LiFTeR: Changes for February 2, 2022
- bellsoft-java8-full-1.8.0.322+6.x86_64.rpm -
Bellsoft Java
was installed for Fedora 33, 34, and 35, CentOS/RHEL 7 and 8, and Amazon Linux 2.
Bellsoft Java 8 is the recommended version of Java for Autopsy.
See these instructions for installing Autopsy on Linux where this recommendation can be found.
- hachoir-3.1.2-3.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
Hachoir is a Python library to view and edit a binary stream field by field.
In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files.
A file is splitted in a tree of fields, where the smallest field is just one bit.
Examples of fields types: integers, strings, bits, padding types, floats, etc.
Hachoir is the French word for a meat grinder (meat mincer), which is used by butchers to divide meat into long tubes;
Hachoir is used by computer butchers to divide binary files into fields.
The only changes in this version are packaging changes where the virtual environment version (Amazpm Linux 2) and the non-virtual environment version (all others) were homogenized into
a single SPEC file.
- Volatility3-2.0.0-3.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
This release is patched as of 2022-01-26.
- ghidra-10.1.2_PUBLIC_20220125.1.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvements
here.
- zeek{,-btest,-btest-data,-core,ctl,-devel,-libcaf-devel,-zkg}-4.2.0-1.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm, and libbroker-devel-4.2.0-1.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
See here for the changes for all versions of Zeek.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- python3-dtfabric-20220130-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and python36-dtfabric-20220130-1.el7.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
- python3-dfvfs-20220127-1.{fc33,fc34,fc35,el8,amzn2}.noarch.rpm and python36-dfvfs-20220127-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
- libphdi{,-devel,-python3,-tools}-20220110-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and libphdi{,-devel,-python36,-tools}-20220110-1.el7.x86_64.rpm -
Libphdi is a library to access the Parallels Hard Disk image format.
- python3-redis-4.1.2-1.fc33.noarch.rpm and python36-redis-4.1.2-1.el7.noarch.rpm -
Redis is a Python interface to the Redis key-value store.
- python3-dfdatetime-20220131-1.{fc33,fc34,fc35,el8,amzn2}.noarch.rpm and python36-dfdatetime-20220131-1.el7.noarch.rpm -
dfDateTime, or Digital Forensics Date and Time, provides date and time objects to preserve accuracy and precision.
- plaso-20220129-3.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as
log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
This release removes the version restriction on the pyparsing package.
Note: For CentOS/RHEL 7 and 8 and Amazon Linux 2, Plaso now runs in Python Virtual Environment.
- libregf{,-devel,-python3,-tools}-20220131-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rp and libregf{,-devel,-python36,-tools}-20220131-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows Registry File files.
- python3-elasticsearch-7.17.0-1.{fc33,fc34,el8,amzn2}.x86_64.rpm and python36-elasticsearch-7.17.0-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- pfring-8.0.0-7227.{el7,el8,amzn2}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-8.0.0.7227-7227.{el7,el8,amzn2}.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-4.0.0-3527.{el7,el8,amzn2}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- lime-kernel-modules-fc35-x86_64-1.9.1-13.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.15.18-200 for FC35
- 5.15.17-200 for FC35
- fmem-kernel-modules-fc35-x86_64-1.6-1.13.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.15.18-200 for FC35
- 5.15.17-200 for FC35
- fmem-kernel-modules-fc34-x86_64-1.6-1.36.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.15.18-100 for FC34
- lime-kernel-modules-fc34-x86_64-1.9.1-36.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.15.18-100 for FC34