Volatility3-2.0.3-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Volatility 3 is a completely open collection of tools,
implemented in Python under the Volatility Software License,
for the extraction of digital artifacts from volatile memory (RAM) samples.
This release is patched as of 2022-03-03.
libschemaTools{,-devel}-1.4-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrieve data, and to know the structure of the records.
analysis-pipeline-5.11.4-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
pfring-8.1.0-7374.{el7,el8,amzn2}.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.1.0.7374-7374.{el7,el8,amzn2}.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.3.0-3645.{el7,el8,amzn2}.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
libfixbuf{,-devel,-tools}-3.0.0.alpha1-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Export of IP Flow Information" (RFC 5101).
See here for the list of changes.
These packages are installed in the forensics-test repository.
Please address any comments on these packages to netsa-help@cert.org.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.19.2-101.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha1.
Please address any comments on these packages to netsa-help@cert.org.
libschemaTools{,-devel}-1.4-2.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
libschemaTools is a library that provides a standard representation of data records.
It is built on fixbuf, using IPFIX information elements.
It describes data using schemas. Schemas are wrapped in "dataInfo" structures that provide ways to get the next record from the data source.
SchemaTools removes the need for the processing application to know the details of how to retrive data, and to know the structure of the records.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha1.
Please address any comments on these packages to netsa-help@cert.org.
python3-pyfixbuf-0.9.0-2.{fc33,fc34,fc35,el8,el9,amzn2}.x86_64.rpm and python36-pyfixbuf-0.9.0-2.el7.x86_64.rpm -
Pyfixbuf is a Python API for libfixbuf,
an implementation of the IPFIX protocol used for building, collecting, and exporting processes.
Pyfixbuf can be used to write applications, often called mediators, that collect and export IPFIX.
Mediators are useful in modifying, filtering, or adding to the contents of a message before forwarding to another
IPFIX collection point, or converting IPFIX to another format (text, database, JSON, etc.).
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha1.
Please address any comments on these packages to netsa-help@cert.org.
analysis-pipeline-5.11.4-2.{fc33,fc34,fc35,el7,el9,amzn2}.x86_64.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package is installed in the forensics-test repository.
This package was rebuilt to use libfixbuf 3.0.0.alpha1.
Please address any comments on these packages to netsa-help@cert.org.
super_mediator-2.0.0.alpha1-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for the list of changes.
This package is installed in the forensics-test repository.
This package was rebuilt to use libfixbuf 3.0.0.alpha1 and silk 3.19.2.
Please address any comments on these packages to netsa-help@cert.org.
yaf{,-devel}-3.0.0.alpha1-1.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 7 and 8 systems, yaf has been built to use PF_Ring.
See here for the list of changes.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha1.
Please address any comments on these packages to netsa-help@cert.org.
CERT-Forensics-Tools-1.0-100.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
The following packages were added:
crunch
docker-forensics-toolkit
KStrike
libfplist
libfwevt
libfwps
mtftar
pstotext
python3-pyfixbuf (python36-pyfixbuf for CentOS/RHEL 7)
VeraCrypt
videosnarf
wdpassport-utils
zeek
python3-semantic_version-2.8.4-8.{el9,amzn2}.noarch.rpm -
Semantic_Version for Python 3 is a library implementing the 'SemVer' scheme.
python3-gitdb-4.0.5-4.amzn2.noarch.rpm -
GitDB for Python 3 is a Git Object Database.
python3-smmap-3.0.1-6.amzn2.noarch.rpm -
SMMap for Python 3 is a sliding window memory map manager.
python3-GitPython-3.1.14-4.amzn2.noarch.rpm -
GitPython is a Git Library for Python3.
docker-forensics-toolkit-0.2.0-3.{fc33,fc34,fc35,el7,el8,el9,amzn2}.x86_64.rpm -
Docker Forensics Toolkit is a toolkit for performing post-mortem analysis of Docker runtime environments based on forensic HDD copies of the docker host system.
See this page for usage instructions.
This version fixes a packaging problem.
VeraCrypt-1.25.9-2.{fc33,fc34,fc35,el7,el8,amzn2}.x86_64.rpm -
VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux.
This release fixes a packing issue related to updating the icon cache.
snort-3.1.27.0-1.{fc33,fc34,fc35,el8,el9}.x86_64.rpm -
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
See here for the list of changes.
fmem-kernel-modules-el7-x86_64-1.6-1.85.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem:
3.10.0-1160.62.1 for EL7
lime-kernel-modules-el7-x86_64-1.1.r17-85.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME: