Fedora 16 - The repository now supports Fedora 16
for the i386 and x86_64 CPU architectures.
registrydecoder-20111108-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_84}.rpm - registrydecoder
is tool for the acquisition, analysis, and reporting of registry contents.
regripper-20111118-1.{fc13,fc14,fc15,fc16,el5,el6}.noarch.rpm - regripper is a Windows Registry data extraction and correlation tool.
This version includes version 20111118 of the plugins from here.
log2timeline-0.62-1.{fc13,fc14,fc15,el5,el6}.noarch.rpm - Log2timeline is a framework for the automatic creation of a super timeline.
Here are the changes in this version:
[FF_CACHE input] New input module, designed to parse the cache files of Firefox. Contributed by John Ritchie
[OPENVPN input] New input module, desigend to parse the OpenVPN log files.
[L2T_PROCESS] Added a few more allowed characters in the keyword list
[proftpd_xferlog input] Willi Ballenthin added a new module to parse the ProFTPD XFerlog file
[Log2Timeline library] Fixed a bug, when the 'all' moduiles option is used (or -f is omitted) no modules get loaded
Added a small change to try to parse the MFT directly even though the $MFT might not be directly visible
Fixed a small bug whereas the tool would crash if the local timezone was used.
Fixed a small bug whereas the tool is not able to find the default directory (. does not exist) or if the file in
question does not really exist that the tool is pointing to... that made the tool return a double error instead of
just dying on the first one.
The tool will now accept a separate output timezone so the tool can output in a different timezone than the hosts one.
[log2timeline] Added the -Z ZONE parameter so the tool can output in a different timezone than the host timezone.
[CSV output] Changed the output timezone so it now prints using the -Z definition, so it now supports different output
timezone than the host one.
[EVTX input] Fixed a bug in where the tool could go into a endless loop in the case where you have a EVTX that is
somehow broken and the function get_next_event dies. If the tool runs into such occurance it returned an empty
timestamp object, that in turn let the tool query for it again, thus possibly getting into an endless loop.
Added a counter so the tool tries to get the next event 50 times, otherwise it will die.
[log2timeline-sift] Moved the mount command out of the script and into the configuration file
Changed the mount command, since there were few errors with the previous one
Added an addional check to see if the $MFT file can be directly called (and if so, skip the icat call)
xplico-0.7.1-1.{fc13,fc14,fc15,fc16}.{i386,x86_64}.rpm - xplico is an Internet traffic decoder.
See the Xplico website for the list of changes in this version. Note that RHEL/CentOS is not supported due to a lack of
Python Version 3 support.
guymager-0.6.3-1.{fc13,fc14,fc15,fc16,el5,el6}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. Here are the changes
since the last release (0.5.9):
Better HPA/DCO log output
Bug removed where acquisition hash codes were not shown in info file if verification was aborted.
Additional State Info added
New configuration parameter DirectIO
Setting sectors per chunk correctly for libewf
Removed full path of image file names from .info file, only show the image filename
New thread debugging messages
New EWF module reduces memory footprint significantly.
Posibility to compute MD5 hashes of the individual image files and write them to the .info file.
Better log output always contains acquired device
Bug removed where libewf only did empty block compression (slight API change in libewf20100226)
Compression problem with libewf20100226 fixed
Wrong file size check in acquisition dialog corrected