Don't understand german? Read or subscribe to my english-only feed.

The #newinjessie game: new forensic packages in Debian/jessie

Repeating what I did for the last Debian release with the #newinwheezy game it’s time for the #newinjessie game:

Debian/jessie AKA Debian 8.0 includes a bunch of packages for people interested in digital forensics. The packages maintained within the Debian Forensics team which are new in the Debian/jessie stable release as compared to Debian/wheezy (and ignoring wheezy-backports):

  • ext4magic: recover deleted files from ext3 or ext4 partitions
  • libbfio1: Library to provide basic input/output abstraction
  • lime-forensics-dkms: kernel module to memory dump
  • mac-robber: collects data about allocated files in mounted filesystems
  • pff-tools: library to access various ms outlook files formats/tools to exports PAB, PST and OST files
  • ssdeep: Recursive piecewise hashing tool (note: was present in squeeze but not in wheezy)
  • volatility: advanced memory forensics framework
  • yara: help to identify and classify malwares

Join the #newinjessie game and present packages which are new in Debian/jessie.

One Response to “The #newinjessie game: new forensic packages in Debian/jessie”

  1. Anonymous Says:

    ssdeep was present in wheezy, but it was removed due to licensing issues.