libpst{,-devel,-devel-doc,-doc,-libs,-python}-0.6.60-1.1.{fc15,fc16,fc17,fc18, el6}.{i686,x86_64}.rpm - The libpst
utilities convert Outlook .pst files to other formats.
sleuthkit{,-devel,-libs}-4.1.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
Here are the changes since 4.0.2:
Core
Added YAFFS2 support (patch from viaForensics).
Added Ext4 support (patch from kfairbanks)
changed all include paths to be 'tsk' instead of 'tsk3' (IMPORTANT FOR ALL DEVELOPERS!)
Framework
Added Linux and MAC support.
Added L01 support.
Added APIs to find files by name, path and extension.
added a public method to Content to add ability to close() its tsk handle before the object is gc'd
added faster skip() and random seek support to ReadContentInputStream
refactored datamodel by pushing common methods up to AbstractFile
fixed minor memory leaks
improved regression testing framework for java bindings datamodel
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.7.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See the release notes for a list of changes since the previous version, 2.5.0.
analysis-pipeline-4.2-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
See the release notes for a list of changes since the previous version, 3.0.0.
silk-ipset-{devel,lib,tools}-3.7.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The SiLK IPset
distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA).
The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses.
SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite.
Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
super_mediator-0.3.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF.
netsa-python-1.4.3-1.{fc15,fc16,fc17,fc18,el5,el6}.{i386,x86_64}.rpm - Netsa-python is a
library of Python routines and frameworks that the NetSA team at CERT has found helpful when developing analyses using the SiLK toolkit. Of particular note are the
netsa.script NetSA Scripting Framework, which provides a standard framework for writing scripts that process flow data, and the netsa.util.shell command line
processing system, which provides tools for managing extremely complicated collections of shell processes that should fail or succeed together (extremely useful when working with named pipes).
Netsa-python is compatible with Python versions 2.4 and greater.
See here for a list of the changes since the last release which was version 1.3.
netsa-rayon-1.4.1-2.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm and netsa-rayon-pipevis-0.0-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm -
Netsa-rayon is a Python library and set of tools for generating basic two-dimensional statistical visualizations.
Netsa-rayon can be used to automate reporting; provide data visualization in command-line, GUI or web applications; or do ad-hoc exploratory data analysis.
Netsa-rayon can generate visualizations in PDF, PNG, SVG and PostScript formats using Pycairo.
It can also be used in wxPython GUI applications.
Netsa-rayon is compatible with Python versions 2.4 and greater, and requires netsa-python and at least one of
Pycairo (for static output) or wxPython (for GUI output).
See here for a list of changes.
snarf{,-devel,-python}-0.2.1-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Snarf is a distributed alert reporting system.
Applications can use snarf's C and Python APIs to construct and send network alert messages,
which can then be routed to multiple destinations in a configurable manner.
prism-1.2-3.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The prism
trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This is a new release keeping up with the latest SiLK 3 tools.
CERT-Forensics-Tools-1.0-54.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm -
This package was updated to do the following:
Added libbde-tools for all supported architectures
Added libfvde-tools for all supported architectures
Added libvhdi-tools for all supported architectures
Obsoletes rayon and replaces it with netsa-python
pytsk-2012113-3.{fc15,fc16,fc17,fc18,el5,el6}.{i386,x86_64}.rpm - Pytsk is Python bindings for
The Sleuth Kit.
This release has been rebuilt to use version 4.1.0 of The Sleuth Kit.