LiFTeR: Changes for December 8, 2016
- Fedora 25 - The repository now supports Fedora 25
for the i686 and x86_64 CPU architectures.
Here is the list of tools provided for Fedora 25:
- fmem-kernel-modules-1.6-1.9.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for Fmem.
Support for the Fedora 25 x86_64 and i686 architectures was added.
- lime-kernel-modules-1.1.r17-9.noarch.rpm - This is a meta-package that requires all of the supporting kernel objects for LiME.
Support for the Fedora 25 x86_64 and i686 architectures was added.
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.2.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.8.11-300 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-2.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.8.11-300 for FC25
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.18.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.8.11-200 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-18.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.8.11-200 for FC24
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.17.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.8.10-200 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-17.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.8.10-200 for FC24
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.16.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.8.8-200 for FC24
- 4.8.7-200 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-16.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.8.8-200 for FC24
- 4.8.7-200 for FC24
- fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.34.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.8.11-100 for FC23
- lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-34.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.8.11-100 for FC23
- fmem-kernel-modules-fc23-{i686,x86_64}-1.6-1.33.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.8.10-100 for FC23
- 4.8.8-100 for FC23
- lime-kernel-modules-fc23-{i686,x86_64}-1.1.r17-33.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.8.10-100 for FC23
- 4.8.8-100 for FC23
- libpff-20161119-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i386,x86_64}.rpm - Libpff is a library
and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format.
PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided.
Libpff is used by DFF,the Digital Forensics Framework.
See here for the list of changes.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.14.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.14.0-2.{fc20,fc21,fc22,fc23,fc24,fc25}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.14.0-2.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
- analysis-pipeline-5.5-2.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.5-2.el7.x86_64.rpm -
The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks,
to get closer to "real-time" reporting of events, and to feed interesting data to a security information and event manager (SIEM).
This release was built using SiLKSiLK version 3.14.0.
- silk-ipset-{devel,lib,tools}-3.14.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - The SiLK IPset
distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA).
The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses.
SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite.
Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
See here for the list of changes in this release.
- Volatility-community-plugins-20161202-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.noarch.rpm - The Volatility Community Plugins
is a collection of Volatility plugins written and maintained by authors in the forensics community.
Many of these are the result of the last 3 years of Volatility plugin contests, but some were just written for fun.
Either way, it's an entire arsenal of plugins that you can easily extend into your existing Volatility installation.
These plugins are installed in /usr/share/volatility/plugins/community/.
- ffmpeg-3.1.5-1.fc25.i686.rpm
- ffmpeg-devel-3.1.5-1.fc25.i686.rpm
- ffmpeg-libs-3.1.5-1.fc25.i686.rpm
- lame-3.99.5-6.fc25.i686.rpm
- lame-devel-3.99.5-6.fc25.i686.rpm
- lame-libs-3.99.5-6.fc25.i686.rpm
- libavdevice-3.1.5-1.fc25.i686.rpm
- x264-devel-0.148-13.20160924git86b7198.fc25.i686.rpm
- x264-libs-0.148-13.20160924git86b7198.fc25.i686.rpm
- x265-devel-1.9-3.fc25.i686.rpm
- x265-libs-1.9-3.fc25.i686.rpm
- xvidcore-1.3.4-2.fc24.i686.rpm
- xvidcore-devel-1.3.4-2.fc24.i686.rpm
- dff-1.3.6-20161201.1.{fc20,fc21,fc22,fc23,fc24,fc25,el7}.{i686,x86_64}.rpm - The Digital Forensics Framework (DFF)
is both a digital investigation tool and a development platform.
The framework is used by system administrators, law enforcement examiners, digital forensics researchers and students, and security professionals world-wide.
Written in Python and C++,
it exclusively uses Open Source technologies.
DFF combines an intuitive user interface with a modular and cross-platform architecture.
This version is the developer version as of December 1, 2016.
- xplico-1.1.1-6.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.x86_64.rpm - xplico is an Internet traffic decoder.
Xplico needs various variables set in the /etc/php.ini file.
These used to be set in the scripts provided by the package and in the script that starts Xplico.
They are now set in the configuration file for the Apache Web Server.
Nonetheless, when Xplico is installed, the Apache Web Server must be restarted if it was running and started otherwise.
Note also that Xplico is not avaible for Fedora 25. This is because of an incompatibility between PHP 7 which is provided with Fedora 25 and the version of CakePHP that was used to build Xplico (1.3.20).
- CERT-Forensics-Tools-1.0-69.fc25.{i686,x86_64}.rpm -
This package was updated as follows:
- The package Xplico was temporarily removed for Fedora 25. It will be re-added when it supports PHP 7.