LiFTeR: Changes for July 3, 2012
- ptk-1.0.5-2.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - PTK is a computer forensic framework for the command line
tools in the SleuthKit plus many more modules. PTK uses MySQL which is assumed to be configured, using the
command line tool mysql_secure_installation or equivalent, and operating. It also assumes a web server, for example
Apache, also assumed to be configured and operational. This package has been rebuilt to correct directory
permissions for the installed files.
- libvshadow{,-devel,-tools}-20120511-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
- guymager-0.6.9-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Guymager is a forensic imaging package. Here are the changes
since the last release (0.6.7):
- Releasing all changes of 0.6.8 (switch to new version in order to have test users update their packages correctly)
- AEWF: Considering also 1st chunk base offset when checking if chunk can be added to current sectors section.
- New cfg parameter CheckRootRights
- If source disk can't be opened, give it another try without option NOATIME
- Corrected text output for image hash calculation in info file; Translations updated.
- Error in UtilIsZero removed (leading to wrong image if FifoBlockSizeEwf is set to values above 65536)
- Package no longer recommends gksu, smartmontools and hdparm but depends on them
- No longer exits on write errors on info file or in AEWF module (should already have been done in 0.6.4, but the takeover from trunk wasn't done)
- New cfg parameter EwfCompressionThreshold
- Also include symlinks when searching for libparted
- Changes from Mika (unistd.h)
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-2.5.0-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
The changes are the following:
- rwflowpack change
- Modify the log messages produced by libfixbuf to follow the format of other rwflowpack log messages.
- Modify NetFlow v9 support to require libfixbuf-1.1.0.
- flowcap change
- Modify the log messages produced by libfixbuf to follow the format of other rwflowpack log messages.
- Modify NetFlow v9 support to require libfixbuf-1.1.0.
- Building
- Add new configure switch --enable-asa-zero-packet-hack to work around a bug in the NetFlow9 template used by Cisco ASA routers wherein the template is missing a packetTotalCount field, causing rwflowpack to treat these flows as having 0 packets. When the switch is specified, SiLK sets the packet count to 1 for flow records having a source IP, a byte count, but no packet count. In addition, if SiLK is compiled without IPv6 support, the hack causes rwflowpack to a use fully-expanded file format to store IPv4 flow records collected from netflow-v9 probes. This verison of SiLK has been built with --enable-asa-zero-packet-hack.
- rwflowpack change
- registrydecoder-20120629-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_84}.rpm - Registrydecoder
is tool for the acquisition, analysis, and reporting of registry contents. This is version 1.3 of this tool.
See here for a list of changes.
- CERT-Forensics-Tools-1.0-40.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm -
This package was updated to do the following:
- add libvshadow-tools