LiFTeR: Changes for October 31, 2016
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.13.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.7.9-200 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-13.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.7.9-200 for FC24
- fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.7.9-100 for FC23
- 4.7.8-100 for FC23
- lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.7.9-100 for FC23
- 4.7.8-100 for FC23
- fmem-kernel-modules-el7-x86_64-1.6-1.27.noarch.rpm - Support for the following kernels were added for
Fmem:
- 3.10.0-327.36.3 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-27.noarch.rpm - Support for the following kernels were added for
LiME:
- 3.10.0-327.36.3 for EL7
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.28.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.32-642.11.1 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-28.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.32-642.11.1 for EL6
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.32-642.6.2 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.32-642.6.2 for EL6
- fmem-kernel-modules-el5-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.18-416 for EL5
- lime-kernel-modules-el5-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.18-416 for EL5
- xplico-1.1.1-5.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder.
Xplico needs various variables set in the /etc/php.ini file.
In all releases before this one, these variables were set only when the package was installed, and unset when the package was removed.
This method did not take into account new releases of the package of which /etc/php.ini is a part.
To solve this problem, the script that start xplico - /usr/sbin/xplico - has been changed to set these variables
every time xplico is started and return them to their previous values when xplico is stopped.
This technique makes xplico immune to changes in other packages installed on a system.
- artifacts-20161022-1.{fc20,fc21,fc22,fc23,fc24,el6}.{i386,x86_64}.rpm and artifacts-20161022-1.el7.x86_64.rpm -
Artifacts is a free,
community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
This package was built to support plaso.
- python-dfdatetime-20161017-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.noarch.rpm - dfDateTime,
or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
This package is needed by dfvfs.
- libexe{,-devel,-python,-python3,-tools}-20160418-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libexe{,-devel,-python,-tools}-20160418-2.el6.{i686,x86_64}.rpm, and libexe{,-devel,-python,-python3,-tools}-20160418-1.el7.x86_64.rpm -
Libexe is a library to access the executable (EXE) format.
See here for the list of changes.
- libwrc{,-devel,-python,-python3,-tools}-20160418-1.{fc20,fc21,fc22,fc23,fc24,el7}.{i686,x86_64}.rpm and libwrc{,-devel,-python,-tools}-20160418-2.el6.{i686,x86_64}.rpm - Libwrc
is a library to access the Windows Resource Compiler (WRC) format.
See here for the list of changes.
- pytsk3-20160721-1.{fc20,fc21,fc22,fc23,fc24,el7}.{i386,x86_64}.rpm - Pytsk
is Python bindings for The Sleuth Kit.
Note that this version is now named pytsk3 and it obsoletes pytsk.
- plaso-1.5.1-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, plaso-1.5.0-1.el7.x86_64.rpm - Plaso
is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
See the 1.5.0 release announcement here.
There is no comprehensive list of changes for 1.5.1.
At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 20, 21, 22, 23, and 24 for i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso. Installation as an update and as a new install of have been successfully tested.
- dfvfs-20160918-2.{fc20,fc21,fc22,fc23,fc24,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This version was rebuilt to use the renamed pytsk3.
- dfvfs-20160918-2.{fc20,fc21,fc22,fc23,fc24,el7}.noarch.rpm - dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats. The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types, volume systems and file systems. This version was rebuilt to use the renamed pytsk3.