libewf{,-devel,-tools}-20131210-1.{fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm/{ewftools,libewf,libewf-devel}-20131210-1.fc19.{i686,x86_64}.rpm -
Libewf is a library for support of the Expert Witness Compression Format (EWF).
It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Note that in Fedora 19, the tools package is named ewftools to reflect the package name found in the Fedora 19 release.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Here are the changes from the previous version (20130416):
updated dependencies
worked on Python bindings
added libcthreads
fix in DFXML output for size values
worked on ewfmount
libfixbuf{,-devel}-1.4.0-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Libfixbuf
is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.8.0-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for the list of the changes since the previous version (3.7.2).
yaf{,-devel}-2.4.0-2.{fc16,fc17,fc18,fc19,el6}.{i686,x86_64}.rpm/yaf{,-devel}-2.2.1-5.el5.{i686,x86_64}.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using pcap(3), an Endace DAG capture device, or a Napatech adapter,
aggregates these packets into flows, and exports flow records via IPFIX over SCTP, TCP or UDP, Spread, or into serialized IPFIX message streams (IPFIX
files) on the local file system.
These packages were rebuilt to use libfixbuf version 1.4.0.
super_mediator-0.3.0-2.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
Super_mediator can be configured to perform de-duplication of DNS resource records as exported by YAF.
This package was rebuilt to use libfixbuf version 1.4.0.
python-apsw-3.8.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Python-apsw
is a Python wrapper for the SQLite embedded relational database engine.
In contrast to other wrappers such as pysqlite
it focuses on being a minimal layer over SQLite attempting just to translate the complete SQLite API into Python.
The documentation has a section on the differences between APSW and pysqlite.
See here for a list of the changes.
pytsk-20131124-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm - Pytsk
is Python bindings for The Sleuth Kit.
See here for a list of changes.
yara-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (1.7):
BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
BUGFIX: Bug in "n of ()" operator
BUGFIX: Bug in get_process_memory could cause infinite loop
BUGFIX: Fix SIGABORT in ARM
BUGFIX: Failing to detect one-byte strings at the end of a file.
BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
BUGFIX: Stack overflow while following circular symlinks
BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases
yara-python-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara-python
is a Python extension that gives access to Yara's powerful features from Python scripts.
Here are the changes since the last version (1.7):
BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
BUGFIX: Bug in "n of ()" operator
BUGFIX: Bug in get_process_memory could cause infinite loop
BUGFIX: Fix SIGABORT in ARM
BUGFIX: Failing to detect one-byte strings at the end of a file.
BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
BUGFIX: Stack overflow while following circular symlinks
BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases
Volatility-2.3.1-1.{fc16,fc17,fc18,fc19,el5,el6}.{i386,x86_64}.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
See here for a list of changes.
This version also includes the plugins from the Malware Analyst's Cookbook to version R134.
See here for the list of recent changes.