silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.0-2.{fc17,fc18,fc19,fc20,fc21,el6,el7}.{i686,x86_64}.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-4.4.1-2.{fc17,fc18,fc9,fc20,fc21,el5,el6}.{i686,x86_64}.rpm and analysis-pipeline-4.4.1-2.el7.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
This version was rebuilt to use the latest version of SiLK, specifically 3.10.0-1.
silk-ipset-{devel,lib,tools}-3.10.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset
distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA).
The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses.
SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite.
Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
See here for the list of changes in this release.
lime-kernel-modules-el7-x86_64-1.1.r17-8.noarch.rpm - Support for the following kernels were added for
LiME:
3.10.0-123.13.2 for EL7
fmem-kernel-modules-el7-x86_64-1.6-1.8.noarch.rpm - Support for the following kernels were added for
Fmem:
3.10.0-123.13.2 for EL7
lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for
LiME:
2.6.32-504.3.3 for EL6
fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for
Fmem:
2.6.32-504.3.3 for EL6
lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for
LiME:
2.6.18-400.1.1 for EL5
fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for
Fmem:
2.6.18-400.1.1 for EL5
fmem-kernel-modules-fc20-{i686,x86_64}-1.6-1.23.noarch.rpm - Support for the following kernels were added for
Fmem:
3.17.7-200 for FC20
lime-kernel-modules-fc20-{i686,x86_64}-1.1.r17-23.noarch.rpm - Support for the following kernels were added for
LiME:
3.17.7-200 for FC20
fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.3.noarch.rpm - Support for the following kernels were added for
Fmem:
3.17.7-300 for FC21
lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-3.noarch.rpm - Support for the following kernels were added for
LiME:
3.17.7-300 for FC21
pytsk-20141220-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i386,x86_64}.rpm - Pytsk
is Python bindings for The Sleuth Kit.
See here for a list of changes.
libfwsi{,-devel,-python}-20141116-1.{fc17,fc18,fc19,fc20,fc21,el5,el6}.{i686,x86_64}.rpm and libfwsi{,-devel,-python}-20141116-1.el7.x86_64.rpm -
Libfwsi is a library to access the
Windows Shell Item format.
See here for the list of changes.
dfvfs-20141220-1.{fc17,fc18,fc19,fc20,fc21,el6,el7}.noarch.rpm - Dfvfs, the Digital Forensics Virtual File System, provides read-only access
to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
See hre for the list of changes.
pyparsing{,-doc}-2.0.3-1.{fc17,fc18,fc19,fc20,el6,el7}.{i386,x86_64}.rpm, python3-pyparsing-2.0.3-1.{fc17,fc18,fc19,fc20}.{i386,x86_64}.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars,
vs. the traditional lex/yacc approach, or the use of regular expressions.
The module provides a library of classes that client code uses to construct the grammar directly in Python code.
Pyparsing is provided by RedHat for Fedora 21.
Pyparsing version 2.0.3 is needed by plaso.
plaso-1.2.0-2.{fc17,fc18,fc19,fc20,fc21}.{i686,x86_64}.rpm, plaso-1.2.0-2.{el6,el7}.x86_64.rpm - Plaso
is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Go here to read about all of the changes and features in this release.
In addition, this release is current up to the development version as of December 24, 2014.