Linux Forensics Tools Repository: Package Summary for Packages on July 10, 2015:

  • libfixbuf{,-devel}-1.7.0-1.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101). See here for the list of changes.
  • pyfixbuf-0.2.0-2.(fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Pyfixbuf is a Python API for libfixbuf, an implementation of the IPFIX protocol used for building collecting and exporting processes. PyFixBuf can be used to write applications, often called mediators, that collect and export IPFIX. Mediators are useful in modifying, filtering, or adding to the content of the message before forwarding to another IPFIX collection point, or in converting IPFIX to another format (text, database, JSON, etc.). This release was rebuilt to use libfixbuf-1.7.0.
  • super_mediator-1.1.1-1.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF. See here for the changes since the last version (1.1.1).
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.2-3.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. This release was rebuilt to use libfixbuf-1.7.0.
  • silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.10.2‑4.{fc17,fc18,fc19,fc20,fc21,fc22}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.10.2‑4.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
  • yaf{,-devel}-2.7.1-2.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. This release was rebuilt to use libfixbuf-1.7.0.
  • yaf{,-devel}-2.2.1-10.el5.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter. Note that this version of Yaf is only available for CentOS/RHEL 5. This release was rebuilt to use libfixbuf-1.7.0.
  • dino-1.5-2.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.noarch.rpm - Dino, the drop in network observer, is a lightweight front end for network visualization. Project:DINO, short for Drop In Network Observer, uses the open source network monitoring tools SiLK and SNORT to create an easy to use dashboard for situational awareness. It is built on PHP and Open Flash Chart, it is designed to be run on Linux systems and has been tested on Fedora, Redhat and Ubuntu. DINO queries flow records stored by SiLK and creates graphs of things like top talkers, incoming/outgoing traffic/hourly traffic/top ports and snort alerts with the related flows records. This release was rebuilt to use libfixbuf-1.7.0.
  • libevt-{,devel,python,tools}-20150706-1.(fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Libevt contains libraries and tools to access the Windows Event Log (EVT) format files. See here for the list of changes.
  • libolecf{,-devel-,-python,-tools}-20150630-1.(fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed. See here for the list of changes.
  • libregf{,-devel,-python,-tools}-20150704-1.(fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Libregf contains libraries and tools to access the Windows NT Registry File files. See here for the list of changes.
  • CERT-Forensics-Tools-1.0-64.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - This package was updated to add the following packages:
    • Obsoleted snarf for CentOS/RHEL 7