fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for
Fmem:
4.10.16-200 for FC25
lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for
LiME:
4.10.16-200 for FC25
fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.40.noarch.rpm - Support for the following kernels were added for
Fmem:
4.10.15-100 for FC24
4.10.16-100 for FC24
lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-40.noarch.rpm - Support for the following kernels were added for
LiME:
4.10.15-100 for FC24
4.10.16-100 for FC24
fmem-kernel-modules-el7-x86_64-1.6-1.31.noarch.rpm - Support for the following kernels were added for
Fmem:
3.10.0-514.21.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-31.noarch.rpm - Support for the following kernels were added for
LiME:
3.10.0-514.21.1 for EL7
jansson{,-devel}-2.9-1.el7.x86_64.rpm and jansson-devel-doc-2.9-1.el7.noarch.rpm - Jansson
is a C library for encoding, decoding and manipulating JSON data. It features:
Simple and intuitive API and data model
Comprehensive documentation
No dependencies on other libraries
Full Unicode support (UTF-8)
Extensive test suite
This tool was built to be used by yara-python.
yara{,-doc,-devel}-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Note that the -devel and -doc packages split out the files needed for development and documentation respectively.
yara-python-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara-python
is a Python extension that gives access to Yara's powerful features from Python scripts.
dislocker{,-libs}-0.7.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm and fuse-dislocker-0.7.1-1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm -
Dislocker reads BitLocker encrypted partitions under a Linux system.
The driver has the capability to read/write on:
Windows Vista, 7, 8, 8.1 and 10 encrypted partitions - that's AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser, encrypted partitions;
The core driver is composed of a library, with multiple binaries (see the NOTES section below) using this library.
Two binaries are of interest when wanting to decrypt a BitLocker encrypted partition:
dislocker-fuse: binary using FUSE to dynamically decrypt the BitLocker-ed partition.
You have to give it a mount point where, once keys are decrypted, a file named dislocker-file appears.
This file is a virtual NTFS partition, so you can mount it as any NTFS partition and then read from or write to it.
Note that writing to the NTFS virtual file will change the underlying BitLocker partition's content.
dislocker-file: binary decrypting a BitLocker encrypted partition into a flat file.
This file has to be given through command line and, once dislocker-file is finished, will be an NTFS partition.
It won't have any link to the original BitLocker partition.
Therefore, if you write to this file, the BitLocker volume won't change, only the NTFS file will.
Note that this may take a long time to create that file, depending on the size of the encrypted partition.
But afterward, once the partition is decrypted, the access to the NTFS partition will be faster.
Another thing to think about is the size on your disk this binary needs: the same size as the volume you're trying to decrypt.
Nevertheless, once the partition is decrypted, you can mount your file as any NTFS partition.
CERT-Forensics-Tools-1.0-73.{fc20,fc21,fc22,fc23,fc24,fc25,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-73.el7.x86_64.rpm -
This package was updated as follows:
The dislocker suite was added for all supported systems.