LiFTeR: Changes for April 7, 2017
- sleuthkit{,-devel,-libs}-4.4.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.3.0) released to this repository.
- pytsk3-20170324-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i386,x86_64}.rpm - Pytsk
is Python bindings for The Sleuth Kit.
- ddrescue-1.22-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Ddrescue
is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
See here for the changes since the last version (1.21) released to this repository.
- ddrutility-2.8-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Ddrutility is meant to be a compliment to
gnuddrescue.
It is a set of utilities to help with hard drive data rescue. It currently contains the following utilities:
- ddru_findbad
- ddru_ntfsbitmap
- ddru_ntfsfindbad
- ddru_diskutility
- ddru_diskutility
- dd_rescue-1.99.5-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Dd_rescue
is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue. does however
not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors.
See here for the changes since the last version (1.99) released to this repository.
- dc3dd-7.2.646-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - dc3dd is a patched version of GNU dd that
includes several features useful for computer forensics.
- guymager-0.8.4-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and guymager-0.8.4-1.el7.x86_64.rpm -
Guymager is a forensic imaging package.
See here for the list of changes.
- dfvfs-20170324-1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.noarch.rpm - dfVFS,
the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
- libbde{,-devel,-python,-python3,-tools}-20170204-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libbde{,-devel,-python,-tools}-20170204-1.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python,-python3,-tools}-20170204-1.el7.x86_64.rpm -
Libbde
is a library and tools to access the BitLocker Drive Encryption (BDE) format.
The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
See here for the list of changes.
- libbfio{,-devel}-20170123-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - Libbfio is a
library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff.
It is used to chain I/O to support file-in-file access.
See here for the list of changes.
- libesedb{,-devel,-python,-python3,-tools}-20170121-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libesedb{,-devel,-python,-tools}-20170121-1.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python,-python3,-tools}-20170121-1.el7.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
See here for the list of changes.
- libevt{,-devel,-python,-python3,-tools}-20170120-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libevt{,-devel,-python,-tools}-20170120-1.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python,-python3,-tools}-20170120-1.el7.x86_64rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
See here for the list of changes.
- libevtx{,-devel,-python,-python3,-tools}-20170122-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libevtx{,-devel,-python,-tools}-20170120-1.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python,-python3,-tools}-20170120-1.el7.x86_64.rpm -
Libevtx contains libraries and tools
to access the Windows XML Event Log (EVTX) format files.
See here for the list of changes.
- libfwsi{,-devel,-python,-python3}-20160110-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libfwsi{,-devel,-python}-20160110-1.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python,-python3}-20160110-1.el7.x86_64.rpm -
Libfwsi is a library to access the
Windows Shell Item format.
See here for the list of changes.
- libiconv{,-devel,-static,-utils}-1.15-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Libiconv
provides an iconv() implementation, for use on systems which don't have one, or whose implementation cannot convert from/to Unicode.
Due to conflicts with other packages, notably glibc, the libiconv packages are installed in /usr/libiconv.
This release makes the library files also available at /usr/liboconv/lib for the x86_64 architecture which makes the package easier to use when building
packages that use libiconv.
- liblnk{,-devel,-python,-python3,-tools}-20170111-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, liblnk{,-devel,-python,-tools}-20170111-1.el6.{i686,x86_64}.rpm, liblnk{,-devel,-python,-python3,-tools}-20170111-1.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the
Windows Shortcut File (LNK) format file.
See here for the list of changes.
- libmsiecf{,-devel,-python,-python3,-tools}-20170116-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python,-tools}-20170116-1.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python,-python3,-tools}-20170116-1.el7.x86_64}.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
See here for the list of changes.
- libolecf{,-devel,-python,-python3,-tools}-20170129-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libolecf{,-devel,-python,-tools}-20170129-1.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python,-python3,-tools}-20170129-1.el7.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
See here for the list of changes.
- libqcow{,-devel,-python,-python3,-tools}-20170222-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libqcow{,-devel,-python,-tools}-20170222-1.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python,-python3,-tools}-20170222-1.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
See here for the list of changes.
- libsigscan{,-devel,-python,-python3,-tools}-20170124-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libsigscan{,-devel,-python,-tools}-20170124-1.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python,-python3,-tools}-20170124-1.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
See here for the list of changes.
- libsmdev{,-devel,-python,-python3,-tools}-20170225-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libsmdev{,-devel,-python,-tools}-20170225-1.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python,-python3,-tools}-20170225-1.el7.86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
See here for the list of changes.
- libvhdi{,-devel,-python,-python3,-tools}-20170223-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libvhdi{,-devel,-python,-tools}-20170223-1.el6.{i686,x86_64}.rpm, and libvhdi{,-devel,-python,-python3,-tools}-20170223-1.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format. Note that this project has an experimental status.
See here for the list of supported disk formats.
- libvmdk{,-devel,-python,-python3,-tools}-20170226-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm, libvmdk{,-devel,-python,-tools}-20170226-1.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python,-python3,-tools}-20170226-1.el7.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
See here the list of changes.
- nDPI{,-devel}-1.8-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of
the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available
only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience.
Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while
being them un-necessary for network traffic monitoring.
nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
See here for the list of supported protocols.
This version brings the code base used to build this package up to 2017-03-28.
- partclone-0.2.90-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Partclone is a program similar to the
well-known backup utility "Partition Image" a.k.a partimage.
Partclone provides utilities to save and restore used blocks on a partition and is designed for higher compatibility of the file system
by using existing libraries, e.g. e2fslibs is used to read and write the ext2 partition.
The supported file systems are: ext2, ext3, ext4, hfs+, btrfs, ntfs, fat(12/16/32), and exfat.
See here for the list of changes in this release.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.15.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.15.0-2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.15.0-2.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
- silk-ipset-{devel,lib,tools}-3.15.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset
distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA).
The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses.
SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite.
Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
See here for the list of changes in this release.
- analysis-pipeline-5.6-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.6-2.el7.x86_64.rpm -
The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
See here for the list of changes for this release.
This package was rebuilt to use silk 3.15.0.
- capstone{,-devel,-python,-python3}-3.0.4-4.{fc20,fc21}.{i686,x86_64}.rpm and capstone-java-3.0.4-4.noarch.rpm - Capstone is a
lightweight multi-platform, multi-architecture disassembly framework.
See here for the list of changes and future features.
- capstone{,-devel,-python,-python3}-3.0.4-4.el7.x86_64.rpm - Capstone is a
lightweight multi-platform, multi-architecture disassembly framework.
See here for the list of changes and future features.
- capstone{,-devel,-python,}-3.0.4-4.el6.{i386,x86_64}.rpm - Capstone is a
lightweight multi-platform, multi-architecture disassembly framework.
See here for the list of changes and future features.
- pyew-2.3.0.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Pyew is a (command line) python tool to analyse malware.
It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an
API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports
OLE2 format, PDF format and more.
It also supports plugins to add more features to the tool.
- radare{,-devel}-2.1.3.0-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and radare{,-devel}-2.1.3.0-1.el7.x86_64.rpm - Radare is a framework for doing reverse engineering.
- python-radare-2.1.3.0-1.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and python-radare-2.1.3.0-1.el7.x86_64.rpm- Python-Radare are
bindings that allow Radare to be used from Python.
- Volatility-2.6-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i386,x86_64}.rpm and Volatility-2.6-1.el7.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.
You can read about this version here
Since the Volatility-community-plugins contain the mimikatz plugin, that plugin is no longer packaged with Volatility.
- Volatility-community-plugins-20170405-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.noarch.rpm - The Volatility Community Plugins
is a collection of Volatility plugins written and maintained by authors in the forensics community.
Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun.
Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation.
These plugins are installed in /usr/share/volatility/plugins/community/.
Note: The following plugins were removed the el6: PhilipHuppert, ThomasChopitea, TranVienHa, YingLi, DaveLasalle, LoïcJaquemet, and artoszInglot.
- python-haystack-0.36-0.noarch.rpm - Python-Haystack is an heap analysis framework, focused on searching and reversing of
C structure in allcoated memory.
- python-pycoin-0.77-0.noarch.rpm - Python-Pycoin is an implementation of several utility routines that may be useful when dealing with
bitcoin and some alt-coins. It has been tested with Python 2.7, 3.3, 3.4 and 3.5.
- python-dpapick-0.3-0.noarch.rpm - Python-Dpapick is a Python toolkit to provide a platform-independant implementation
of Microsoft's cryptography subsytem called DPAPI (Data Protection API).
It can be used either as a library or as a standalone tool.
It is also the first open-source tool that allows decryption of DPAPI structures in an offline way and, moreover, from another plateform than Windows.
It is provided with some application probes that includes the built-in logic to retreive the corresponding secrets that are protected.
For more information go here.
- python-typing-3.6.1.0-0.noarch.rpm - Python-Typing is a backport of the standard library typing module to Python versions older than 3.6.
Typing defines a standard notation for Python function and variable type annotations.
The notation can be used for documenting code in a concise, standard format, and it has been designed to also be used by static and runtime type checkers, static analyzers, IDEs and other tools.
Note: this package was installed only for Fedora 20, 21, and 22.
All other versions of Fedora and CentOS provide this package.
- python-M2Crypto-0.26.0-0.noarch.rpm - Python-M2Crypto is the most complete Python wrapper for OpenSSL
featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HttPS extensions to Python’s httplib, urllib, and xmlrpclib;
unforgeable HMAC’ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HttPS server for Zope and ZSmime: An S/MIME messenger for Zope.
M2Crypto can also be used to provide SSL for Twisted.
Smartcards are supported through the Engine interface.
- python-ioc_writer-0.3.3-0.noarch.rpm - Python-IOC_Writer is a Python library that allows for basic creation and editing of
OpenIOC objects. It supports a basic CRUD (Create, Read, Update, Delete) for various items.
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.10.8-200 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.10.8-200 for FC25
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.21.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.10.6-200 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-21.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.10.6-200 for FC25
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.10.5-200 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.10.5-200 for FC25
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.36.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.10.8-100 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-36.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.10.8-100 for FC24
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.35.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.10.6-100 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-35.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.10.6-100 for FC24
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.9.17-100 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.9.17-100 for FC24