LiFTeR: Changes for January 4, 2019
- pfring-7.4.0-2360.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2360.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.6.0-1458.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- libbde{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm , and libbde{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
- libesedb{,-devel,-python,-python3,-tools}-20181229-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,-devel,-python,-tools}-20181229-1.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python,-python3,-tools}-20181229-1.el7}.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
- libevt{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
- libevtx{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
- libfwnt{,-devel,-python,-python3}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwnt{,-devel,-python}-20181227-1.el6.x86_64.rpm, and libfwnt{,-devel,-python,-python3}-20181227-1.el7.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
- libfwsi{,-devel,-python,-python3}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,-devel,-python}-20181227-1.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python,-python3}-20181227-1.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- liblnk{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
- libmsiecf{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
- libqcow{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
- libscca{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libscca{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libscca{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
- libsmdev{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,-devel,-python,-tools}-20181227-1.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
- libsmraw{,-devel,-python,-python3,-tool2}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
- libvhdi{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libvhdi{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
- libvmdk{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
- libvslvm{,-devel,-python,-python3,-tools}-20181227-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvslvm{,-devel,-python,-tools}-20181227-1.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python,-python3,-tools}-20181227-1.el7.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
- libolecf{,-devel,-python,-python3,-tools}-20181231-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,-devel,-python,-tools}-20181231-1.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python,-python3,-tools}-20181231-1.el7.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
- libregf{,-devel,-python,-python3,-tools}-20181231-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,-devel,-python,-tools}-20181231-1.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python,-python3,-tools}-20181231-1.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
- python{2,3}-urllib3-1.24.1-2.fc26.{i686,x86_64}.rpm - Python-urllib3 is a powerful, sanity-friendly HttP client for Python.
Much of the Python ecosystem already uses urllib3.
urllib3 brings many critical features that are missing from the Python standard libraries:
- Thread safety.
- Connection pooling.
- Client-side SSL/TLS verification.
- File uploads with multipart encoding.
- Helpers for retrying requests and dealing with HttP redirects.
- Support for gzip and deflate encoding.
- Proxy support for HttP and SOCKS.
- 100% test coverage.
- python{2,3}-requests-2.20.0-1.fc26.{i686,x86_64}.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
This package was built to support plaso.
- plaso-20181219-1.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20181219-1.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Please note that for Fedora 24 and 25 and CentOS/RHEL 7, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
- rekall-forensics-1.7.1-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm - Rekall is an advanced forensic and incident response framework.
While it began life purely as a memory forensic framework, it has now evolved into a complete platform.
Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in
peer reviewed papers.
Please note that the installation of all of these ancillary packages neede by rekall use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
Please also note that to install this package, you will first need to remove rekall-1.7.2 which was previously installed in the forensics-test repository. To do this, do the following:
sudo dnf erase rekall; sudo dnf install rekall-forensics
The program to run is now named rekall.py due to conflicts with another package named rekall.
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.8.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.19.13-300 for FC29
- 4.19.12-301 for FC29
- 4.19.10-300 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-8.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.19.13-300 for FC29
- 4.19.12-301 for FC29
- 4.19.10-300 for FC29
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.27.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.19.13-200 for FC28
- 4.19.12-200 for FC28
- 4.19.10-200 for FC28
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-27.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.19.13-200 for FC28
- 4.19.12-200 for FC28
- 4.19.10-200 for FC28