Volatility3-2.5.0-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and Volatility3-2.5.0-2.el9.{aarch64,x86_64}.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
The full documentation for this version of Volatility can be found here.
This is the official release of version 2.5.0.
vleapp-2.0.0-1.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and vleapp-2.0.0-1.el9.{aarch64,x86_64}.rpm -
vleapp is a Vehicle Logs Events And Protobuf Parser application.
Both the command line version (vleapp) and the GUI version (vleappGUI) are included in this package.
Note that vleapp is not part of the CERT-Forensics-Tools metapackage so it must be installed manually.
ghidra-10.4-PUBLIC_20230928.1.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and ghidra-10.4-PUBLIC_20230928.1.el9.{x86_64,aarch64}.rpm -
Ghidra
is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms
including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
See the list of changes and improvements
here.
Please note that this version preserves the file permissions assigned by the NSA which means that the decompiler provided with Ghidra is now executable and works.
We regret the inconvenience this caused in previous releases.
libcreg{,-devel,-python3,-tools}-20230930-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, libcreg{,-devel,-python3,-tools}-20230930-1.el9.{x86_64,aarch64}.rpm, and libcreg{,-devel,-python36,-tools}-20230930-1.el7.x86_64.rpm -
Libcreg is a library and tools to access the Windows 9x/Me Registry File (CREG) format.
liblnk{,-devel,-python3,-tools}-20230928-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, liblnk{,-devel,-python3,-tools}-20230928-1.el9.{x86_64,aarch64}.rpm, and liblnk{,-devel,-python36,-tools}-20230928-1.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
avml-0.13.0-1.{fc36,fc37,fc38,el9}.x86_64.rpm -
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary.
AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori.
No on-target compilation or fingerprinting is needed.
AVML can produce a memory image suitable for processing with
Volatility 2 or Volatility 3 once the appropriate profiles
CERT-Forensics-Tools-1.0-105.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and CERT-Forensics-Tools-1.0-105.el9.{aarch64,x86_64}.rpm -
The following tools were added:
libguestfs - library for accessing and modifying virtual machine disk images.
libguestfs-tools - the guestfish interactive shell and various virtualization tools
libguestfs-forensics - adds filesystem forensics support to libguestfs (Not CentOS 7, 8, or 9 and Amazon Linux 2)
libguestfs-gfs2 - adds GFS2 support to libguestfs(Not CentOS 9
libguestfs-hfsplus - adds HFS+ support to libguestfs (Not Centos 7, 8, or 9 and Amazon Linux 2)
libguestfs-inspect-icons - pull icons out of non-Linux guests
libguestfs-rescue - adds the virt-rescue shell which is a "rescue disk" for virtual machines, and additional tools to use inside the shell such as ssh,
network utilities, editors and debugging utilities
libguestfs-rsync - adds rsync support to libguestfs
libguestfs-ufs - adds UFS support to libguestfs (Not CentOS 7, 8, or 9 and Amazon Linux 2)
libguestfs-xfs - adds XFS support to libguestfs
libguestfs-zfs - adds ZFS support to libguestfs (Not CentOS 7, 8, or 9 and Amazon Linux 2)
pfring-8.7.0-8538.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.7.0.8538-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.7.0-4403.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-29.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
5.14.0-370 for EL9
fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.29.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures:
5.14.0-370 for EL9
lime-kernel-modules-el7-x86_64-1.9.1-92.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
3.10.0-1160.99.1 for EL7
fmem-kernel-modules-el7-x86_64-1.6-1.92.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem: