Linux Forensics Tools Repository: Package Summary for Packages on February 20, 2015:

  • fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.18.6-200 for FC21 (added in release 7 of this package)
    • 3.18.7-200 for FC21

  • lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.18.6-200 for FC21 (added in release 7 of this package)
    • 3.18.7-200 for FC21

  • fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for Fmem:
    • 3.18.6-100 for FC20 (added in release 26 of this package)
    • 3.18.7-100 for FC20

  • lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for LiME:
    • 3.18.6-100 for FC20 (added in release 26 of this package)
    • 3.18.7-100 for FC20

  • ddrutility-2.7-1.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm - Ddrutility is meant to be a compliment to gnuddrescue. It is a set of utilities to help with hard drive data rescue. It currently contains the following utilities:

    • ddru_findbad
    • ddru_ntfsbitmap
    • ddru_ntfsfindbad
    • ddru_diskutility
    Here are the changes since the last release (2.6):

    • ddru_ntfsfindbad 1.5 released:
      • Fixed possible program crash if partition boot sector error
      • Better partition boot sector error output

    • ddru_ntfsbitmap 1.5 released:
      • Fixed possible program crash if partition boot sector error
      • Better partition boot sector error output

  • dfvfs-20150217-1.(fc17,fc18,fc19,fc20,fc21,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.
  • python-registry-1.1.0-1.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i386,x86_64}.rpm - Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE. The interface is two-fold: a high-level interface suitable for most tasks, and a low level set of parsing objects and methods which may be used for advanced study of the Windows Registry. Python-registry is written in pure Python, making it portable across all major platforms.
  • shellbags-0.5.5-1.{fc17,fc18,fc19,fc20,fc21,el6,el7}.noarch.rpm - Shellbags Microsoft Windows uses a set of registry keys known as "shellbags" to maintain the size, view, icon, and position of a folder when using Explorer. Shellbags persist information for directories even after the directory is removed, which means that they can be used to enumerate past mounted volumes, deleted files, and user actions. See Using shellbag information to reconstruct user activities for an overview of the investigative value of shellbags.