Linux Forensics Tools Repository: Package Summary for Packages on February 12, 2016:

  • fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.3.5-300 for FC23

  • lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.3.5-300 for FC23

  • fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for Fmem:
    • 2.6.32-573.18.1 for EL6

  • lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for LiME:
    • 2.6.32-573.18.1 for EL6

  • libewf-{,devel,python}-20160209-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm, ewftools-20160209-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files.

    These packages have been installed in the forensics-test repository. To use the, you will need to enable this repository in the /etc/yum.repos.d/cert-forensics-tools.repo file and you must be root to do this.
  • yaf{,-devel}-2.8.1-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering. Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system. See here for the changes since the last released version (2.8.0).
  • libschemaTools{,-devel}-1.2.0-1-{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements. It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source. SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
  • analysis-pipeline-5.3.1-3.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). See here for the changes to the Version 5 release of analysis-pipeline.