK can detect beaconing traffic in proxy logs and SQL injection, and XSS attempts in web server logs. Often when responding to a security incident, the only files available are web server and proxy server logs. LATK will aid you in detecting odd traffic, such as botnet beaconing and SQL injection attempts. The data available in these files can be overwhelming, but the tools in LATK can be used to parse these files and build a MySQL database for querying.
  • dino-1.5-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.noarch.rpm - Dino, the drop in network observer, is a lightweight front end for network visualization. Project:DINO, short for Drop In Network Observer, uses the open source network monitoring tools SiLK and SNORT to create an easy to use dashboard for situational awareness. It is built on PHP and Open Flash Chart, it is designed to be run on Linux systems and has been tested on Fedora, Redhat and Ubuntu. DINO queries flow records stored by SiLK and creates graphs of things like top talkers, incoming/outgoing traffic/hourly traffic/top ports and snort alerts with the related flows records.
  • yaf{,-devel}-2.7.0-1.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. Here are the changes from the last version (2.6.0):
    • New Gh0st RAT Application Label
    • New NetBIOS Datagram Service Application Label
    • yafMeta2Pcap can now accept IPFIX input
    • getFlowKeyHash now exports IPFIX
    • Support for indexing PCAPNG files
    • New YAF option --no-output to produce no IPFIX output
    • New YAF options --hash and --stime to search for a single flow with the given hash and start time
    • DNS DPI now exports query section of resource record for all responses with nonzero RCODE
    • Faster searching of pcap-meta files
    • Implement SAME_SIZE flag for TCP flows
    • Minor Bug Fixes

  • snarf{,-devel,-python}-0.2.4-1.{fc17,fc18,fc19,fc20,el6,el7}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system. Applications can use snarf's C and Python APIs to construct and send network alert messages, which can then be routed to multiple destinations in a configurable manner. Here are the changes:
    • Support non-flow ip address fields in alerts.
    • Fix ZeroMQ compatibility problems, now requires ZeroMQ 2.2.x.
    • Fix problem with certain GLib2 version / platform combinations.

  • libbde{,-devel,-python,-tools}-20150106-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume. See here for the list of changes.
  • libbfio{,-devel,-python,-tools}-20150105-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i386,x86_64}.rpm - Libbfio is a library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff. It is used to chain I/O to support file-in-file access. See here for the list of changes.
  • libevt{,-devel,-python,-tools}-20150105-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - libevt contains libraries and tools to access the Windows XML Event Log (EVT) format files. See here for the list of changes.
  • libevtx{,-devel,-python,-tools}-20150105-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files. See here for the list of changes.
  • liblnk{,-devel,-python,-tools}-20150105-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file. See here for the list of changes.
  • libmsiecf{,-devel,-python,-tools}-20150106-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files. See here for the list of changes.
  • libolecf{,-devel-,-python,-tools}-20150106-1.(fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. See here for the list of changes.
  • libqcow{,-devel,-tools,-python}-20150105-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format. See here for the list of changes.
  • libregf{,-devel,-python,-tools}-20150105-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - libregf contains libraries and tools to access the Windows NT Registry File files. See here for the list of changes.
  • libsmdev{,-devel,-python,-tools}-20150105-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libsmdev is a library and tools used to access storage media devices. See here for the list of changes.
  • libsmraw{,-devel,-python,-tools}-20141022-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies. Libsmraw contains supports for multiple (split) RAW naming schemes. See here for the list of changes.
  • libvhdi{,-devel,-python,-tools}-20150105-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status. See here for the list of supported disk formats.
  • libvmdk{,-devel,-python,-tools}-20150105-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format. See here the list of changes.
  • libvshadow{,-devel,-python,-tools}-20150106-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format. The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume. See here for the list of changes.