LiFTeR: Changes for May 15, 2020
- plaso-20200430-1.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and plaso-20200430-1.{fc31,fc32,el7,el8}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
- sevenzipjbinding-16.02_2.01-1.el7.x86_64.rpm -
7-Zip Bindings is a java wrapper for 7-Zip C++ library.
It allows extraction of many archive formats using a very fast native library directly from java through JNI.
This version was build for CentOS/RHEL 7 due to a compiler inconsistency with the version provided with Autopsy 4.15.0.
- autopsy-4.15.0-5.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-5.{fc31,fc32,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
This release fixes a problem with the 7 Zip ingest module on CentOS/RHEL 7.
For all other releases for all other systems, these same packages were simply rebuilt to maintain release numbering consistency and contain no new functionality.
- apfs-fuse-20200429-1.{fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm and apfs-fuse-20200429-1.{fc31,fc32,el7,el8}.x86_64.rpm -
APFS-Fuse is a read-only FUSE driver for the new Apple File System.
Since Apple didn't yet document the disk format of APFS, this driver should be considered experimental.
It may not be able to read all files, it may return wrong data, or it may simply crash.
Use at your own risk.
But since it's read-only, at least the data on your apfs drive should be safe.
Be aware that not all compression methods are supported yet (only the ones the author has encountered so far). Thus, the driver may return compressed files instead of uncompressed ones. Although most of the time it should just report an error.
- pfring-7.6.0-2977.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2977.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2448.{el6,el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc32-x86_64-1.6-1.2.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.12-300 for FC32
- 5.6.11-300 for FC32
- lime-kernel-modules-fc32-x86_64-1.1.r17-2.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.12-300 for FC32
- 5.6.11-300 for FC32
- fmem-kernel-modules-fc31-x86_64-1.6-1.23.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.11-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-23.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.11-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.38.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.11-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-38.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.11-100 for FC30