Linux Forensics Tools Repository: Package Summary for Packages on December 8, 2016:

  • Fedora 25 - The repository now supports Fedora 25 for both the i686 and x86_64 CPU architectures. Here is the list of tools provided for Fedora 25:
    2hash
    afflib
    aimage
    analysis-pipeline
    analyzeMFT
    artifacts
    ataraw
    autopsy
    bencode
    binplist
    bloom
    bokken
    bulk_extractor
    bulk_extractor-stoplist
    CERT-Forensics-Tools
    cert-forensics-tools-release
    cryptcat
    daq
    dc3dd
    ddrescue
    dd_rescue
    ddrescueview
    ddrutility
    dfdatetime
    dff
    dfvfs
    dfwinreg
    disktype
    distorm3
    DropboxReader
    efilter-1
    eindeutig
    epub
    exfat-utils
    fatback
    fcrackzip
    fmem-kernel-modules
    fmem-kernel-modules-common
    frag_find
    fred
    fundl
    fuse-exfat
    galleta
    ghostpdl
    grokevt
    guymager
    hachoir-core
    hachoir-metadata
    hachoir-parser
    hachoir-regex
    hachoir-subfile
    hachoir-urwid
    hachoir-wx
    ip4r
    jafat
    KHracker
    kracked
    libbde
    libbfio
    libesedb
    libevt
    libevtx
    libewf
    libfixbuf
    libfsntfs
    libfvde
    libfwnt
    libfwsi
    libguytools
    libiconv
    liblnk
    libluksde
    libmsiecf
    libolecf
    libp0f
    libpff
    libpst
    libqcow
    libregf
    libscca
    libschemaTools
    libsigscan
    libsmdev
    libsmraw
    libvhdi
    libvmdk
    libvshadow
    libvslvm
    lime-kernel-modules
    lime-kernel-modules-common
    log2timeline
    md5deep
    mdbtools
    missidentify
    mount_ewf
    nDPI
    netsa-python
    netsa-rayon
    partclone
    pasco
    perl-File-Mork
    perl-Mac-PropertyList
    perl-Parse-Evtx
    perl-Parse-Win32Registry
    plaso
    prism
    pstotext
    ptfinder
    ptk
    ptk
    pyew
    python-apsw
    python-construct
    python-radare
    python-rarfile
    python-registry
    pytsk3
    radare
    rar
    registrydecoder
    reglookup
    regripper
    regripper-plugins
    rifiuti
    rifiuti2
    scrounge-ntfs
    sfdumper
    shellbags
    silk
    silk-ipa
    silk-ipset
    sleuthkit
    snort
    snort-openappid
    snort-sample-rules
    ssdeep
    stegdetect
    super_mediator
    tln_tools
    testdisk
    undbx
    unrar
    untex
    videosnarf
    vinetto
    vmfs-tools
    Volatility
    Volatility-community-plugins
    xlsxwriter
    xmount
    xplico
    yaf
    yara
    yara-python

  • fmem-kernel-modules-1.6-1.9.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem. Support for Fedora 25 x86_64 and i686 architectures was added.
  • lime-kernel-modules-1.1.r17-9.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME. Support for Fedora 25 x86_64 and i686 architectures was added.
  • fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.8.11-300 for FC25

  • lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.8.11-300 for FC25

  • fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.8.11-200 for FC24

  • lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.8.11-200 for FC24

  • fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.8.10-200 for FC24

  • lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.8.10-200 for FC24

  • fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.8.8-200 for FC24
    • 4.8.7-200 for FC24

  • lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.8.8-200 for FC24
    • 4.8.7-200 for FC24

  • fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.8.11-100 for FC23

  • lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.8.11-100 for FC23

  • fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for Fmem:
    • 4.8.10-100 for FC23
    • 4.8.8-100 for FC23

  • lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for LiME:
    • 4.8.10-100 for FC23
    • 4.8.8-100 for FC23

  • libpff-20161119-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided. Libpff is used by DFF,the Digital Forensics Framework. See here for the list of changes.
  • silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.14.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. See here for a list of changes in this version.
  • silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.14.0‑2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and silk‑{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}‑3.14.0‑2.{el6,el7}.x86_64.rpm - This release of the SiLK tools can be found in an optional repository that is now part of cert-forensics-tools-release named forensics‑sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo. This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
  • analysis-pipeline-5.5-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM). This release was built using SiLKSiLK version 3.14.0.
  • silk-ipset{,-devel,-lib,-tools}-3.14.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA). The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses. SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite. Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed. See here for the list of changes in this release.
  • Volatility-community-plugins-20161202-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.noarch.rpm - The Volatility Community Plugins is a collection of Volatility plugins written and maintained by authors in the forensics community. Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun. Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation. These plugins are installed in /usr/share/volatility/plugins/community/.
  • dff-1.3.6-20161201.1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF) is both a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examiners, digital forensics researchers and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user interface with a modular and cross-platform architecture. This version is the developer version as of December 1, 2016.

    To support this version, the following were also installed:
    • Fedora 25 (From RPM Fusion)

      • ffmpeg-3.1.5-1.fc25.i686.rpm
      • ffmpeg-devel-3.1.5-1.fc25.i686.rpm
      • ffmpeg-libs-3.1.5-1.fc25.i686.rpm
      • lame-3.99.5-6.fc25.i686.rpm
      • lame-devel-3.99.5-6.fc25.i686.rpm
      • lame-libs-3.99.5-6.fc25.i686.rpm
      • libavdevice-3.1.5-1.fc25.i686.rpm
      • x264-devel-0.148-13.20160924git86b7198.fc25.i686.rpm
      • x264-libs-0.148-13.20160924git86b7198.fc25.i686.rpm
      • x265-devel-1.9-3.fc25.i686.rpm
      • x265-libs-1.9-3.fc25.i686.rpm
      • xvidcore-1.3.4-2.fc24.i686.rpm
      • xvidcore-devel-1.3.4-2.fc24.i686.rpm

  • xplico-1.1.1-6.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder. Xplico needs various variables set in the /etc/php.ini file. These used to be set in the scripts provided by the package and in the script that starts Xplico. They are now set in the configuration file for the Apache Web Server. Nonetheless, when Xplico is installed, the Apache Web Server must be restarted if it was running and started otherwise.

    Note also that Xplico is not avaible for Fedora 25. This is because of an incompatibility between PHP 7 which is provided with Fedora 25 and the version of CakePHP that was used to build Xplico (1.3.20).
  • CERT-Forensics-Tools-1.0-69.fc25.{i686,x86_64}.rpm - This package was updated as follows:
    • The package Xplico was temporarily removed for Fedora 25. It will be re-added when it supports PHP 7.