artifacts-20181213-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i386,x86_64}.rpm and artifacts-20181213-1.el7.x86_64.rpm -
Artifacts is a free,
community-sourced, machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
libfsapfs{,-devel,-python,-python3,-tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python,-tools}-20181205-1.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python,-python3,-tools}-20181205-1.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
Note that this project currently only focuses on the analysis of the format.
libfwnt{,-devel,-python,-python3}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,-devel,-python,-python3}-20181215-1.el7.x86_64.rpm, and libfwnt{,-devel,-python,-python3}-20181215-1.el7.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
libfwsi{,-devel,-python,-python3}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,-devel,-python}-20181215-1.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python,-python3}-20181215-1.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
libmsiecf{,-devel,-python,-python3,-tools}-20181215-1.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python,-tools}-20181215-1.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python,-python3,-tools}-20181215-1.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
libsigscan{,-devel,-python,-python3,-tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsigscan{,-devel,-python,-tools}-20181215-1.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python,-python3,-tools}-20181215-1.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
libsmdev{,-devel,-python,-python3,-tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,-devel,-python,-tools}-20181215-1.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python,-python3,-tools}-20181215-1.el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
libsmraw{,-devel,-python,-python3,-tools}-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,-devel,-python,-tools}-20181215-1.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python,-python3,-tools}-20181215-1.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
libwrc{,-devel,-python,-python3,-tools}-20181203-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libwrc{,-devel,-python,-python3,-tools}-20181203-1.el7.x86_64.rpm, and libwrc{,-devel,-python,-tools}-20181203-1.el6.{i686,x86_64}.rpm -
Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
libevtx{,-devel,-python,-python3,-tools}-20181016-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,-devel,-python,-tools}-20181016-1.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python,-python3,-tools}-20181016-1.el7.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
libvslvm{,-devel,-python,-python3,-tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,-devel,-python,-tools}-20181216-1.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python,-python3,-tools}-20181216-1.el7.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
dfvfs-20181215-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm - dfVFS,
the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media types, volume systems and file systems.
This release is testing APFS support in plaso.
libevt{,-devel,-python,-python3,-tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,-devel,-python,-tools}-20181216-1.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python,-python3,-tools}-20181216-1.el7.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
libqcow{,-devel,-python,-python3,-tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,-devel,-python,-tools}-20181216-1.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python,-python3,-tools}-20181216-1.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
libvshadow{,-devel,-python,-python3,-tools}-20181216-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,-devel,-python,-tools}-20181216-1.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python,-python3,-tools}-20181216-1.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
The VSS format is used by Windows, as of Vista, to maintain copies of data on a storage media volume.
This version uses the external version of libbfio to support
DFF, the Digital Forensics Framework.
silk-ipset-{devel,lib,tools}-3.18.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and silk-ipset{-devel,-lib,-tools}-3.18.0-1.el7.x86_64.rpm -
The SiLK IPset distribution is derived from the SiLK tool suite developed by the CERT Network Situational Awareness Team (CERT NetSA).
The SiLK IPset distribution contains a library and a set of command line tools to build and manipulate IPset files, which are binary files containing a set of IP addresses.
SiLK IPset can be used by those wishing to use IPsets but who do not need the entire SiLK tool suite.
Since the SiLK IPset distribution contains a small subset of the tools in the SiLK distribution, there is no need to install SiLK IPset when SiLK is already installed.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.0-1.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.0-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.18.0-2.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
analysis-pipeline-5.9-3.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and analysis-pipeline-5.9-3.el7.x86_64.rpm -
The analysis-pipeline processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
See here for the list of changes.
This package was rebuilt to use silk 3.18.0.
prism-1.2-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6,el7}.{i686,x86_64}.rpm - The prism
trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.18.0.
super_mediator-1.6.0-5.{fc24,fc25,fc26,fc27,fc28,fc29,el6}.{i686,x86_64}.rpm and super_mediator-1.6.0-5.el7.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
This package was rebuilt to use silk 3.18.0.
fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.7.noarch.rpm - Support for the following kernels were added for
Fmem:
4.19.9-300 for FC29
4.19.8-300 for FC29
4.19.7-300 for FC29
lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-7.noarch.rpm - Support for the following kernels were added for
LiME:
4.19.9-300 for FC29
4.19.8-300 for FC29
4.19.7-300 for FC29
fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.26.noarch.rpm - Support for the following kernels were added for
Fmem:
4.19.8-200 for FC28
4.19.7-200 for FC28
lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-26.noarch.rpm - Support for the following kernels were added for
LiME: