LiFTeR: Changes for February 12, 2016
- fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.3.5-300 for FC23
- lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.3.5-300 for FC23
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.19.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.32-573.18.1 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-19.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.32-573.18.1 for EL6
- libewf{,-devel,-python}-20160209-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm, libewf{,-devel,-python}-20160209-1.el7.x86_64.rpm, ewftools-20160209-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm, and ewftools-20160209-1.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
These packages have been installed in the forensics-test repository. To use the, you will need to enable this repository in the /etc/yum.repos.d/cert-forensics-tools.repo file and you must be root to do this.
- yaf{,-devel}-2.8.1-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and yaf{,-devel}-2.8.1-1.el7.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
See here for the changes since the last released version (2.8.0).
- libschemaTools{,-devel}-1.2.0-1.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and libschemaTools{,-devel}-1.2.0-1.el7.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records. It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
- analysis-pipeline-5.3.1-3.{fc20,fc21,fc22,fc23,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.3.1-3.el7.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
See here for the changes to the Version 5 release of analysis-pipeline.