snort-2.9.5.5-1.1.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the changes in this version.
snort-sample-rules-2.9.5.5-1.1.{fc16,fc17,fc18,fc19,el6}.noarch.rpm - These rules are sample rules only and are intended to allow
snort to start successfully.
These rules only flag HTTP traffic destined for port 80.
Please see the snort rules page to acquire a current set of snort rules.
sleuthkit{,-devel,-libs}-4.1.2-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - The Sleuth Kit (TSK) is a
library and collection of command line tools that allow you to investigate volume and file system data.
Here are the changes since 4.1.0:
Core
Fixed more visual studio projects to work on 64-bit
Added FILE_SHARE_WRITE to all windows open calls
Removed unused methods in CRC code that caused compile errors
Added NTFS FNAME times to time2 struct in TSK_FS_META to make them easier to access -- should have done this a long time ago!
fls -m and tsk_gettimes output NTFS FNAME times to output for timelines
hfind with EnCase hashsets works when DB is specified (and not only index)
TskAuto now goes into UNALLOC partitions by default too
Added support to automatically find all Cellebrite raw dump files given the name of the first image
Added 64-bit windows targets to VisualStudio files
Added NTFS sequence to parent address in directory and directory itself
Updated SQLite code to use sequence when finding parent object ID
Java
Added method to Image to perform sanity check on image sizes
Java bindings JAR files now have native libraries in them
Logical files are added with a transaction
fiwalk
Fixed compile error on Linux etc
analyzeMFT-2.0.11-1.1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - AnalyzeMFT is a tool that fully parses
the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.
Volatility-2.3-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely
open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes.
This version also includes the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.
fmem-kernel-objects-1.6-1.24.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Fmem is kernel module that creates
device /dev/fmem, similar to /dev/mem but without limitations.
The changes added support for the following kernels: