LiFTeR: Changes for August 3, 2018
- pfring-7.2.0-2083.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
- pfring-dkms-7.2.0-2083.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically
improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- apfs-fuse-20180731-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i386,x86_64}.rpm and apfs-fuse-20180731-2.el7.x86_64.rpm -
APFS-Fuse is a read-only FUSE driver for the new Apple File System.
Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental.
It may not be able to read all files, it may return wrong data, or it may simply crash.
Use at your own risk.
But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
- libpff{,-devel,-python,-python3,-tools}-20180714-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libpff{,-devel,-python,-python3,-tools}-20180714-1.el7.x86_64.rpm, and libpff{,-devel,-python,-tools}-20180714-1.{i686,x86_64}.rpm - Libpff
is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format.
PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided.
Libpff is used by DFF,the Digital Forensics Framework.
- libvsmbr{,-devel,-python,-python3,-tools}-20180731-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm, libvsmbr{,-devel,-python,-python3,-tools}-20180731-1.el7.x86_64.rpm, and libvsmbr{,-devel,-python,-tools}-20180731-1.el6.{i686,x86_64}.rpm - Libvsmbr
is a library and tools to access the Master Boot Record (MBR) volume system.
- plaso-20180703-1.{fc23,fc24,fc25,fc26,fc27,fc28}.{i686,x86_64}.rpm and plaso-20180703-1.el7.x86_64.rpm -
Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
See the release announcement here.
At this time, this repository, in combination of all supporting repositories, provides all of the necessary packages for Fedora versions 23, 24, 25, 26, 27, and 28 for the i686 and x86_64 architectures and CentOS/RHEL version 7 for the x86_64 architecture for this version of plaso.
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.10.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.17.9-200 for FC28
- 4.17.7-200 for FC28
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-10.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.17.9-200 for FC28
- 4.17.7-200 for FC28
- fmem-kernel-modules-fc27-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.17.9-100 for FC27
- 4.17.7-100 for FC27
- lime-kernel-modules-fc27-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.17.9-100 for FC27
- 4.17.7-100 for FC27