LiFTeR: Changes for February 15, 2019
- python{2,3}-xlsxwriter-1.1.4-1.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.noarch.rpm and python2-xlsxwriter-1.1.4-1.el6.noarch.rpm -
XlsxWriter is a Python module for writing files in the Excel 2007+ XLSX file format.
XlsxWriter can be used to write text, numbers, formulas and hyperlinks to multiple worksheets and it supports features such as formatting and many more.
See here for a list of the changes since the last version (1.1.2).
Note: the packages installed are named python2-xlsxwriter and python3-xlsxwriter for Fedora 24 through 29 and CentOS/RHEL 7 but there is no Python 3 version for CentOS/RHEL 6.
- libfsapfs{,-devel,-python2,-python3,-tools}-20190210-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsapfs{,-devel,-python2,-tools}-20190210-2.el6.{i686,x86_64}.rpm and libfsapfs{,-devel,-python2,-python3,-tools}-20190210-2.el7.x86_64.rpm -
libfsapfs is a library to access the Apple File System (APFS).
Note that this project currently only focuses on the analysis of the format.
- plaso-20190131-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm and plaso-20190131-2.el7.x86_64.rpm -
Plaso is the Python-based back-end engine used by tools such as log2timeline for automatic creation of a super timelines.
The goal of log2timeline.py (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers
and related systems, such as network equipment to produce a single correlated timeline.
This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
This revision changed some of the dependencies for the Python Virtual Environment-based version for Fedora 24 and 25 and CentOS/RHEL 7.
For Fedora 24 and 25 and CentOS/RHEL 7, this package contains a program named update-plaso, the purpose of which is to update the packages that plaso depends upon. Note that this updates the dependent packages but not plaso. The recommendation is to run update-plaso routinely to keep the plaso dependencies updated.
For Fedora 24 and 25, the recommended way to install this update is the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo dnf -y install plaso
and for CentOS/RHEL 7, the following:
sudo rpm -ev plaso --nodeps; sudo rm -rf /usr/local/lib/PythonVirtualEnvironments/plaso; sudo yum -y install plaso
- pfring-7.4.0-2414.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.4.
- pfring-dkms-7.4.0-2414.{el6,el7}.x86_64.rpm - PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
- ndpi-2.6.0-1488.{el6,el7}.x86_64.rpm - ndpi is an open source LGPLv3 library for deep-packet inspection.
Based on OpenDPI it includes ntop extensions.
- libbde{,-devel,-python2,-python3,-tools}-20190102-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libbde{,-devel,-python2,-tools}-20190102-3.el6.{i686,x86_64}.rpm, and libbde{,-devel,-python2,-python3,-tools}-20190102-3.el7.x86_64.rpm -
Libbde is a library and tools to access the BitLocker Drive Encryption (BDE) format.
The BDE format is used by Windows, as of Vista, to encrypt data on a storage media volume.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libesedb{,-devel,-python2,-python3,-tools}-20181229-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libesedb{,-devel,-python2,-tools}-20181229-3.el6.{i686,x86_64}.rpm, and libesedb{,-devel,-python2,-python3,-tools}-20181229-3.el7}.x86_64.rpm -
Libesedb contains a library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
ESEDB is used in may different applications like Windows Search, Windows Mail, Exchange, Active Directory, etc.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libevt{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevt{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libevt{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libevt contains libraries and tools to access the Windows Event Log (EVT) format files.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libevtx{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libevtx{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libevtx{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libevtx contains libraries and tools to access the Windows XML Event Log (EVTX) format files.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libfshfs{,-devel,-python2,-python3,-tools}-20181101-3.{fc24,fc25,fc26,fc27,fc28,fc29,el7}.{i686,x86_64}.rpm, libfshfs{,-devel,-python,-tools}-20181101-3.el6.{i686,x86_64}.rpm, and libfshfs{,-devel,-python2,-python3,-tools}-20181101-3.el7.x86_64.rpm -
Libfshfs is a lbrary and tools to access the Hierarchical File System (HFS).
Note that this project currently only focuses on the analysis of the format.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system and renames the python version to python2.
- libfsntfs{,-devel,-python2,-python3,-tools}-20190104-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfsntfs{,-devel,-python2,-tools}-20190104-3.el6.{i686,x86_64}.rpm, and libfsntfs{,-devel,-python2,-python3,-tools}-20190104-3.el7.x86_64.rpm -
Libfsntfs contains library and tools to access the New Technology File System (NTFS).
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libfwsi{,-devel,-python2,-python3}-20181227-2.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libfwsi{,-devel,-python2}-20181227-2.el6.{i686,x86_64}.rpm, and libfwsi{,-devel,-python2,-python3}-20181227-2.el7.x86_64.rpm -
Libfwsi is a library to access the Windows Shell Item format.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- liblnk{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, liblnk{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and liblnk{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Liblnk contains libraries and tools to access the Windows Shortcut File (LNK) format file.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libmsiecf{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc26,fc27,fc29}.{i686,x86_64}.rpm, libmsiecf{,-devel,-python2,-tools}-20181227-2.el6.{i686,x86_64}.rpm, and libmsiecf{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libmsiecf contains libraries and tools to access the Microsoft Internet Explorer (MSIE) Cache File (index.dat) files.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libolecf{,-devel,-python2,-python3,-tools}-20181231-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libolecf{,-devel,-python2,-tools}-20181231-3.el6.{i686,x86_64}.rpm, and libolecf{,-devel,-python2,-python3,-tools}-20181231-3.el7.x86_64.rpm -
Libolecf contains libraries and tools to access the OLE 2 Compound File (OLECF) format filed.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libpff{,-devel,-python2,-python3,-tools}-20180714-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libpff{,-devel,-python,-tools}-20180714-3.{i686,x86_64}.rpm, and libpff{,-devel,-python2,-python3,-tools}-20180714-3.el7.x86_64.rpm -
Libpff is a library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format.
PFF is used in PAB (Personal Address Book), PST (Personal Storage Table) and OST (Offline Storage Table) files. Static and dynamic versions of the libraries are provided.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libqcow{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libqcow{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libqcow{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libqcow is a library and tools used to access the QEMU Copy-On-Write (QCOW) image format.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libregf{,-devel,-python2,-python3,-tools}-20181231-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libregf{,-devel,-python2,-tools}-20181231-3.el6.{i686,x86_64}.rpm, and libregf{,-devel,-python2,-python3,-tools}-20181231-3.el7.x86_64.rpm -
Libregf contains libraries and tools to access the Windows NT Registry File files.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libsmdev{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmdev{,-devel,-python2,-tools}-20181227-3.el6}.{i686,x86_64}.rpm, and libsmdev{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libsmdev is a library and tools used to access storage media devices.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libsmraw{,-devel,-python2,-python3,-tool2}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libsmraw{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm and libsmraw{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libsmraw is a library and tools used to read and write (split) RAW storage media bitstream copies.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libvshadow{,-devel,-python2,-python3,-tools}-20190127-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvshadow{,-devel,-python2,-tools}-20190127-3.el6.{i686,x86_64}.rpm, and libvshadow{,-devel,-python2,-python3,-tools}-20190127-3.el7.x86_64.rpm -
Libvshadow is a library and tools used to support the Volume Service Snapshot (VSS) format.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libvhdi{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvhdi{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libvhdi{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libvhdi is a library and tools to access the Virtual Hard Disk (VHD) image format.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- libvmdk{,-devel,-python2,-python3,-tools}-20181227-3.{fc24,fc25,fc26,fc27,fc28,fc29}.{i686,x86_64}.rpm, libvmdk{,-devel,-python2,-tools}-20181227-3.el6.{i686,x86_64}.rpm, and libvmdk{,-devel,-python2,-python3,-tools}-20181227-3.el7.x86_64.rpm -
Libvmdk is a library and tools used to access the VMware Virtual Disk (VMDK) image format.
This release fixes a problem where the python2 and python3 versions were to be installed on the same system.
- python{2,3}-dfvfs-20190128-4.{fc24,fc25,fc26,fc27,fc28,fc29}.noarch.rpm -
dfVFS, the Digital Forensics Virtual File System, provides read-only access to file-system objects from various storage media types and file formats.
The goal of dfVFS is to provide a generic interface for accessing file-system objects, for which it uses several back-ends that provide the actual implementation of the various storage media types,
volume systems and file systems.
- fmem-kernel-modules-fc29-{i386,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.20.7-200 for FC29
- lime-kernel-modules-fc29-{i386,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.20.7-200 for FC29
- fmem-kernel-modules-fc28-{i386,x86_64}-1.6-1.31.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.20.7-100 for FC28
- lime-kernel-modules-fc28-{i386,x86_64}-1.1.r17-31.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.20.7-100 for FC28