LiFTeR: Changes for October 30, 2020
- python{2,36}-psutil-5.7.3-1.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
- plaso-20201007-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20201007-1.{fc31,fc32,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
- libcreg{,-devel,-python3,-tools}-20200725-2.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libcreg{,-devel,-python2,-tools}-20200725-2.el6.{i686,x86_64}.rpm, libcreg{,-devel,-python36,-tools}-20200725-2.el7.x86_64.rpm, and libcreg{,-devel,-python2,-python3,-tools}-20200725-2.{fc31,fc32,el8}.x86_64.rpm -
Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
Note that in this release, the Python3 version for CentOS/RHEl 7 is correctly named, that is it is named
libcreg-python36
and notlibcreg-python3
. There are no other changes in this release.
- Volatility-2.6.1-5.{fc27,fc28,fc29,fc30,el6}.{i386,x86_64}.rpm and Volatility-2.6.1-5.{fc31,fc32,el7,el8}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to October 27, 2020.
You can read about this version here.
- libfsntfs{,-devel,-python3}-20201027-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20201027-1.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20201027-1.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20201027-1.{fc31,fc32,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
- libmdmp{,-devel,-tools}-20200819-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libmdmp{,-devel,-tools}-20200819-1.{fc31,fc32,el7,el8}.x86_64.rpm -
Libmdmp is a library to access the Windows Minidump (MDMP) format.
Note that this project currently only focuses on the analysis of the format.
- libhibr{,-devel,-tools}-20200820-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libhibr{,-devel,-tools}-20200820-1.{fc31,fc32,el7,el8}.x86_64.rpm -
libhibr is a lbrary and tools to access the Windows Hibernation File (hiberfil.sys) format.
Note that this project currently only focuses on the analysis of the format.
- libmodi{,-devel,-python2,-python3,-tools}-20201019-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libmodi{,-devel,-python2,-tools}-20201019-1.el6.{i686,x86_64}.rpm, and libmodi{,-devel,-python2,-python36,-tools}-20201019-1.el7.x86_64.rpm, libmodi{,-devel,-python2,-python3,-tools}-20201019-1.{fc31,fc32,el8}.x86_64.rpm -
Libmodi is a lbrary and tools to access the Mac OS disk image formats.
Note that this project currently only focuses on the analysis of the format.
- libphdi{,-devel,-python2,-python3,-tools}-20201003-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libphdi{,-devel,-python2,-tools}-20201003-1.el6.{i686,x86_64}.rpm, libphdi{,-devel,-python2,-python36,-tools}-20201003-1.el7.x86_64.rpm, and libphdi{,-devel,-python2,-python36,-tools}-20201003-1.{fc31,fc32,el8}.x86_64.rpm -
Libphdi is a library to access the Parallels Hard Disk image format.
- libagdb{,-devel,-tools}-20201023-1.{fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and libagdb{,-devel,-tools}-20201023-1.{fc31,fc32,el7,el8}.x86_64.rpm -
Libagdb is a library to access the SuperFetch database format.
- libvsmbr{,-devel,-python2,-python3,-tools}-20200818-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvsmbr{,-devel,-python2,-tools}-20200818-1.el6.{i686,x86_64}.rpm, and libvsmbr{,-devel,-python2,-python36,-tools}-20200818-1.el7.x86_64.rpm, and libvsmbr{,-devel,-python2,-python3,-tools}-20200818-1.{fc31,fc32,el8}.x86_64.rpm -
Libvsmbr is a library and tools to access the Master Boot Record (MBR) volume system.
- rifiuti2-0.7.0-5.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and rifiuti2-0.7.0-5.fc31,fc32,el7,el8.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.
This package was updated to avoid a conflict with the rifiuti package.
- fmem-kernel-modules-1.6-1.20.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 33 x86_64 architecture was added.
- lime-kernel-modules-1.1.r17-20.noarch.rpm -
This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 33 x86_64 architecture was added.
- fmem-kernel-modules-fc32-x86_64-1.6-1.23.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.8.16-200 for FC32
- lime-kernel-modules-fc32-x86_64-1.1.r17-23.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.8.16-200 for FC32
- fmem-kernel-modules-fc31-x86_64-1.6-1.39.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.8.16-100 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-39.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.8.16-100 for FC31
- Fedora 33 - The repository now supports Fedora 33
for the x86_64 CPU architecture.
Here is the list of tools provided for Fedora 33: