LiFTeR: Changes for February 5, 2016
- fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.6.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.3.4-300 for FC23
- 4.3.3-303 for FC23
- lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-6.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.3.4-300 for FC23
- 4.3.3-303 for FC23
- fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.22.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.3.4-200 for FC22
- lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-22.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.3.4-200 for FC22
- fmem-kernel-modules-el7-x86_64-1.6-1.18.noarch.rpm - Support for the following kernels were added for
Fmem:
- 3.10.0-327.4.5 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-18.noarch.rpm - Support for the following kernels were added for
LiME:
- 3.10.0-327.4.5 for EL7
- splunk-6.3.2-aaff59bb082c-linux-2.6-x86_64.rpm and splunk-6.3.2-aaff59bb082c.i386.rpm - This version of
Splunk was added to the Splunk repository for Fedora 20 through 23 and Fedora 6 and 7 for the i386 and x86_64 architectures.
Follow these instructions after upgrading
to this version.
Make sure that you following these instruction after upgrading but before rebooting.
If you do not following these instructions your system may hang when it reboots.
- libbde{,-devel,-python,-tools}-20160110-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libbde{,-devel,-python,-tools}-20160110-1.el7}.86_64.rpm -
Libbde is a library and tools to access the BitLocker
Drive Encryption (BDE) format. The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
See here for the list of changes.
- libevt{,-devel,-python,-tools}-20160107-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libevt contains libraries and tools
to access the Windows Event Log (EVT) format files.
See here for the list of changes.
- libevtx{,-devel,-python,-tools}-20160107-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libevtx{,-devel,-python,-tools}-20160107-1.el7.x86_64.rpm -
Libevtx contains libraries and tools
to access the Windows XML Event Log (EVTX) format files.
See here for the list of changes.
- libfwsi{,-devel,-python}-20160110-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libfwsi{,-devel,-python}-20160110-1.el7.x86_64.rpm -
Libfwsi is a library to access the
Windows Shell Item format.
See here for the list of changes.
- liblnk{,-devel,-python,-tools}-20160107-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and liblnk{,-devel,-python,-tools}-20160107-1.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the
Windows Shortcut File (LNK) format file.
See here for the list of changes.
- libmsiecf{,-devel,-python,-tools}-20160107-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm and libmsiecf{,-devel,-python,-tools}-20160107-1.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
See here for the list of changes.
- libolecf{,-devel-,-python,-tools}-20160107-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libolecf
contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
See here for the list of changes.
- libqcow{,-devel,-tools,-python}-20160123-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libqcow{,-devel,-tools,-python}-20160123-1.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
See here for the list of changes.
- libregf{,-devel,-python,-tools}-20160107-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libregf{,-devel,-python,-tools}-20160107-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
See here for the list of changes.
- libsigscan{,-devel,-python,-tools}-20160108-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsigscan{,-devel,-python,-tools}-20160108-1.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
See here for the list of changes.
- libsmdev{,-devel,-python,-tools}-20160109-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsmdev{,-devel,-python,-tools}-20160109-1.el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
See here for the list of changes.
- libsmraw{,-devel,-python,-tools}-20160108-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libsmraw{,-devel,-python,-tools}-20160108-1.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
Libsmraw contains supports for multiple (split) RAW naming schemes.
See here for the list of changes.
- libvhdi{,-devel,-python,-tools}-20160108-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libvhdi{,-devel,-python,-tools}-20160108-1.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
Note that this project has an experimental status.
See here for the list of supported disk formats.
- libvmdk{,-devel,-python,-tools}-20160119-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libvmdk
is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
See here the list of changes.
- libvshadow{,-devel,-python,-tools}-20160110-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libvshadow{,-devel,-python,-tools}-20160110-1.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
- dfwinreg-20160116-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and dfwinreg-20160116-1.{el6,el7}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
- libscca{,-devel,-python,-python3,-tools}-20160108-1.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm and libscca{,-devel,-python,-python3,-tools}-20160108-1.{el6,el7}.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
See here for the list of changes.
- plaso-1.4-2.{fc20,fc21,fc22,fc23}.{i686,x86_64}.rpm, plaso-1.4-2.{el6,el7}.x86_64.rpm - Plaso
is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release adds the missing artifacts and python-requests dependencies.
At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, and 23 for i686 and x86_64 architectures and CentOS/RHEL versions 7 for the x86_64 architecture for this version of plaso.
- libfsntfs{,-devel,-python,-tools}-20160108-1.{fc20,fc21,fc22,fc23,el6,el7}.{i686,x86_64}.rpm - Libfsntfs contains library and tools to access the New Technology File System (NTFS).
See here for the list of changes.