LiFTeR: Changes for May 8, 2020
- guymager-0.8.12-1.{fc26,fc27,fc28.fc29,fc30}.{i686,x86_64}.rpm and guymager-0.8.12-1.{fc31,el7,el8}.x86_64.rpm -
Guymager is a forensic imaging package.
See here for the list of changes.
- hachoir-3.1.2-1.{fc26,fc27,fc28,fc29,fc30,fc31,el7,el8}.noarch.rpm -
Hachoir is a Python library to view and edit a binary stream field by field.
In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files.
A file is splitted in a tree of fields, where the smallest field is just one bit.
Examples of fields types: integers, strings, bits, padding types, floats, etc.
Hachoir is the French word for a meat grinder (meat mincer), which is used by butchers to divide meat into long tubes;
Hachoir is used by computer butchers to divide binary files into fields.
Notes:
- In this version, these tools are all available:
hachoir-grep
,hachoir-metadata
,hachoir-strip
,hachoir-urwid
, andhachoir-wx
. As such, the previous packages where these tools were packaged separately are obsoleted. - For CentOS/RHEL 8, the
hachoir-wx
program is not available due to a lack of the Python 3 version ofwx
.
- In this version, these tools are all available:
- CERT-Forensics-Tools-1.0-90.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-90.{fc31,el7,el8}.x86_64.rpm -
This relese does the following:
- Added hachoir for Fedora and CentOS/RHEL 7 and 8.
- sleuthkit{,-devel,-libs}-4.9.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.9.0-1.1.{fc31,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- bellsoft-jdk8u252+9-linux-{i586,amd64}.rpm -
Bellsoft Java
was installed for Fedora 26 through 32 and CentOS/RHEL 7 and 8.
Bellsoft Java 8 is the recommended version of Java for Autopsy.
See these instructions for installing Autopsy on Linux.
- autopsy-4.15.0-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-2.{fc31,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
- ghidra-9.1.2-PUBLIC_20200212.2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and ghidra-9.1.2-PUBLIC_20200212.2{fc26,fc31,el7,el8}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvement here.
This release repairs some incorrect file permissions and properly references various other files within the Ghidra hierarchy.
- zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.5-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.5-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.5-0.{fc31,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.5-0.{fc31,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- rifiuti2-0.7.0-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-4.{fc31,el7,el8}.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
This package was updated to avoid a conflict with the rifiuti package.
- libfsntfs{,-devel,-python3}-20200506-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200506-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200506-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200506-1.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- python2-colorama-0.4.1-2.{fc30,fc31,fc32,el8}.noarch.rpm -
Python-Colorama is a Python library that makes ANSI escape character sequences (for producing colored terminal text and cursor positioning) work under MS Windows.
This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
- umit-1.0-17.1.{fc32,el8}.noarch.rpm -
Umit is a front-end for nmap.
This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
- python{2,3}-m2crypto-0.35.2-3.1.{fc32,el8}.x86_64.rpm -
M2Crypto is a Python library that allows you to call OpenSSL functions from Python 2 and 3 scripts.
This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
- python-netaddr-0.7.19-18.1.fc32.x86_64 - python-netaddr is a pure Python network address
representation and manipulation library. Python-netaddr provides a Pythonic way of working with:
This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
- python2-enum34-1.1.6-10.1.fc32.noarch.rpm -
python-enum34 is the Python 3.4 version of enum backported to Python 2, in this case.
This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
- python2-yara-3.11.0-4.{fc30,el6}.{i386,x86_64}.rpm and python2-yara-3.11.0-4.x86_64.{fc31,fc32,el8}.rpm -
Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
This package was built to negate obsoletes in fedora-obsolate-packages for Fedora 32.
For all other releases, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
- pfring-7.6.0-2963.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2963.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2431.{el6,el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-1.6-1.19.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 32 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-19.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 32 x86_64 architecture was added.
- fmem-kernel-modules-fc31-x86_64-1.6-1.22.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.8-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-22.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.8-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.37.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.5.8-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-37.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.5.8-100 for FC30
- Fedora 32 - The repository now supports Fedora 32
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 32: