Linux Forensics Tools Repository: Package Summary for Packages on July 31, 2015:

  • fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.1.3-200 for FC22
    • 4.1.2-200 for FC22
    • 4.0.8-300 for FC22

  • lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.1.3-200 for FC22
    • 4.1.2-200 for FC22
    • 4.0.8-300 for FC22

  • fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.0.8-200 for FC21

  • lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.0.8-200 for FC21

  • plaso-1.3.0-1.{fc17,fc18,fc19,fc20,fc21,fc22}.{i686,x86_64}.rpm, plaso-1.3.0-1.{el6,el7}.x86_64.rpm - Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Go here to read about all of the changes and features in this release.
  • dfvfs-20150730-1.(fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. See here for the list of changes.
  • libfwsi{,-devel,-python}-20150701-1.(fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Libfwsi is a library to access the Windows Shell Item format. See here for the list of changes.
  • python-pefile-1.2.10_139.2.{el6,el7}.x86_64.rpm - Python-pefile is a multi-platform Python module to parse and work with Portable Executable (aka PE) files. Most of the information contained in the PE headers is accessible as well as all sections' details and their data. This version was built for CentOS/RHEL 6 and 7 to support plaso.
  • python-construct-2.5.2-1.fc22.{i686,x86_64}.rpm - Python-construct is a powerful declarative parser (and builder) for binary data. Support was added for Fedora 22.