LiFTeR: Changes for May 10, 2019
- Fedora 30 - The repository now supports Fedora 30
for the x86_64 and i386 CPU architectures.
Here is the list of tools provided for Fedora 30:
- lime-kernel-modules-1.1.r17-16.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 30 x86_64 and i386 architectures was added.
- fmem-kernel-modules-1.6-1.16.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 30 x86_64 and i386 architectures was added.
- CERT-Forensics-Tools-1.0-84.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-84.el7.x86_64.rpm -
The changes since the last release (1.0-83) are the following:
- The dff package is not installed on Fedora 30.
- The kracked package is not installed on Fedora 30.
- python{2,3}-xlsxwriter-1.1.8-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el7}.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
See here for a list of the changes since the last version (1.1.7).
- libfsapfs{,-devel,-python2,-python3,-tools}-20190510-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190510-1.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python2,-python3,-tools}-20190510-1.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
- sleuthkit{,-devel,-libs}-4.6.6-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.6-1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
See here for the changes since the last version (4.6.5) released to this repository.
- pytsk3-20190507-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and pytsk3-20190507-1.el7.x86_64.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- python{2,3}-dpkt-1.9.2-1.fc26.{i686,x86_64}.rpm -
Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python.
This package was built to support plaso.
- plaso-20190331-2.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190331-2.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release uses Python 3 instead of Python 2.
Please note that for Fedora 24 and 25 and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
- winreg-kb-20190507-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm -
Winreg-kb winreg-kb is a project to build a Windows Registry Knowledge Base.
winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources.
See these scripts that make use of package.
Note that winreg-kb is not available for CentOS/RHEL 6 because of the old version of Python 2.
This version uses Python 3.
- winevt-kb-20190507-1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm -
Winevt-kb is a project to build a Windows Event Log knowledge base.
winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources.
See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them.
This version uses Python 3.
- daq{,-devel,-modules}-2.0.6-7.1.{fc24,fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and daq{,-devel,-modules}-2.0.6-7.1.el7.x86_64.rpm -
The Data Acquisition Library (Daq) is a library used by snort.
- pfring-7.4.0-2504.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2504.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1564.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- guymager-0.8.8-2.{fc24,fc25,fc26,fc27,fc28.fc29,fc30,el6}.{i686,x86_64}.rpm and guymager-0.8.8-2.el7.x86_64.rpm -
Guymager is a forensic imaging package.
See here for the list of changes.
This release contains no new functionality and was rebuilt to include a patch for GCC 8 which is standard on Fedora 28, 29, and 30.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for
Fmem:
- 5.0.13-300 for FC30
- 5.0.11-300 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for
LiME:
- 5.0.13-300 for FC30
- 5.0.11-300 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for
Fmem:
- 5.0.13-200 for FC29
- 5.0.11-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for
LiME:
- 5.0.13-200 for FC29
- 5.0.11-200 for FC29
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for
Fmem:
- 5.0.13-100 for FC28
- 5.0.11-100 for FC28
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for
LiME:
- 5.0.13-100 for FC28
- 5.0.11-100 for FC28