python3-pyfixbuf-0.9.0-3.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, python36-pyfixbuf-0.9.0-3.el7.x86_64.rpm, and python3-pyfixbuf-0.9.0-3.el9.{aarch64,x86_64}.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
This release fixes a permissions problem with some of the directories.
python3-pyfixbuf-0.9.0-4.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm, python36-pyfixbuf-0.9.0-4.el7.x86_64.rpm, and python3-pyfixbuf-0.9.0-4.el9.{aarch64,x86_64}.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha1.
Please address any comments on these packages to netsa-help@cert.org.
This release fixes a permissions problem with some of the directories.
acr-2.1.1-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm -
ACR tries to replace autoconf functionality generating a full-compatible 'configure' script (runtime flags).
This release fixes a permissions problem with some of the directories.
analyzeMFT-3.0.1-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and analyzeMFT-3.0.1-2.el9.{x86_64,aarch64}.rpm -
AnalyzeMFT is a tool that fully parses
the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.
See here for the changes since the previously installed version 2.0.19.1.
This release fixes a permissions problem with some of the directories.
winevtrc-20220106-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and winevtrc-20220106-2.el9.{x86_64,aarch64}.rpm -
Winevt-kb is a project to build a Windows Event Log knowledge base.
winevtrc is the Python module part of winevt-kb to allow reuse of Windows Event Log resources.
Note that this package also provides winevt-kb.
This release fixes a permissions problem with some of the directories.
winregrc-20230205-2.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm and winregrc-20230205-2.el9.{x86_64,aarch64}.rpm -
Winreg-kb winreg-kb is a project to build a Windows Registry Knowledge Base.
winregrc is a Python module part of winreg-kb to allow reuse of Windows Registry Resources.
This release fixes a permissions problem with some of the directories.
python-registry-1.2.0-2.{el7,el8,amzn2}.x86_64.rpm -
Python-registry provides read-only access to Windows Registry files, such as NTUSER.DAT, userdiff, and SOFTWARE.
The interface is two-fold: a high-level interface suitable for most tasks, and a low level set of parsing objects and methods which may be used for advanced study of the Windows Registry.
This release fixes a permissions problem with some of the directories.
Volatility-2.6.1-7.{el7,el8}.x86_64.rpm -
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
This version of Volatility is the official version of Volatility 2.6.1 that has been patched to May 14, 2021.
You can read about this version here.
This release fixes a permissions problem with some of the directories.
python-apsw-3.19.3-2.el7.x86_64.rpm - Python-apsw
is a Python wrapper for the SQLite embedded relational database engine.
In contrast to other wrappers such as pysqlite
it focuses on being a minimal layer over SQLite attempting just to translate the complete SQLite API into Python.
The documentation has a section on the differences between APSW and pysqlite.
See here for a list of the changes.
This release fixes a permissions problem with some of the directories.
pytsk3-20231007-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm and pytsk3-20231007-1.el9.{x86_64,aarch64}.rpm -
Pytsk is Python bindings for The Sleuth Kit.
vleapp-2.0.0-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and vleapp-2.0.0-2.el9.{aarch64,x86_64}.rpm -
vleapp is a Vehicle Logs Events And Protobuf Parser application.
Both the command line version (vleapp) and the GUI version (vleappGUI) are included in this package.
Note that vleapp is not part of the CERT-Forensics-Tools metapackage so it must be installed manually.
pfring-8.7.0-8553.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.7.0.8553-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.7.0-4409.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-fc38-x86_64-1.9.1-16.noarch.rpm -
Support for the following kernels were added for LiME:
6.5.6-200 for FC38
fmem-kernel-modules-fc38-x86_64-1.6-1.16.noarch.rpm -
Support for the following kernels were added for Fmem:
6.5.6-200 for FC38
lime-kernel-modules-fc37-x86_64-1.9.1-16.noarch.rpm -
Support for the following kernels were added for LiME:
6.5.6-100 for FC37
fmem-kernel-modules-fc37-x86_64-1.6-1.16.noarch.rpm -
Support for the following kernels were added for Fmem:
6.5.6-100 for FC37
lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-30.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
5.14.0-373 for EL9
5.14.0-372 for EL9
fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.30.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures: