The #newinstretch game: new forensic packages in Debian/stretch
Repeating what I did for the last Debian releases with the #newinwheezy and #newinjessie games it’s time for the #newinstretch game:
Debian/stretch AKA Debian 9.0 will include a bunch of packages for people interested in digital forensics. The packages maintained within the Debian Forensics team which are new in the Debian/stretch release as compared to Debian/jessie (and ignoring jessie-backports):
- bruteforce-salted-openssl: try to find the passphrase for files encrypted with OpenSSL
- cewl: custom word list generator
- dfdatetime/python-dfdatetime: Digital Forensics date and time library
- dfvfs/python-dfvfs: Digital Forensics Virtual File System
- dfwinreg: Digital Forensics Windows Registry library
- dislocker: read/write encrypted BitLocker volumes
- forensics-all: Debian Forensics Environment – essential components (metapackage)
- forensics-colorize: show differences between files using color graphics
- forensics-extra: Forensics Environment – extra console components (metapackage)
- hashdeep: recursively compute hashsums or piecewise hashings
- hashrat: hashing tool supporting several hashes and recursivity
- libesedb(-utils): Extensible Storage Engine DB access library
- libevt(-utils): Windows Event Log (EVT) format access library
- libevtx(-utils): Windows XML Event Log format access library
- libfsntfs(-utils): NTFS access library
- libfvde(-utils): FileVault Drive Encryption access library
- libfwnt: Windows NT data type library
- libfwsi: Windows Shell Item format access library
- liblnk(-utils): Windows Shortcut File format access library
- libmsiecf(-utils): Microsoft Internet Explorer Cache File access library
- libolecf(-utils): OLE2 Compound File format access library
- libqcow(-utils): QEMU Copy-On-Write image format access library
- libregf(-utils): Windows NT Registry File (REGF) format access library
- libscca(-utils): Windows Prefetch File access library
- libsigscan(-utils): binary signature scanning library
- libsmdev(-utils): storage media device access library
- libsmraw(-utils): split RAW image format access library
- libvhdi(-utils): Virtual Hard Disk image format access library
- libvmdk(-utils): VMWare Virtual Disk format access library
- libvshadow(-utils): Volume Shadow Snapshot format access library
- libvslvm(-utils): Linux LVM volume system format access librar
- plaso: super timeline all the things
- pompem: Exploit and Vulnerability Finder
- pytsk/python-tsk: Python Bindings for The Sleuth Kit
- rekall(-core): memory analysis and incident response framework
- unhide.rb: Forensic tool to find processes hidden by rootkits (was already present in wheezy but missing in jessie, available via jessie-backports though)
- winregfs: Windows registry FUSE filesystem
Join the #newinstretch game and present packages and features which are new in Debian/stretch.