dff-1.2.0-3.{fc12,fc13,fc14,fc15,el6}.{i386,x86_64}.rpm - The Digital Forensics Framework (DFF) is both
a digital investigation tool and a development platform. This release adds missing support for Expert Witness Format Compression Format (ewf) files.
regripper-20120206-1.{fc13,fc14,fc15,fc16,el5,el6}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool.
This version includes version 20120206 of the plugins from here. This version adds the filesnottosnapshot.pl
(extracts from SYSTEM registry files and folders not backed up in Volume Shadow Copies) and spp_clients.pl (list volumes currently monitored by
the Volume Shadow Copy Service) plugins.
xmount-0.4.7-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Xmount
is a tool that allows you to convert on-the-fly between multiple input and output harddisk image types. This release uses Version 2 of the libewf API.
Volatility-2.0.1-3.{fc12,fc13,fc14,fc15,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. This version updates
the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.
registrydecoder-20120202-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_84}.rpm - Registrydecoder
is tool for the acquisition, analysis, and reporting of registry contents. This is version 1.2 of this tool.
See here for a list of changes.
tcpflow-1.1.0-1.{fc13,fc14,fc15,fc16,el5,el6}.{i386,x86_64}.rpm - Tcpflow is a program
that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored tcpdump
packet flows. The changes are: C++ rewrite, improved performance, and DFXML output.