LiFTeR: Changes for February 14, 2020
- python3-artifacts-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20200118-2.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm,
python36-artifacts-20200118-2.el7.x86_64.rpm, artifacts-data-20200118-2.el7.x86_64.rpm,
python3-artifacts-20200118-2.{fc31,el8}.x86_64.rpm, artifacts-data-20200118-2.{fc31,el8}.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
Note that the Python 2 version is no longer provided.
- python{2,3}-cffi-1.14.0-1.el8.x86_64.rpm and cffi-doc-1.14.0-1.el8.noarch.rpm -
Python-CFFI is a C Foreign Function Interface for Python.
Interact with almost any C code from Python, based on C-like declarations that you can often copy-paste from header files or documentation.
- python3-dfdatetime-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfdatetime-20200121-2.el7.noarch.rpm -
dfDateTime, or Digital Forensics date and time, provides date and time objects to preserve accuracy and precision.
Note that the Python 2 version is no longer provided.
- python3-dfvfs-20200121-2.{fc26,fc27,fc28,fc29,fc30,fc31,el8}.noarch.rpm and python36-dfvfs-20200121-2.el7.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to
file-system objects from various storage media types and file formats.
Note that the Python 2 version is no longer provided.
- python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note that the Python 2 version is no longer provided.
- python3-dfwinreg-20200121-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dfwinreg-20200121-2.el7.x86_64.rpm, and python3-dfwinreg-20200121-2.{fc31,el8}.x86_64.rpm -
DFWinreg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects.
Note that the Python 2 version is no longer provided.
- python3-dtfabric-20200119-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-dtfabric-20200119-2.el7.x86_64.rpm, and python3-dtfabric-20200119-2.{fc31,el8}.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
Note that the Python 2 version is no longer provided.
- libfsntfs{,-devel,-python3}-20200201-2.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2}-20200201-2.el6.{i686,x86_64}.rpm, libfsntfs{,-devel,-python36}-20200201-2.el7.x86_64.rpm, and libfsntfs{,-devel,-python3}-20200201-2.{fc31,el8}.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
Note that the Python 2 version is no longer provided.
- zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libbroker-devel-3.0.1-0.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, zeek{,-core,ctl,-debugsource,-devel,-libcaf-devel}-3.0.1-0.{fc31,el7,el8}.x86_64.rpm, and libbroker-devel-3.0.1-0.{fc31,el7,el8}.x86_64.rpm -
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous educational and scientific institutions for securing their cyberinfrastructure.
Zeek was originally developed by Vern Paxson. Robin Sommer now leads the project, jointly with a core team of researchers and developers at the International Computer Science Institute in Berkeley, CA; and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Please note: zeek packages install files in /opt/zeek. To use these files, add the following to your ~/.bashrc file:
[[ -d /opt/zeek/bin && ! "$PATH" =~ /opt/zeek/bin ]] && PATH=$PATH:/opt/zeek/bin
[[ -d /opt/zeek/share/man && ! "$MANPATH" =~ /opt/zeek/share/man ]] && MANPATH=$MANPATH:/opt/zeek/share/man
Then run:
. ~/.bashrc
- python{2,3}-elasticsearch-7.5.1-1.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm, python{2,36}-elasticsearch-7.5.1-1.el7.x86_64.rpm, and python{2,3}-elasticsearch-7.5.1-1.{fc31,el8}.x86_64.rpm -
ElasticSearch is the official low-level client for Elasticsearch.
Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
- libluksde{,-devel,-python3,-tools}-20200205-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libluksde{,-devel,-python2,-tools}-20200205-1.el6.{i686,x86_64}.rpm, libluksde{,-devel,-python36,-tools}-20200205-1.el7.x86_64.rpm, and libluksde{,-devel,-python3,-tools}-20200205-1.{fc31,el8}.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
Note that the Python 2 version is only provided for CentOS/RHEL 6.
- libsmdev{,-devel,-python3}-20200210-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2}-20200210-1.el6.{i686,x86_64}.rpm, libsmdev{,-devel,-python36}-20200210-1.el7.x86_64.rpm, and libsmdev{,-devel,-python3}-20200210-1.{fc31,el8}.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
Note that the Python 2 version is only provided for CentOS/RHEL 6.
- python36-lz4-3.0.2-1.el7.x86_64.rpm -
LZ4 contains the python bindings for the lz4 compression library.
Note that the Python 2 version is no longer provided.
- sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.8.0-1.1.{fc31,el7}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
Note that CentOS/RHEL 6 is no longer being udpated.
- autopsy-4.14.0-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.14.0-1.{fc31,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Note: this release no longer requires JDK from Oracle for Fedora 25 through 30, relying instead on version 1.8.0 of OpenJDK version provided by Fedora, along with version 1.8.0 of OpenJFX, also provided by Fedora. However, for CentOS/RHEL 7 and 8,the latest version of JDK 8 from Oracle is required and this package has been added to the appropriate repositories. In addition, this release also contains a autopsy.desktopfile that supports the GNOME and Mate Window managers. Further, note that CentOS/RHEL 6 is no longer being udpated.
- python3-pytsk3-20200117-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm, python36-pytsk3-20200117-1.el7.x86_64.rpm, and python3-pytsk3-20200117-1.{fc31,el8}.x86_64.rpm -
Pytsk is Python bindings for The Sleuth Kit.
- python3-idna-2.8-1.{fc26,fc27,fc28,el8}.noarch.rpm and python36-idna-2.8-1.el7.noarch.rpm -
IDNA provides support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in RFC 5891. This is the latest version of the protocol and is sometimes referred to as "IDNA 2008".
- python{2,3}-requests-2.22.0-3.fc26.{i686,x86_64}.rpm and python36-requests-2.22.0-3.el7.x86_64.rpm -
Python-requests is an Apache2 Licensed HttP library, written in Python, for human beings.
Python’s standard urllib2 module provides most of the HttP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
It requires an enormous amount of work (even method overrides) to perform the simplest of tasks.
- plaso-20200121-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200121-1.{fc31,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- CERT-Forensics-Tools-1.0-87.{fc26,fc27,fc28,fc29,fc30,el6}.{i686,x86_64}.rpm and CERT-Forensics-Tools-1.0-87.{fc31,el7,el8}.x86_64.rpm -
The registerydecoder package was removed due to its dependence on Python 2.
- pfring-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2835.el7.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
Here is the announcement of PF_Ring 7.4.
- pfring-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2836.el6.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.0.0-2242.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc31-x86_64-1.6-1.10.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-10.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.18-200 for FC31
- 5.4.17-200 for FC31
- 5.4.15-200 for FC31
- 5.4.14-200 for FC31
- 5.4.13-201 for FC31
- 5.4.12-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.28.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-28.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.4.18-100 for FC30
- 5.4.17-100 for FC30
- 5.4.14-100 for FC30
- 5.4.12-100 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.63.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1062.12.1 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-63.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1062.12.1 for EL7
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.62.noarch.rpm - Support for the following kernels were added for
Fmem:
- 2.6.32-754.27.1 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-62.noarch.rpm - Support for the following kernels were added for
LiME:
- 2.6.32-754.27.1 for EL6