LiFTeR: Changes for August 11, 2017
- fmem-kernel-modules-fc25-{i686,x86_64}-1.6-1.37.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.11.12-200 for FC25
- lime-kernel-modules-fc25-{i686,x86_64}-1.1.r17-37.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.11.12-200 for FC25
- fmem-kernel-modules-fc24-{i686,x86_64}-1.6-1.47.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.11.12-100 for FC24
- lime-kernel-modules-fc24-{i686,x86_64}-1.1.r17-47.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.11.12-100 for FC24
- yara-python-3.6.3-1.{i386,x86_64}.{el6,el7}.rpm - Yara-python
is a Python extension that gives access to Yara's powerful features from Python scripts.
This version was rebuilt because of an update to yara in CentOS/RHEL 6 and 7.
- artifacts-20170727.-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i386,x86_64}.rpm and artifacts-8209;20170727-1.el7.x86_64.rpm -
Artifacts is a free,
community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
This package was built to support plaso.
- binplist-0.1.5-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Binplist is a binary property list (plist) parser module written in python.
- python-dfdatetime-20170719-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.noarch.rpm -
dfDateTime,
or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
- dfvfs-20170723-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.noarch.rpm - dfVFS,
the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
- libfsntfs{,-devel,-python,-python3,-tools}-20170315-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python,-tools}-20170315-1.el6.{i686,x86_64}.rpm, and libfsntfs{,-devel,-python,-python3,-tools}-20170315-1.el7.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
See here for the list of changes.
- libfwnt{,-devel,-python,-python3}-20170115-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libfwnt{,-devel,-python}-20170115-1.el6.x86_64.rpm, libfwnt{,-devel,-python,-python3}-20170115-1.el7.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
See here for the list of changes.
This package is needed by dfvfs and plaso.
- libpst{,-devel,-devel-doc,-doc,-libs,-python}-0.6.71-1.1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - The libpst
utilities convert Outlook .pst files to other formats.
See here for the list of changes.
- libscca{,-devel,-python,-python3,-tools}-20170205-1.{fc20,fc21,fc22,fc23,fc24}.{i686,x86_64}.rpm, libscca{,-devel,-python,-tools}-20170205-1.el6.x86_64.rpm, and libscca{,-devel,-python,-python3,-tools}-20170205-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
See here for the list of changes.
- libsmraw{,-devel,-python,-python3,-tools}-20170803-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libsmraw{,-devel,-python,-tools}-20170803-1.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python,-python3,-tools}-20170803-1.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
Libsmraw contains supports for multiple (split) RAW naming schemes.
- libvshadow{,-devel,-python,-python3,-tools}-20170715-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm, libvshadow{,-devel,-python,-tools}-20170715-1.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python,-python3,-tools}-20170715-1.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
This version uses the external version of libbfio to support
DFF, the Digital Forensics Framework.
- libwrc{,-devel,-python,-python3,-tools}-20170304-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm and libwrc{,-devel,-python,-tools}-20170304-1.el6.{i686,x86_64}.rpm - Libwrc
is a library and tools to access the Windows Resource Compiler (WRC) format.
- epub-0.5.2-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i386,x86_64}.rpm - Epub is the distribution and interchange format
standard for digital publications and documents based on Web Standards. Epub defines a method for representing, packaging, and encoding structured and semantically enhanced
web content - including XHTML, CSS, SVG, images, and other resources - for distribution in a single-file format.
Epub allows publishers to produce and send a single digital publication file through distribution and offers interoperability between consumers
software / hardware for unencrypted reflowable digital books and other publications.
Epub is a helper application for recoll.
- ghostpdl-9.21-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6}.{i686,x86_64}.rpm and ghostpdl-9.21-1.el7.x86_64.rpm -
Ghostpdl is Artifex Software's implementation of the PCL-5™ and PCL-XL™ family of page description languages.
Ghostpdl is used by Xplico.
- nDPI{,-devel}-2.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - nDPI is a ntop-maintained superset of
the popular OpenDPI library. Released under the GPL license, its goal is to extend the original library by adding new protocols that are otherwise available
only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order to provide you a cross-platform DPI experience.
Furthermore, we have modified nDPI do be more suitable for traffic monitoring applications, by disabling specific features that slow down the DPI engine while
being them un-necessary for network traffic monitoring.
nDPI is used by both ntop and nProbe for adding application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds.
See here for the list of supported protocols.
- xplico-1.2.0-3.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el7}.{i686,x86_64}.rpm - xplico is an Internet traffic decoder.
This version was recompiled for nDPI-2.0 and add python3.6 list of valid Python executables.
- perl-File-Mork-0.4-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.noarch.rpm - perl-File-Mork
is a module to read Mozilla URL history files.
- perl-Mac-PropertyList-1.412-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el7}.noarch.rpm - perl-Mac-PropertyList
is a low-level interface to the Mac OS X Property List (plist) format.
See here for the list of changes
- perl-Alien-wxWidgets-0.67-6.el7.x86_64.rpm - perl-Alien-wxWudgets
can be used to detect and get configuration settings from an installed wxWidgets.
- perl-Wx-0.9928-3.el7.x86_64.rpm - perl-Wx
is a wrapper for the wxWidgets (formerly known as wxWindows) GUI toolkit.
This module comes with extensive documentation in HTML format; you can download it from http://wxperl.sourceforge.net.
- perl-Parse-Win32Registry-1.0-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.noarch.rpm - perl-Parse-Win32Registry
is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API.
It provides an object-oriented interface to the keys and values in a registry file.
Registry files are structured as trees of keys, with each key containing further subkeys or values.
The module is intended to be cross-platform, and run on those platforms where Perl will run.
It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition).
It is intended to be used to parse offline registry files.
If a registry file is currently in use, you will not be able to open it.
However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
- pfring-6.6.0-1377.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
- pfring-dkms-6.6.0-1377.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- python-apsw-3.19.3-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Python-apsw
is a Python wrapper for the SQLite embedded relational database engine.
In contrast to other wrappers such as pysqlite
it focuses on being a minimal layer over SQLite attempting just to translate the complete SQLite API into Python.
The documentation has a section on the differences between APSW and pysqlite.
See here for a list of the changes.
- python-haystack-0.42-1.{fc20,fc21,fc22,fc23.f24,fc25,fc26,el6,el7.}noarch.rpm - Python-Haystack
is an heap analysis framework, focused on searching and reversing of C structure in allcoated memory.
- python-rarfile-3.0-1.{fc20,fc21,fc22,fc213,fc24,fc25,fc26,el6,el7}.{i686,x86_64}.rpm - Python-rarfile is a
Python module for RAR archive reading.
See here for the list of changes since the last release version (2.6);
- regripper-plugins-20170809-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.noarch.rpm - Regripper-plugins
are the plugins packaged separately from the regripper application.
This package is taken from the plugins directory at the Github source code site as of 2017-08-09.
- radare{,-devel}-2.1.6.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and radare{,-devel}-2.1.6.0-1.el7.x86_64.rpm - Radare
is a framework for doing reverse engineering.
- python-radare-2.1.6.0-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26}.{i686,x86_64}.rpm and python-radare-2.1.6.0-1.el7.x86_64.rpm- Python-Radare
are bindings that allow Radare to be used from Python.
- rifiuti2-0.6.1-1.{fc20,fc21,fc22,fc213,fc24,fc25,fc26,el6}.{i686,x86_64}.rpm and rifiuti2-0.6.1-1.el7.x86_64.rpm -
rifiuti2 is a rewrite of rifiuti, a tool for analyzing Windows Recycle Bin INFO2 file.