Volatility3-2.1.0-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
This release is patched as of 2022-04-28.
python3-elasticsearch-7.17.3-1.{fc33,fc34,el8,amzn2}.x86_64.rpm and python36-elasticsearch-7.17.3-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
python3-artifacts-20220429-1.{fc33,fc34,fc35,el8,el9,amzn2}.x86_64.rpm, python36-artifacts-20220429-1.el7.x86_64.rpm, and artifacts-data-20220429-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.
libfsapfs{,-devel,-python3,-tools}-20220501-1.{fc33,fc34,fc35,el8,el9,amzn2,el8}.x86_64.rpm and libfsapfs{,-devel,-python36,-tools}-20220501-1.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
plaso-20220428-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as
log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
This release removes the version restriction on the pyparsing package.
Note: For CentOS/RHEL 7, 8, and 9, and Amazon Linux 2, Plaso now runs in Python Virtual Environment.
pfring-8.1.0-7410.{el7,el8,amzn2}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.1.0.7410-7410.{el7,el8,amzn2}.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.3.0-3676.{el7,el8,amzn2}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc35-x86_64-1.9.1-23.noarch.rpm -
Support for the following kernels were added for LiME:
5.17.5-200 for FC35
fmem-kernel-modules-fc35-x86_64-1.6-1.23.noarch.rpm -
Support for the following kernels were added for Fmem:
5.17.5-200 for FC35
fmem-kernel-modules-fc34-x86_64-1.6-1.47.noarch.rpm -
Support for the following kernels were added for Fmem:
5.17.5-100 for FC34
lime-kernel-modules-fc34-x86_64-1.9.1-47.noarch.rpm -
Support for the following kernels were added for LiME: