BEViewer-1.3.006-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - BEViwer
is a User Interface for browsing features that have been extracted via the bulk_extractor feature extraction tool.
BEViewer supports browsing multiple images and bookmarking and exporting features.
BEViewer also provides a User Interface for launching bulk_extractor scans.
ddrescue-1.16-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Ddrescue
is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
See /usr/share/doc/ddrescue-1.16/ChangeLog after the package has been installed.
dd_rescue-1.28-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Dd_rescue
is a utility similar to the system utility dd which copies data from a file or block device to another. dd_rescue does however
not abort on errors in the input file. This makes it suitable for rescuing data from media with errors, e.g. a disk with bad sectors.
libfixbuf{,-devel}-1.1.2-1.{fc14,fc15,fc16,fc17el5,el6}.{i686,x86_64}.rpm - Libfixbuf
is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
This version contains general bug fixes as well as Netflow V9 bug fixes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-2.4.7-3-3.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm SiLK is the System for Internet-Level Knowledge, a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
The changes are to use libfixbuf-1.1.2-1.
yaf{,-devel}-2.2.2-2.{fc14,fc15,fc16,fc17,el6}.{i386,x86_64}.rpm - Yaf is Yet Another Flowmeter and yaf is a suite of tools to do
flow metering. yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format. It reads packet data from
pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter,
aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX
files) on the local file system.
Note that this release of Yaf is not available for CentOS/RHEL 5 due to an outdated version of PCRE.
The changes are to use libfixbuf-1.1.2-1.
log2timeline-0.64-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Log2timeline is a framework for the automatic creation of a super timeline.
Here are the changes in this version:
[TESTSUITE] Added the first version of a test suite to the tool.
All tests are located inside the t/ directory.
Tests should be constructed for ALL possible uses of the tool, not limited to:
Raw parsing of logs using input modules.
Correct output for output modules.
Correct output from each function inside modules/libraries.
The first TEST suite is raw and not nearly complete, needs loads of stuff to be 'proper' but it is a start.
[LS_QUARANTINE input] A new input module that parses the LSQuarantineEvents SQLite db in Mac OS X.
[Log2Timeline library] Added the possibility to use a dot (.) in the exclusion list.
Changed the exclusion list so it can be easily changed
Added a call to ->end on each input module if verification failed.
Minor bug fixes in the main engine.
Changed wording when an output module is loaded (from "Loading output file" to "Loading output module").
Added support to detect shortcuts in Windows systems.
Added the "path_orig" to all input modules (making it possible to "fix" paths).
[CHROME input] - Slight changes to the output based on the value of the typed_count variable, also updated the path to the code that describes the transition types.
[SKYPE input] Fixed the verification routine a bit, cleaned it up slightly and fixed a small bug that caused the tool not to include SKYPE data when recursive mode was set on.
Also fixed UTF-8 support, should properly display UTF-8 by now.
[PREFETCH input] Small changes to the verification module.
[WinReg] Fixed a small bug in the code that caused the deleted entries lookup sometimes to loop forever.
[SQLITE output] Changed the way the SQLite code is written considerably, pre-compiling statements to prevent them being compiled for each insert, using transactions
instead of writing them constantly to the DB, and other minor tweaks to make the DB output faster than before (since it was increadibly slow before).
[CHROME input] Small bug to fix UTF-8 support.
[FIREFOX3 input] Small bug to fix UTF-8 support.
[PREFETCH input] Fixed a bug, added a seekdir so that prefetch information is contained within the timeline if recursive is turned on.
[RECYCLER input] Fixed a bug, added a seekdir so that recycler information is contained within the timeline if recursive is turned on.
[LIST files] Added few items into the Windows list files, as well as to create a Mac OS X one.
[MFT input] Fixed a bug with Unicode support.
[RECYCLER input] Fixed a small bug (issue 5) with the path not showing the correct path as indicated by -m TEXT
[SOL input] Fixed a small bug (issue 5) with the path not showing the correct path as indicated by -m TEXT
[EVTX input] Changed the dependencies to Parse::Evtx2 instead of Parse::Evtx (same library, changed the namespace).
Issue when Parse::Evtx was installed on SIFT, causing the tool to first load the library from Schuster, and not the slightly changed one
distributed by the tool, causing the module to not work.
md5deep-4.2-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - This package was updated to reflect the new version of md5deep.
Here are the list of new features:
Fixed padding in Tiger hashes for large files
{nmap,ncat,nping,nmap-update,zenmap}-6.01-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Nmap is a free and open source utility for
network exploration or security auditing. See the change log for details.
Nping is a packet generation and response analysis tool.
Ncat is a flexible data transfer, redirection, and debugging tool.
Nmap-update is a tool that gets the latest versions of architecture-independent files, such as scripts and databases, for the installed version of Nmap.
Zenmap is an advanced GUI and results viewer. It replaces nmap-frontend.
See the Changelog for the changes made in this release.
regripper-25000000-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Regripper is a Windows Registry data extraction and correlation tool.
This package is now contains only the version 2.5 of the regripper tool. The plugins are now packaged separately.
regripper-plugins-20120612-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
This version includes version 20120612 of the plugins from here.
The plugins added are the following:
NEW PLUGIN by Jason Hale: typedurlstime.pl that parses and correlates the TypedURLs and TypedURLsTime subkeys
NEW PLUGIN by Jason Hale: typedurlstime_tln.pl that parses and correlates the TypedURLs and TypedURLsTime subkeys (output in TLN format)