Linux Forensics Tools Repository: Package Summary for Packages on July 22, 2016:

  • fmem-kernel-modules-common-1.6-1.2.noarch.rpm - Fmem is kernel module that creates device /dev/fmem, similar to /dev/mem but without limitations. This package contains the source code for making the FMEM kernel modules and the install-fmem script. Note: this RPM is hard-linked between all of the supported architectures, Fedora 20-24 and CentOS 6 and 7. If you use rsync, make certain that you use the -H option to preserve those hard links.
  • foremost-1.5.7-13.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i386,x86_64}.rpm - Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, EnCase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery. Originally developed by the United States Air Force Office Special Investigation and Center for Information Systems Security Studies and Research, foremost has been opened to the general public. Send any comments, suggestions, patches, or feedback you have on this program to
  • libewf{-devel,-tools,-python}-20160718-20140608.1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm and ewftools-20160718-20140608.1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libewf supports Expert Witness Compression Format (EWF) formatted files. It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format. Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.

    This package is built from the libewf source code dated 20140608 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140608). To install this version, do the following:
    1. Disable the forensics-test repository with this command: sudo yum-config-manager --disable forensics-test
    2. Save the list of installed libewf tools with this command: LIBEWF=`rpm -qa|grep 'ewf.*2014060801'|sed 's/-2014.*//`
    3. Remove this list of installed libewf tools with this command: sudo rpm -ev $LIBEWF --nodeps
    4. Install the new versions of these libewf tools with this command: sudo yum -y install $LIBEWF
    5. Update all packages with this command: sudo yum -y update

  • sleuthkit{,-devel,-libs}-4.2.0-4.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. This release was brought up to current with the version of code in github dated 2016-07-18. Also, the code for srch_strings was reverted to the 4.1.3 version, fixing the double free error.
  • testdisk-7.0-3.1.el6.{i686,x86_64}.rpm - Testdisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). This package also contains photorec which is a file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted. This release was built to use the latest version of libewf that is installed in this repository.
  • fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.6.4-301 for FC24

  • lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.6.4-301 for FC24

  • fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.6.4-201 for FC23

  • lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.6.4-201 for FC23

  • fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.4.14-200 for FC22

  • lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.4.14-200 for FC22