fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for
Fmem:
4.1.3-200 for FC22
4.1.2-200 for FC22
4.0.8-300 for FC22
lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for
LiME:
4.1.3-200 for FC22
4.1.2-200 for FC22
4.0.8-300 for FC22
fmem-kernel-modules-fc21-{i686,x86_64}-1.6-1.20.noarch.rpm - Support for the following kernels were added for
Fmem:
4.0.8-200 for FC21
lime-kernel-modules-fc21-{i686,x86_64}-1.1.r17-20.noarch.rpm - Support for the following kernels were added for
LiME:
4.0.8-200 for FC21
plaso-1.3.0-1.{fc17,fc18,fc19,fc20,fc21,fc22}.{i686,x86_64}.rpm, plaso-1.3.0-1.{el6,el7}.x86_64.rpm - Plaso
is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Go here to read about all of the changes and features in this release.
dfvfs-20150730-1.{fc17,fc18,fc19,fc20,fc21,fc22,el6,el7}.noarch.rpm - dfVFS,
the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
See here for the list of changes.
libfwsi{,-devel,-python}-20150701-1.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6}.{i686,x86_64}.rpm and libfwsi{,-devel,-python}-20150701-1.el7.x86_64.rpm -
Libfwsi is a library to access the
Windows Shell Item format.
See here for the list of changes.
python-pefile-1.2.10_139.2.{el6,el7}.x86_64.rpm -
Python-pefile is a multi-platform Python module to parse and work with Portable Executable (aka PE) files.
Most of the information contained in the PE headers is accessible as well as all sections' details and their data.
This version was built for CentOS/RHEL 6 and 7 to support plaso.
python-construct-2.5.2-1.fc22.noarch.rpm - Python-construct is a powerful declarative parser (and builder) for binary data.
Support was added for Fedora 22.