LiFTeR: Changes for January 26, 2022
- Amazon Linux 2 - The following packages were removed from the Amazon Linux 2 repository because they were built by accident.
In most cases, these packages are available from the Extra Packages for Enterprise Linux (EPEL) repository.
- hachoir-3.1.2-2.amzn2.noarch.rpm -
Hachoir is a Python library to view and edit a binary stream field by field.
In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files.
A file is splitted in a tree of fields, where the smallest field is just one bit.
Examples of fields types: integers, strings, bits, padding types, floats, etc.
Hachoir is the French word for a meat grinder (meat mincer), which is used by butchers to divide meat into long tubes;
Hachoir is used by computer butchers to divide binary files into fields.
Notes:
- In this version, these tools are all available:
hachoir-grep
,hachoir-metadata
,hachoir-strip
,hachoir-urwid
, andhachoir-wx
. As such, the previous packages where these tools were packaged separately are obsoleted. - This version fixes an error that precluded all of the available tools appearing in the /usr/bin directory.
- In this version, these tools are all available:
- libfvde{,-devel,-python3,-tools}-20220125-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and libfvde{,-devel,-python36,-tools}-20220125-1.el7.x86_64.rpm -
Libfvde is a library and tools to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.
The FVDE format is used by Mac OS X, as of Lion, to encrypt data on a storage media volume.
- plaso-20211229-3.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as
log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Details of this update are available here.
This release removes the version restriction on the pyparsing package.
Note: For CentOS/RHEL 7 and 8 and Amazon Linux 2, Plaso now runs in Python Virtual Environment.
- python36-pyparsing-3.0.7-1.el7.noarch.rpm, python3-pyparsing-3.0.7-1.{el8,amzn2}.noarch.rpm, and pyparsing-doc-3.0.7-1.{el7,el8,amzn2}.noarch.rpm -
Pyparsing is a module that provides an alternative approach to creating and executing simple grammars, vs. the traditional lex/yacc approach, or the use of regular expressions.
- libbde{,-devel,-python3,-tools}-20220121-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and libbde{,-devel,-python36,-tools}-20220121-1.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
- libfwsi{,-devel,-python3}-20220123-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and libfwsi{,-devel,-python36}-20220123-1.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
- python3-dtfabric-20220126-1.{fc33,fc34,fc35,amzn2,el8}.x86_64.rpm and python36-dtfabric-20220126-1.el7.x86_64.rpm -
Dtfabric is a project to manage data types and structures,
as used in the libyal projects.
- libsigscan{,-devel,-python3}-20220124-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and libsigscan{,-devel,-python36}-20220124-1.el7.x86_64.rpm -
Libsigscan is a library and tools used to binary signature scanning.
- libluksde{,-devel,-python3,-tools}-20220121-1.{fc33,fc34,fc35,el8,amzn2}.x86_64.rpm and libluksde{,-devel,-python36,-tools}-20220121-1.el7.x86_64.rpm -
Libluksde is a library and tools used to access LUKS Disk Encryption encrypted volumes.
- pfring-8.0.0-7207.{el7,el8,amzn2}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
- pfring-dkms-8.0.0.7207-7207.{el7,el8,amzn2}.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-4.0.0-3509.{el7,el8,amzn2}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
- lime-kernel-modules-fc35-x86_64-1.9.1-12.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.15.16-200 for FC35
- 5.15.15-200 for FC35
- fmem-kernel-modules-fc35-x86_64-1.6-1.12.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.15.16-200 for FC35
- 5.15.15-200 for FC35
- fmem-kernel-modules-fc34-x86_64-1.6-1.35.noarch.rpm -
Support for the following kernels were added for Fmem:
- 5.15.16-100 for FC34
- 5.15.15-100 for FC34
- lime-kernel-modules-fc34-x86_64-1.9.1-35.noarch.rpm -
Support for the following kernels were added for LiME:
- 5.15.16-100 for FC34
- 5.15.15-100 for FC34