LiFTeR: Changes for September 12, 2020
- sleuthkit{,-devel,-libs}-4.10.0-1.1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and sleuthkit{,-devel,-libs}-4.10.0-1.1.{fc31,el7,el8}.x86_64.rpm -
The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
- autopsy-4.16.0-1.{fc27,fc28,fc29,fc30}.{i686,x86_64}.rpm and autopsy-4.16.0-1.{fc31,fc32,el7,el8}.x86_64.rpm -
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.
You can even use it to recover photos from your camera's memory card.
Notes:
- This version uses Java 8 from Bellsoft.
- This version was tested on Fedora 27 through 32 and CentOS 7 and 8 for the x86_64 architectures using an E01 dataset that contains a 7-Zip file that contains two JPEG images, one of which has EXIF metadata. Those archives were correctly parsed and the EXIF data verified.
- If you wish to run
autopsy
on a system that you are accessing via Microsoft's Remote Desktop Protocol (RDP), testing has shown that the setting the color depth on the backend X server is critical. Use the following to install the XRDP client, if necessary, adjust the host's firewall to allow RDP connection, adjust this depth parameter, and start or restart the XRDP client:
[ -f /etc/xrdp/xrdp.ini ] || (sudo $(uname -r | grep -q el7 && echo yum || echo dnf) install xrdp && sudo systemctl enable xrdp)
sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload
sudo sed --in-place 's/#xserverbpp=24/xserverbpp=24/' /etc/xrdp/xrdp.ini
sudo systemctl stop xrdp
sudo systemctl start xrdp
- python2-pysocks-1.6.8-6.el8.noarch.rpm -
Pysocks is a fork of SocksiPy with bug fixes and extra features.
It acts as a drop-in replacement for the socket module.
This package was built for CentOS 8 to support the
Volatility-community-plugins
package.
- python2-six-1.11.0-5.el8.noarch.rpm -
Six provides simple utilities for wrapping over differences between Python 2 and Python 3.
This package was built for CentOS 8 to support the
Volatility-community-plugins
package.
- fmem-kernel-modules-fc32-x86_64-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.8.7-200 for FC32
- 5.8.6-201 for FC32
- lime-kernel-modules-fc32-x86_64-1.1.r17-18.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.8.7-200 for FC32
- 5.8.6-201 for FC32
- fmem-kernel-modules-fc31-x86_64-1.6-1.34.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.8.6-101 for FC31
- lime-kernel-modules-fc31-x86_64-1.1.r17-34.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.8.6-101 for FC31