libewf{,-devel,-tools}-20120813-1.{fc14,fc15,fc16,fc17,el5,el6}.{i686,x86_64}.rpm - Libewf
is a library for support of the Expert Witness Compression Format (EWF). It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format. Note the following:
This version provides the development environment for Version 2 of the API using the libewf-devel package.
If the Version 1 API is required, install a version of libewf-devel from 2010, for example version 20100226.
This version provides the runtime environment for both Version 1 and Version 2 of the API. This means that both
libewf.so.1 and libewf.so.2 are provided in this package for all supported operating systems and architectures.
This version provides the a set of tools (libewf-tools) that replace ewftools.
registrydecoder-20120816-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_84}.rpm - Registrydecoder
is tool for the acquisition, analysis, and reporting of registry contents.
See here for a list of changes.
regripper-plugins-20120812-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
This version includes version 20120612 of the plugins from here.
The plugins added are the following:
NEW PLUGIN by Hal Pomeranz: ssh_host_keys.pl that extracts stored Putty and WinSCP host keys from NTUSER hive
NEW PLUGIN by Hal Pomeranz: ssh_host_keys.pl that extracts stored Putty and WinSCP host keys from NTUSER hive
NEW PLUGIN by Hal Pomeranz: winscp_sessions.pl that extracts WinSCP saved session data from NTUSER hive (with password decoding)
NOTE profiles all-all, ntuser-all, sam-all, security-all, software-all and system-all were updated
NOTE source code repository was aligned to current release
NEW PLUGIN by John Lukach: pstools.pl that displays the content for PsTools EULA Agreements
NEW PLUGIN by K. Johnson (with Harlan Carvey updates): filehistory.pl that parses NTUSER FileHistory Registry keys from Windows 8
NEW PLUGIN by Elizabeth Schweinsberg: user_runplus.pl that gets contents of the Run, RunOnce, and RunServices keys from NTUSER hive
NEW PLUGIN by Elizabeth Schweinsberg: soft_runplus.pl that gets contents of the Run, RunOnce, and RunServices keys from SOFTWARE hive
NEW PLUGIN by Elizabeth Schweinsberg: svc_plus.pl that gets services, displaied in short format, from SYSTEM hive
tcpflow-1.3.0-1.{fc14,fc15,fc16,fc17,el5,el6}.{i386,x86_64}.rpm - Tcpflow is a program
that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging.
Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction.
Tcpflow can also process stored tcpdump packet flows.
Here are the changes in this version:
src/tcpdemux.cpp (tcpdemux::process_tcp): fixed bug in which myflow.tlast wasn't being set.
src/main.cpp (main): fixed compile bugs that resulted from adoption of standard DFXML header.
configure.ac (HAVE_PTHREAD): fixed typo in configure.ac
src/tcpdemux.h: removed struct ip as it was redundent to struct iphdr
configure.ac: tcpflow now compiles under mingw for Windows
src/tcpdemux.cpp: moved tcpdemux class methods into this new file.
src/tcpip.cpp (tcpip::close_file): added support for FUTIMENS, but I don't yet have a system on which to test it. Hope that it's good.