dff-1.1.0-1.{fc12,fc13,fc14,fc15,el6}.{i386,x86_64}.rpm - The Digital Forensics Framework (DFF) is both
a digital investigation tool and a development platform. The framework is used by system administrators, law enforcement examinors, digital forensics researchers
and students, and security professionals world-wide. Written in Python and C++, it exclusively uses Open Source technologies. DFF combines an intuitive user
interface with a modular and cross-platform architecture. is a free and Open Source platform dedicated to digital forensic and eDiscovery sciences. The following
additional packages were change or installed in support of DFF:
aff{lib,lib-devel,tools}-3.6.12-2.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Afflib is the library and tools to manipulate files
using the Advanced Forensic Format. This version includes static versions of the libraries.
libpff-20110413-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Libpff is a library
and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format. PFF is used in PAB (Personal Address Book), PST (Personal
Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided.
libbfio{,devel}-20110625-1.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm - Libbfio is a
library that provides basic file input/output abstraction. Libbfio is used in multiple other libraries like libewf, libmsiecf, libnk2, libolecf and libpff.
It is used to chain I/O to support file-in-file access. Static and dynamic versions of the libraries are provided.
dc3dd-7.1.614.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64} - dc3dd is a patched version of GNU dd that
includes several features useful for computer forensics. New in this version are the following:
Log output may be sent to multiple job logs and hash logs. Simply specify log=LOG and/or hlog=LOG more than once.
Verification of an image restored to a device larger than the image is now supported. Specify phod=DEVICE to hash only
the bytes dc3dd writes to the device. Specify fhod=DEVICE to hash both the bytes dc3dd writes to the device and all
the bytes that follow, up to the end of the device.
CERT-Forensics-Tools-1.0-30.{fc12,fc13,fc14,fc15,el5,el6}.noarch.rpm -
This package was updated to add the
DFF package. Note that DFF is not provided for CentOS/RHEL version 5.