LiFTeR: Changes for May 22, 2020
- bellsoft-java8-1.8.0.252-1+9.{i586,x86_64}-full.rpm -
Bellsoft Java
was installed for Fedora 26 through 32 and CentOS/RHEL 7 and 8.
Bellsoft Java 8 is the recommended version of Java for Autopsy.
See these instructions for installing Autopsy on Linux where this recommendation can be found.
Note that the previous version of BellSoft's Java that was installed as part of
autopsy
can be removed with:
sudo yum erase bellsoft-java8 -y
- autopsy-4.15.0-6.{fc26,fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.15.0-6.{fc31,fc32,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Notes:
- This version uses the aforementiontion version of Java 8 from Bellsoft.
- This version was tested on Fedora 26 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
- If you wish to run
autopsy
on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
[ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp)
sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload
sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini
sudo systemctl stop xrdp
sudo systemctl start xrdp
- python3-artifacts-20200515-1.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm, artifacts-data-20200515-1.{fc26,fc27,fc28,fc29,fc30}.{i386,x86_64}.rpm,
python36-artifacts-20200515-1.el7.x86_64.rpm, artifacts-data-20200515-1.el7.x86_64.rpm -
python3-artifacts-20200515-1.{fc31,fc32,el8}.x86_64.rpm, artifacts-data-20200515-1.{fc31,fc32,el8}.x86_64.rpm -
Artifacts is a free, community-sourced,
machine-readable knowledge base of forensic artifacts that the world can use both as an information source and within other tools.
- python2-yara-4.0.1-1.fc30.{i386,x86_64}.rpm and python2-yara-4.0.1-1.x86_64.{fc31,fc32,el8}.rpm -
Python-yara is a Python extension that gives access to Yara's powerful features from Python scripts.
- pfring-7.6.0-2990.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.6.
- pfring-dkms-7.6.0-2990.{el6,el7,el8}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-3.2.0-2473.{el6,el7,el8}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- fmem-kernel-modules-fc32-x86_64-1.6-1.3.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.13-300 for FC32
- lime-kernel-modules-fc32-x86_64-1.1.r17-3.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.13-300 for FC32
- fmem-kernel-modules-fc31-x86_64-1.6-1.24.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.13-200 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-24.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.13-200 for FC31
- fmem-kernel-modules-fc30-{i386,x86_64}-1.6-1.39.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.6.13-100 for FC30
- lime-kernel-modules-fc30-{i386,x86_64}-1.1.r17-39.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.6.13-100 for FC30
- fmem-kernel-modules-el7-x86_64-1.6-1.66.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
- 3.10.0-1127.8.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-66.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
- 3.10.0-1127.8.2 for EL7
- fmem-kernel-modules-el6-{i686,x86_64}-1.6-1.65.noarch.rpm -
Support for the following kernels were added for Fmem:
- 2.6.32-754.29.2 for EL6
- lime-kernel-modules-el6-{i686,x86_64}-1.1.r17-65.noarch.rpm -
Support for the following kernels were added for LiME:
- 2.6.32-754.29.2 for EL6