Linux Forensics Tools Repository: Package Summary for Packages on February 27, 2015:

  • yara-3.3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (2.1.0):
    • Added support for negative integers and floating point numbers
    • Implemented operators , <, =, <= for strings
    • Implemented word boundary anchors (\b, \B) in regular expressions
    • New features in PE module
    • Math module
    • New --print-namespace command line argument
    • Better error handling in low memory conditions
    • BUGFIX: at operator not working with certain strings containing wildcards
    • BUGFIX: precedence of bitwise operators was incorrect
    • BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
    • BUGFIX: handle and memory leaks
    • BUGFIX: multiple segfaults

  • yara-python-3.3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Yara-python is a Python extension that gives access to Yara's powerful features from Python scripts. Here are the changes since the last version (2.1.0):
    • Added support for negative integers and floating point numbers
    • Implemented operators , <, =, <= for strings
    • Implemented word boundary anchors (\b, \B) in regular expressions
    • New features in PE module
    • Math module
    • New --print-namespace command line argument
    • Better error handling in low memory conditions
    • BUGFIX: at operator not working with certain strings containing wildcards
    • BUGFIX: precedence of bitwise operators was incorrect
    • BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
    • BUGFIX: handle and memory leaks
    • BUGFIX: multiple segfaults

  • dfvfs-20150224-1.(fc17,fc18,fc19,fc20,fc21,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.
  • pyfixbuf-0.2.0-1.(fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building collecting and exporting processes. PyFixBuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the content of the message before forwarding to another IPFIX collection point, or in converting IPFIX to another format (text, database, JSON, etc.). See here for a list of changes.
  • python-registry-1.1.0-2.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i386,x86_64}.rpm - Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE. The interface is two-fold: a high-level interface suitable for most tasks, and a low level set of parsing objects and methods which may be used for advanced study of the Windows Registry. Python-registry is written in pure Python, making it portable across all major platforms. This release brings python-registry up to date as of 2015-02-26.