bulk_extractor-1.2.2-3.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Bulk_extractor
has been repackaged, where all of the supporting tools are now installed as distributed by the author. These tools are installed in /usr/bin and
are the following:
bulk_diff.py - compares two bulk_extractor runs and reports what's changed.
identify_filenames.py - reads feature files and a DFXML file for a disk image and reports the file from which each feature came
post_process_exif.py - reads the exif.txt feature file and produces a CSV file from all of the XML-encoded EXIF information
This directory also contains modules for working with digital forensics XML:
bulk_extractor.py - a DFXML python module for reading the report.xml file created by bulk_extractor and reading the feature files.
Also allows reading a ZIP file produced from a bulk_extrator output directory as if it were uncompressed.
dfxml.py - a DFXML python module for reading DFXML files
fiwalk.py - a DFXML python module for producing DFXML streams using fiwalk
This directory also contains an out-of-date multi-drive correlator; this will be operational by August 1, 2012:
cda2.py - multi drive correlator
cda_test.py - test program for multi-drive correlator
cda_tool.py - another multi-drive correlator
libewf{,-devel,-tools}-20120603-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Libewf
is a library for support of the Expert Witness Compression Format (EWF). It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Note the following:
This version provides the development environment for Version 2 of the API using the libewf-devel package.
If the Version 1 API is required, install a version of libewf-devel from 2010, for example version 20100226.
This version provides the runtime environment for both Version 1 and Version 2 of the API. This means that both
libewf.so.1 and libewf.so.2 are provided in this package for all supported operating systems and architectures.
This version provides the a set of tools (libewf-tools) that replace ewftools.
ssdeep-2.8-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Ssdeep is a program for computing context triggered
piecewise hashes (CTPH), also called fuzzy hashes.