LiFTeR: Changes for June 14, 2019
- aff{lib,lib-devel,tools}-3.7.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- bokken-1.8-3.el7.x86_64.rpm - Removed: No longer needed.
- capstone{,-python2,-python3}-3.0.4-6.el7.x86_64.rpm - Removed: Provided by EPEL.
- catdoc-0.94.2-6.el7.x86_64.rpm - Removed: Provided by EPEL.
- daemonize-1.7.3-7.el7.x86_64.rpm - Removed: Provided by EPEL.
- dcfldd-1.3.4.1-2.el7.x86_64.rpm - Removed: Provided by EPEL.
- dd_rescue-1.99.8-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- dino-1.5-2.el7.noarch.rpm - Removed: Provided by EPEL.
- dislocker{,-libs}-0.7.1-1.el7.x86_64.rpm and fuse-dislocker-0.7.1-1.el7.86_64.rpm - Removed: Provided by EPEL.
- dummy-1.0-2.el7.x86_64.rpm - Removed: No longer needed.
- efilter-1-1.5-1.el7.x86_64.rpm - Removed: No longer needed.
- fontawesome-fonts-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
- fontawesome-fonts-web-4.1.0-1.el7.noarch.rpm - Removed: No longer needed.
- fred-0.1.1-1.el7.x86_64.rpm - Removed: No longer needed.
- fuse-exfat-1.0.1-1.el7.x86_64.rpm - Removed: No longer needed.
- fuseext2-0.3-1.el7.x86_64.rpm - Removed: No longer needed.
- ghex{,-devel,-libs}-3.18.0-1.el7.x86_64.rpm - Removed: No longer needed.
- hashcat-3.00-1.el7.x86_64.rpm - Removed: No longer needed.
- jansson{,-devel,-devel-doc}-2.9-1.el7.x86_64.rpm - Removed: No longer needed.
- lame{,-devel,-libs,-mp3x}-3.99.5-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- LogAnalysisToolKit-1.7-1.el7.noarch.rpm - Removed: No longer needed.
- luajit{,-devel}-2.0.2-9.el7.x86_64.rpm - Removed: Provided by EPEL.
- mac-robber-1.02-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- mathjax-2.2-4.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
- md5deep-4.4-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- mdbtools{,-devel,-gui,-libs}-0.7-43.13.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- null-package-1.0-4.el7.noarch.rpm - Removed: No longer needed.
- partclone-0.3.6-2.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- perl-Alien-wxWidgets-0.67-6.el7.x86_64.rpm - Removed: No longer needed.
- perl-Carp-Assert-0.20-4.el7.noarch.rpm - Removed: Provided by EPEL.
- perl-Digest-CRC-0.16-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- perl-Digest-Crc32-0.01-1.el7.noarch.rpm - Removed: No longer needed.
- perl-Image-ExifTool-8.50-1.el7.noarch.rpm - Removed: Provided by EPEL.
- perl-Net-Pcap-0.16-2.el7.x86_64.rpm - Removed: Provided by EPEL.
- protobuf-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-compiler-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-lite-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-lite-devel-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-lite-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-python-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-static-2.5.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- protobuf-vim-2.5.0-1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- protobuf-c{,-devel}-0.15-2.1.el7.x86_64.rpm - Removed: Provided by CentOS/RHEL.
- psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
- pyew-2.3.0.0-2.el7.x86_64.rpm - Removed: No longer needed.
- pygtksourceview{,-devel,-doc}-2.8.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- pyparsing{,-doc}-2.4.0-1.el7.noarch.rpm - Removed: Provided by CentOS/RHEL.
- pyPdf-1.12-4.el7.noarch.rpm - Removed: No longer needed.
- python2-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
- python2-efilter-1.5-1.el7.noarch.rpm - Removed: No longer needed.
- python2-elasticsearch5-5.5.5-2.el7.x86_64.rpm - Removed: No longer needed.
- python2-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
- python2-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
- python3-certifi-2019.3.9-2.el7.noarch.rpm - Removed: No longer needed.
- python3-idna-2.5-1.el7.noarch.rpm - Removed: No longer needed.
- python3-psycopg2-2.8.1-1.el7.x86_64.rpm - Removed: No longer needed.
- python3-pyparsing-2.4.0-1.el7.noarch.rpm - Removed: No longer needed.
- python3-scapy-2.4.0-5.el7.noarch.rpm - Removed: No longer needed.
- python3shim-1.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-dpkt-1.8-2.el7.noarch.rpm - Removed: No longer needed.
- python-elasticsearch5-5.5.5-1.el7.x86_64.rpm - Removed: No longer needed.
- python-httplib2-0.7.7-3.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-console-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-doc-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-gui-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-notebook-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-ipython-sphinx-2.2.0-1.el7.noarch.rpm - Removed: No longer needed
- python-ipython-tests-2.2.0-1.el7.noarch.rpm - Removed: No longer needed.
- python-M2Crypto-0.26.0-0.x86_64.rpm - Removed: No longer needed.
- python-path-3.0.1-2.el7.noarch.rpm - Removed: No longer needed.
- python-prettytable-0.7.2-4.el7.noarch.rpm - Removed: No longer needed.
- python-psycopg2{,-doc}-2.5.1-3.el7.x86_64.rpm - Removed: No longer needed.
- python-radare-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
- python-radare2-2.9.0-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- python-tidy-0.2-1.1.el7.noarch.rpm - Removed: No longer needed.
- python-tornado{,-doc}-3.2.1-3.el7.x86_64.rpm - Removed: No longer needed.
- pytsk-20150406-4.el7.x86_64.rpm - Removed: Removed - replaced by pytsk3.
- radare{,-devel,-extras}-2.1.6.0-1.el7.x86_64.rpm - Removed: No longer needed.
- radare2{,-common,-devel}-2.9.0-1.el7.x86_64.rpm - Removed: No longer needed.
- scalpel-2.0-2.el7.x86_64.rpm - Removed: Provided by EPEL.
- socat-1.7.3.2-1.1.el7.x86_64.rpm - Removed: Provided by EPEL.
- ssdeep-2.14.1-1.el7.x86_64.rpm - Removed: Provided by EPEL.
- tcpflow-1.4.4-12.el7.x86_64.rpm - Removed: Provided by EPEL.
- tcpxtract-1.0.1-10.el7.2.x86_64.rpm - Removed: Provided by EPEL.
- ttembed-1.1-3.el7.x86_64.rpm - Removed: Provided by EPEL.
- testdisk-6.14-3.3.el7.x86_64.rpm - Removed: Provided by EPEL.
- umview-0.8.2-1.1.el7.x86_64.rpm - Removed: No longer needed.
- valabind-0.10.0-4.el7.x86_64.rpm - Removed: No longer needed.
- xapian-core{,-devel,-libs}-1.2.7-2.el7.x86_64.rpm - Removed: No longer needed.
- xmount-0.7.6-3.el7.x86_64.rpm - Removed: Provided by EPEL.
- xrdp-0.5.0-0.13.el7.x86_64.rpm - Removed: Provided by EPEL.
- yara{,-devel,-doc}-3.5.0-7.1.el7.x86_64.rpm - Removed: Provided by EPEL.
- zeromq{,-devel}-2.2.0-4.el7.x86_64.rpm - Removed: Provided by EPEL.
These changes were also made:
- python{2,3}-artifacts-20190320-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20190320-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm,
python{2,36}-artifacts-20190320-2.el7.x86_64.rpm, and artifacts-data-20190320-2.el7.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-artifacts and python36-artifacts.
The package names for Fedora are unchanged.
- python{2,3}-bencode-2.1.0-1.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-bencode-2.1.0-1.el7.noarch.rpm -
Bencode re-packages the existing bencoding
and bdecoding implemention from the ‘official’ BitTorrent client as a separate, light-weight package for re-using them without having the entire BitTorrent software as a dependency.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-bencode and python36-bencode.
The package names for Fedora are unchanged.
- python{2,3}-biplist-1.0.3-3.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-biplist-1.0.3-3.el7.x86_64.rpm -
Biplist is a library for reading/writing binary plists.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-biplist and python36-biplist.
The package names for Fedora are unchanged.
- python{2,3}-chardet-3.0.4-3.fc26.{i686,x86_64}.rpm and python{2,36}-chardet-3.0.4-3.el7.x86_64.rpm -
Chardet is a universal character encoding detector.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-chardet and python36-chardet.
The package names for Fedora are unchanged.
- python{2,3}-dfdatetime-20190517-2.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfdatetime-20190517-2.el7.noarch.rpm -
dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dfdatetime and python36-dfdatetime.
The package names for Fedora are unchanged.
- python{2,3}-dfvfs-20190511-1.{fc25,fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-dfvfs-20190511-1.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
Note: The package for CentOS/RHEL 7 are named python2-dfvfs and python36-dfvfs.
- python{2,3}-dfwinreg-20190517-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dfwinreg-20190329-2.el7.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dfwinreg and python36-dfwinreg.
The package names for Fedora are unchanged.
- python{2,3}-dpkt-1.9.2-2.fc26.{i686,x86_64}.rpm and python{2,36}-dpkt-1.9.2-2.el7.x86_64.rpm -
Python-dpkt is a fast, simple packet creator and parser, with definitions for the basic TCP/IP protocols, for Python.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dpkt and python36-dpkt.
The package names for Fedora are unchanged.
- python{2,3}-dtfabric-20190120-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-dtfabric-20190120-3.el7.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-dtfabric and python36-dtfabric.
The package names for Fedora are unchanged.
- python{2,3}-elasticsearch-7.0.2-1.i{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and python{2,36}-elasticsearch-7.0.2-1.el7.x86_64.rpm -
ElasticSearch is the official low-level client for
Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python;
because of this it tries to be opinion-free and very extendable.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-elasticsearch and python36-elasticsearch.
The package names for Fedora are unchanged.
- libbde{,-devel,-python2,-python3,-tools}-20190317-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190317-3.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python36,-tools}-20190317-3.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libbde and python36-libbde.
All other package names are unchanged.
- libesedb{,-devel,-python2,-python3,-tools}-20181229-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20181229-5.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python2,-python36,-tools}-20181229-5.el7.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libesedb and python36-libesedb.
All other package names are unchanged.
- libevt{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libevt and python36-libevt.
All other package names are unchanged.
- libevtx{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_65.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx.
All other package names are unchanged.
- libewf{,-devel,-tools,-python2,-python3,-tools}-20160718-20140806.3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libewf{,-devel,-tools,-python2,-tools}-20160718-20140806.3.el6.{i686,x86_64}.rpm, and
libewf{,-devel,-tools,-python2,-python36,-tools}-20160718-20140806.3.el7.x86_64.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
This package is built from the libewf source code dated 20140806 but to make it the latest version, the version number was changed to the build date (20160718) and the release number changed to include the source code release date (20140806). Note: This release contains no new capabilities. The only differences is that the packages for CentOS/RHEL 7 are named python2-libevtx and python36-libevtx. All other package names are unchanged.
- libfsapfs{,-devel,-python2,-python3,-tools}-20190510-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190510-2.el6.{i686,x86_64}.rpm, and libfsapfs{,-devel,-python2,-python36,-tools}-20190510-2.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsapfs and python36-libfsapfs.
All other package names are unchanged.
- libfsntfs{,-devel,-python2,-python3,-tools}-20190104-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20190104-5.el6.{i686,x86_64}.rpm, and libfsntfs{,-devel,-python2,-python36,-tools}-20190104-5.el7.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfsntfs and python36-libfsntfs.
All other package names are unchanged.
- libfvde{,-devel,-python2,-python3,-tools}-20190104-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfvde{,-devel,-python2,-tools}-20190104-4.el6.{i686,x86_64}.rpm, and libfvde{,-devel,-python2,-python36,-tools}-20190104-4.el7.6_64.rpm -
Libfvde is a lbrary and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfvde and python36-libfvde.
All other package names are unchanged.
- libfwnt{,-devel,-python2,-python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwnt{,-devel,-python2}-20181227-4.el6.{i686,x86_64}.rpm and libfwnt{,-devel,-python2,-python36}-20181227-4.el7.x86_64.rpm -
LibFWNT, is a library for Windows NT data types.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwnt and python36-libfwnt.
All other package names are unchanged.
- libfwsi{,-devel,-python2,-python3}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20181227-4.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python2,-python36}-20181227-4.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libfwsi and python36-libfwsi.
All other package names are unchanged.
- liblnk{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-liblnk and python36-liblnk.
All other package names are unchanged.
- libmsiecf{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc26,fc27,fc29,fc30}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libmsiecf and python36-libmsiecf.
All other package names are unchanged.
- libolecf{,-devel,-python2,-python3,-tools}-20181231-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20181231-4.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python2,-python36,-tools}-20181231-4.el7.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libolecf and python36-libolecf.
All other package names are unchanged.
- libqcow{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libqcow and python36-libqcow.
All other package names are unchanged.
- libregf{,-devel,-python2,-python3,-tools}-20190303-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-tools}-20190303-3.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python36,-tools}-20190303-3.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libregf and python36-libregf.
All other package names are unchanged.
- libscca{,-devel,-python2,-python3,-tools}-20190605-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libscca{,-devel,-python2,-tools}-20190605-1.el6.{i686,x86_64}.rpm, and libscca{,-devel,-python2,-python36,-tools}-20190605-1.el7.x86_64.rpm -
Libscca is a library to access the Windows Prefetch File (SCCA) format.
Note: The package for CentOS/RHEL 7 are named python2-libscca and python36-libscca.
- libsigscan{,-devel,-python2,-python3,-tools}-20190103-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsigscan{,-devel,-python2,-tools}-20190103-4.el6.{i686,x86_64}.rpm, and libsigscan{,-devel,-python2,-python36,-tools}-20190103-4.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libsigscan and python36-libsigscan.
All other package names are unchanged.
- libsmdev{,-devel,-python2,-python3,-tools}-20190315-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20190315-3.el6.{i686,x86_64}.rpm, and libsmdev{,-devel,-python2,-python36,-tools}-20190315-23el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmdev and python36-libsmdev.
All other package names are unchanged.
- libsmraw{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libsmraw{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libsmraw and python36-libsmraw.
All other package names are unchanged.
- libvhdi{,-devel,-python2,-python3,-tools}-20181227-5.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm and libvhdi{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvhdi and python36-libvhdi.
All other package names are unchanged.
- libvmdk{,-devel,-python2,-python3,-tools}-20181227-5.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20181227-5.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python2,-python36,-tools}-20181227-5.el7.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvmdk and python36-libvmdk.
All other package names are unchanged.
- libvshadow{,-devel,-python2,-python3,-tools}-20190323-3.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20190323-3.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python2,-python36,-tools}-20190323-3.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvshadow and python36-libvshadow.
All other package names are unchanged.
- libvslvm{,-devel,-python2,-python3,-tools}-20181227-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libvslvm{,-devel,-python2,-tools}-20181227-4.el6.{i686,x86_64}.rpm, and libvslvm{,-devel,-python2,-python36,-tools}-20181227-4.el7.x86_64.rpm -
Libvslvm is a library and tools to access the Linux Logical Volume Manager (LVM) volume system format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libvslvm and python36-libvslvm.
All other package names are unchanged.
- python{2,3}-pefile-2019.4.18-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and python{2,36}-pefile-2019.4.18-2.el7.noarch.rpm -
PEFile is a Portable Executable reader module.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-pefile and python36-pefile.
The package names for Fedora are unchanged.
- python36-urllib3-1.24.1-1.el7.x86_64.rpm -
Python-urllib3 is a powerful, sanity-friendly HttP client for Python.
Much of the Python ecosystem already uses urllib3.
urllib3 brings many critical features that are missing from the Python standard libraries:
- Thread safety.
- Connection pooling.
- Client-side SSL/TLS verification.
- File uploads with multipart encoding.
- Helpers for retrying requests and dealing with HttP redirects.
- Support for gzip and deflate encoding.
- Proxy support for HttP and SOCKS.
- 100% test coverage.
- python{2,36}-lz4-0.10.0-1.el7.x86_64.rpm -
LZ4 contains the python bindings for the lz4 compression library.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-lz4 and python36-lz4.
The package names for Fedora are unchanged.
- python{2,36}-psutil-5.4.3-4.el7.x86_64.rpm -
Python-psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network) in Python.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-psutil and python36-psutil.
- python{2,3}-pytsk3-20190507-2.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python2-pytsk3-20190507-2.el6.{i686,x86_64}.rpm, and python{2,36}-pytsk3-20190507-2.el7.x86_64.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- python{2,3}-requests-2.22.0-1.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-1.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- python{2,3}-xlsxwriter-1.1.8-2.{fc26,fc27,fc28,fc29,fc30}.noarch.rpm and {python2,36}-xlsxwriter-1.1.8-2.el7.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-xlsxwriter and python36-xlsxwriter.
The package names for Fedora are unchanged.
- plaso-20190429-1.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20190429-1.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This release uses Python 3 instead of Python 2.
Please note that for Fedora 25, of all of the ancillary packages needed by plaso use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
For Fedora 25, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
Finally, for CentOS/RHEL 7, plaso no longer relies on a Python Virtual Environment.
- sleuthkit{,-devel,-libs}-4.6.6-1.1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.6.6-1.1.el7.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
This version was built with a higher revision than that provided by Fedora.
- winreg-kb-20190507-1.el7.x86_64.rpm -
Winreg-kb winreg-kb is a project to build a Windows Registry Knowledge Base.
winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources.
See these scripts that make use of package.
- winevt-kb-20190507-1.el7.x86_64.rpm -
Winevt-kb is a project to build a Windows Event Log knowledge base.
winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources.
See this resource for an explanation of the scripts included with this package - export.py, extract.py, query.py - and how to use them.
This version uses Python 3.
- libwrc{,-devel,-python2,-python3,-tools}-20181203-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libwrc{,-devel,-python2,-tools}-20181203-4.el6.{i686,x86_64}.rpm, and libwrc{,-devel,-python2,-python36,-tools}-20181203-3.el7.x86_64.rpm -
Libwrc is a library and tools to access the Windows Resource Compiler (WRC) format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libwrc and python36-libwrc.
All other package names are unchanged.
- libexe{,-devel,-python2,-python3,-tools}-20181128-4.{fc25,fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libexe{,-devel,-python2,-tools}-20181128-4.el6.{i686,x86_64}.rpm, and libexe{,-devel,-python2,-python36,-tools}-20181128-4.el7.x86_64.rpm -
Libexe is a library and tools to access the executable (EXE) format.
Note: This release contains no new capabilities.
The only differences is that the packages for CentOS/RHEL 7 are named python2-libexe and python36-libexe.
All other package names are unchanged.
- python{2,3}-construct-2.5.2-4.{fc25,fc26,fc27,fc28,fc29}.noarch.rpm, python2-construct-2.5.2-4.el6.noarch.rpm, and python{2,36}-construct-2.5.2-4.el7.noarch.rpm -
Python-construct is a powerful declarative parser (and builder) for binary data.
- rekall-forensics-1.7.2.rc1-1.{fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and rekall-forensics-1.7.2.rc1-1.el7.x86_64.rpm -
Rekall is an advanced forensic and incident response framework.
While it began life purely as a memory forensic framework, it has now evolved into a complete platform.
Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and open source license. Many of the innovations implemented within Rekall have been published in
peer reviewed papers.
The program to run is named rekall.py.
Please note that the installation of all of these ancillary packages neede by rekall use the pip program in a Python Virtual Environment. Insure that pip works correctly in your environment by connfiguring the /etc/pip.conf file according to the configuration guide found here.
- vmfs-tools-0.2.5-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, vmfs-tools-0.2.5-3.el7.x86_64.rpm, libvmfs-devel-0.2.5-3.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, and libvmfs-devel-0.2.5-3.el7.x86_64.rpm -
VMfs-tools is a collection of command-line tools for operating on VMware's VMFS file system.
Included in this release is limited VMFS version 5 support.
Note: The tools in the vmfs-tools package are named debugvmfs, fsck.vmfs, vmfs-fuse, vmfs-lvm.
The tools installed are also named debugvmfs5, fsck.vmfs5, vmfs5-fuse, vmfs5-lvm.
- vmfs6-tools-0.0.0.844.1195-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, vmfs6-tools-0.0.0.844.1195-1.el7.x86_64.rpm, libvmfs6-devel-0.0.0.844.1195-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, and libvmfs6-devel-0.0.0.844.1195-1.el7.x86_64.rpm -
VMFS6-tools is a collection of command-line tools for operating on VMware's VMFS file system.
Included in this release is limited VMFS version 6 support.
Note: The tools in the vmfs6-tools package are named debugvmfs6, fsck.vmfs6, vmfs6-fuse, vmfs6-lvm.
- xva-img-1.3-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and xva-img-1.3-1.el7.x86_64.rpm -
XVA-IMG is a tool for working with Citrix XEN disk images.
Citrix Xen uses a custom virtual appliance format for import/export called "XVA".
It's basically a strangely crafted tar-file.
You don't need this program to unpack this tar-file, just use your favourite tar unpacker (tar, gtar, bsdtar).
Once unpacked you will end up with a lot of different files, ova.xml (which contains the settings for the virtual appliance, think VMware vmx) and a number of folders called Ref:/, this is your disks.
Each of these folders contain hundreds of files named 00000000, 00000001 with a accompanying .CHECKSUM file (SHA1).
Each file is a 1MB slice of the disk, but some of the files in the sequence will probably be missing this is because XVA do not use compression; instead it will exclude slices of the disk that only contains zeros (are empty).
This tool can assemble the disk for you (you will end up with a RAW disk) that can easily be mounted and modified.
It can then also split the file again and generate checksum.
Once ready, you will probably want to use the "package" command to rebuild the XVA file.
- CERT-Forensics-Tools-1.0-85.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-85.el7.x86_64.rpm -
The changes since the last release (1.0-84) are the following:
- Added: qtmltfs
- Added: VMFS6-tools
- Added: Rekall Forensics (not on CentOS/RHEL 6)
- Added: xva-img
- cert-forensics-tools-release-{25,26,27,28,29,30,6,7}-14.noarch.rpm -
cert-forensics-tools-release is the package that connects a Fedora-based computer system to the CERT Linux Forensics Tools Repository (LiFTeR).
This package has been changed to require either a Fedora release or a Generic release to be able to install this package.
- autopsy-4.11.0-1.{fc25,fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and autopsy-4.11.0-1.el7.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
In addition, the Java™ Platform, Standard Edition Development Kit (JDK™) from Oracle also needs to be installed before running autopsy. That package can be found here. Testing has been verified to work with JDK 11.0.2.
- pfring-7.4.0-2553.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2553.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.8.0-1596.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.4.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.8-300 for FC30
- 5.1.7-300 for FC30
- 5.1.6-300 for FC30
- 5.1.5-300 for FC30
- 5.0.17-300 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-4.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.8-300 for FC30
- 5.1.7-300 for FC30
- 5.1.6-300 for FC30
- 5.1.5-300 for FC30
- 5.0.17-300 for FC30
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.25.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.1.6-200 for FC29
- 5.0.19-200 for FC29
- 5.0.17-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-25.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.1.6-200 for FC29
- 5.0.19-200 for FC29
- 5.0.17-200 for FC29
- fmem-kernel-modules-el7-x86_64-1.6-1.52.noarch.rpm -
Support for the following kernels were added for Fmem:
- 3.10.0-957.21.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-52.noarch.rpm - Support for the following kernels were added for
LiME:
- 3.10.0-957.21.2 for EL7
- Fedora 24 - Updates to Fedora 24 for both the i686 and x86_64 CPU architectures has ceased.