SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for bulk_extractor-1.5.5-2.el6.x86_64.rpm :
Sun Sep 28 14:00:00 2014 Lawrence Rogers - 1.5.5-2

* Release 1.5.5-2
report_encodings.py specified python3.2. Changed to just python3.

Tue Sep 16 14:00:00 2014 Lawrence Rogers - 1.5.5-1

* Release 1.5.5-1
Version 1.5.5

Tue Aug 12 14:00:00 2014 Lawrence Rogers - 1.5.3-1

* Release 1.5.3-1
Version 1.5.3

Tue Aug 12 14:00:00 2014 Lawrence Rogers - 1.5.2-1

* Release 1.5.2-1
Version 1.5.2

Sun Aug 3 14:00:00 2014 Lawrence Rogers - 1.5.1-1

* Release 1.5.1-1

* configure.ac: incremented version number

* src/image_process.cpp: multi-split files was not working properly on Windows. Fixed

* src/scan_rar.cpp (scan_rar): fixed typo. raw_find_volume becomes rar_find_volume

* src/scan_base16.flex (public): fixed decoder so that what is decoded is a child sbuf with a specific offset and length

* src/be13_api/feature_recorder.cpp (hexval): fixed hexval(); it was not working properly for letters A through F. (I wrote this myself becuase it isn\'t present on mingw.)

* src/be13_api/feature_recorder.h (f): several of the flags were the same, resulting in behavior that was incorrect.

* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::unset_flag): changed clear_flag to unset_flag for consistency.

* bugfix: featurefiles for carved elements no longer include the name of the -o directory.

* src/scan_vcard.cpp (scan_vcard): removed string myString;

* src/image_process.h (class process_dir): changed blocks() to max_blocks().

* src/be13_api/feature_recorder.cpp (feature_recorder::dump_histogram): moved regex into histogram_def so that it could be run in write(), rather than in post-processing.

* src/be13_api/feature_recorder.h (class feature_recorder): removed outdir and input_fname from feature_recorder, since they are in the feature_recorder_set

* src/be13_api/feature_recorder.h (class feature_recorder): carve no longer needs hasher passed in, becuase it is in the feature_recorder_set

* src/be13_api/bulk_extractor_i.h (be13): hash_def moved from be13 namespace to feature_recorder_set

* src/image_process.h (class process_dir): implemented const correctness for a whole bunch of methods

* src/be13_api/feature_recorder.h: removed using namespace std

* src/be13_api/feature_recorder_set.h (class feature_recorder_set): process_histograms changed to make_histograms, because that\'s what it is doing

* src/be13_api/feature_recorder.h (class feature_recorder): make_histogram renamed to dump_histogram (because that\'s what it\'s doing; callback function added)

* src/be13_api: USE_HISTOGRAMS is gone; everybody uses them now.

* src/main.cpp (main): alert_list and stop_list are no longer global variables; they are now local to main() and added to the feature_recorder_set

* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::init): stop_list and alert_list are now part of the feature_recorder_set.

* src/be13_api/Makefile.defs: moved word_and_context_list.
* from bulk_extractor to be13_api

* src/be13_api/feature_recorder.cpp (feature_recorder::feature_recorder): now has reference to feature_recorder_set

* src/stand.cpp (main): replaced manual histogram generator in stand with call to phase_histogram in be13::plugin

* src/be13_api/bulk_extractor_i.h (be13): added proper #ifdefs for each type

* src/be13_api/feature_recorder_set.h (class feature_recorder_set): more functions were made virtual and more instance values were made private

* src/be13_api/bulk_extractor_i.h: process_packet_info renamed to process_packet.

* src/be13_api/sbuf.h (class sbuf_t): removed pos0_t from map_file because it can be inferred.

* python/bulk_extractor_reader.py (BulkReport): changed .imagefile() to .image_filename

* python/identify_filenames.py: changed .imagefile to .image_filename

* configure.ac: updated for C++ and MacOS Mavericks. Changed version to 1.4.2

* src/main.cpp (main): removed BULK_EXTRACTOR_DEBUG.

* src/scan_net.cpp (p): removed packetset (no longer used)

* src/be13_api/sbuf.h (stoi64): stoi() removed because it is part of stdc11

* src/be13_api/feature_recorder.h (f): removed tags

* src/be13_api/plugin.cpp (plugin::phase_histogram): cleaned up printing of newlines during histogram output printing.

* src/be13_api/feature_recorder.cpp (feature_recorder::write): replace substr with in-place resize

* src/be13_api/feature_recorder.h (class feature_recorder): added MAINTHREAD() to set_flag(), becuase flags should only be set in the main thread.
lso moved definition into feature_recorder.cpp, so that the in-memory histogram can be created if that flag is set.

* src/bulk_extractor.cpp (main): added reporting of MD5 of disk image

* src/be13_api/feature_recorder.cpp (carve): valid_dosname has to be applied to ext, since ext may come with slashes in it.

* src/scan_bulk.cpp (dfrws2012_bulk_process_dump): removed DFRWS code.

* configure.ac: incremented version to 1.4.1-dev. Enabled LT_INIT support; removed RANLIB support.

* src/scan_accts.flex (dob): DOBs, Fedex#s, and SSNs are now recorded to a feature recorder called \'pii.txt\'.

* configure.ac: updated to beta6

* src/be13_api/feature_recorder.cpp (feature_recorder::write_tag): disabled recorders no longer carve or have tag support.

* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::create_name): added warning if feature recorder already exists.

* src/bulk_extractor.cpp (main): removed explicit creation of alert recorder; no longer needed.

* src/be13_api/feature_recorder_set.h (class feature_recorder_set): alert_recorder should not be a global static; it is now per feature_recorder_set.

* src/be13_api/feature_recorder.cpp (feature_recorder::feature_recorder): removed carved_set that was keeping track of what was carved, as it is no longer necessary.

* src/scan_exif.cpp (scan_exif): jpeg carver feature recorder renamed to jpeg_carved.

* src/be13_api/plugin.cpp (info_scanners): now only prints -H info if it is provided by the scanner.

* src/scan_zip.cpp (scan_zip_component): now records general_purpose_bit_flags in XML. Bit 1 indicates that a component is encrypted
(scan_zip_component): removed max_depth check; it\'s in plugin system

* src/scan_net.cpp (scan_net): the -S variable carve_tcp is now implemented by the scan_net scanner to enable or disable TCP/IP memory structure carving. It is disabled by default.

* src/scan_windirs.cpp (scan_windirs): windirs now only runs at top level

* src/scan_zip.cpp (scan_zip_component): now prints mtime in ISO8601 format
(scan_zip_component): (previously mtime and ctime were wrong parts)

* src/scan_xor.cpp (scan_xor): will not XOR on either side of a ZIP. improved error handling

* tests/regress.py: updated numbers for 1.4 release

* configure.ac: updated to beta4

* configure.ac: updated to beta3

* src/scan_exif.cpp: fixed jpeg validation. carving now works.

* src/be13_api/plugin.cpp (GET_CONFIG): fixed bug in handling of uint8_t config values. They weren\'t getting set properly.. Ugh.

* src/scan_xor.cpp (scan_xor): fixed error when XOR mask was specified as 0. Previously it recused; now it does not.

* configure.ac: removed defines we aren\'t using anymore

* src/be13_api/feature_recorder.h (class feature_recorder): as a result of popular demand, the UTF8 BOM and BOM EXPLAINATION have been removed from the feature files

* src/be13_api/feature_recorder_set.cpp (feature_recorder_set::get_name): get_name() now returns NULL if feature recorder does not exist.

* src/be13_api/feature_recorder.h (class feature_recorder): added context_window_before() and context_window_after().

* src/bulk_extractor.cpp (main): replaced context_window with context_window_default.

* src/be13_api/bulk_extractor_i.h (class scanner_params): made more variables const.
(class recursion_control_block): removed returnAfterFound(raf); now implemented with exceptions

* src/bulk_extractor.cpp (]): fixed handling of LIB_EXPAT
(b): restart logic did not compile. Now it is fixed.

* configure.ac: fixed bug in which expat.h was not being checked for. use AC_CHECK_HEADERS() instead of AC_CHECK_HEADER(), as AC_CHECK_HEADER() requires
that you add additional logic and AC_CHECK_HEADERS() automatically adds HAVE_HEADER_H.

* src/scan_zip.cpp (scan_zip): removed name_len (not needed)

* src/pyxpress.h: removed \'extern\' designation

* src/image_process.h (i): removed extern size_t opt_pagesize and extern size_t opt_margin. These are now phase1 configuration variables that are passed into the image_iterator.

* src/scan_email.flex (Host): removed ip_written and ip_tested (always remove dead code)

* src/be13_api/feature_recorder.cpp (feature_recorder::carve): changed carving so that carved files are stored with the filename of their location. Also, fixed check-then-access race error in feature_record.cpp
(feature_recorder::carve): fixed race conditon in carving.

* feature_recorder_set.cpp - debug is now a static variable

* src/image_process.h (image_process): debug is now a local variable for image_process.h

* src/be13_api/bulk_extractor_i.h (DEBUG_EXIT_EARLY): removed DEBUG_MALLOC and DEBUG_MALLOC_FAIL_FREQUENCY; now is handled with -S system

* src/bulk_extractor.h: removed all global options; replaced with the be config system

* src/pyxpress.c: added OpenSSL exemption per email from Matthieu Suiche

* src/be13_api/sbuf.h: md5 support removed from sbuf

* src/be13_api/plugin.cpp (plugin::get_scanner_feature_file_names): extensive changes to make the global functions part of the be13::plugin class.

* src/bulk_extractor.cpp (main): -S now sets options; -s now sets sampling fraction.

* src/bulk_extractor.cpp (usage): The -B option for specifying the blocksize for bulk data analysis has been removed. Instead specify it with -S block_size=NN.

* src/be13_api/xml.cpp (xml::xml): Routine for opening an existing DFXML file is removed. Anyone who processes XML with regular expressions is in a state of sin.

* src/be13_api/plugin.cpp: max_depth changed to 7

* src/scan_winpe.cpp (scan_winpe_verify): added verification of section names and DLL names to reject false positives.

* src/scan_net.cpp (p): carved ethernet packets are now properly recorded in ether.txt and tcp.txt

* packet carving for disembodied ethernet packets fixed! In 3ad21780, simsong was creating the hz structure but not setting it, so all carved packets had zero length

* src/be13_api/feature_recorder.cpp (banner_stamp): added \
to # BANNER FILE NOT PROVIDED

* src/scan_elf.cpp (scan_elf_verify): fixed bug in scan_elf where XML was incorrect and being generated for invalid ELF headers.

* src/bulk_extractor.cpp (main): -Z is no longer fatal if directory does not exist.

* configure.ac: fixed AX_PTHREAD test to fail if pthreads are not found.

* src/be13_api/feature_recorder_set.cpp (get_name): renamed Mstats to Mlock. Added Mlock to get_name() (apparently this isn\'t thread safe?)

* src/threadpool.h (class worker): removed pesky noreturn problem with threadpool.

* python/identify_filenames.py (process_featurefile): added #\'s to report printed at bottom
(process_featurefile): added format

* python/bulk_extractor_reader.py (is_feature_line): Now handles annotated feature files.
(BulkReport.__init__.validate): added programmer notice for error of providing a feature file instead of a report directory

Tue Nov 27 13:00:00 2012 Lawrence Rogers - 1.3.1-2

* Release 1.3.1-2
Included necessary dependencies to build and install BEViewer

Sun Nov 25 13:00:00 2012 Lawrence Rogers - 1.3.1-1

* Release 1.3.1-1
Various miscellaneous changes

Mon Jun 4 14:00:00 2012 Lawrence Rogers - 1.2.2-3

* Release 1.2.2-3
Python scripts now installed with the original .py suffix.

Thu May 31 14:00:00 2012 Lawrence Rogers - 1.2.2-2

* Release 1.2.2-2
Replaced /usr/bin/bulk_extrator with the binary and not the python script.

Sat Apr 28 14:00:00 2012 Lawrence Rogers - 1.2.2-1

* Release 1.2.2-1

* src/threadpool.cpp (threadpool::win32_init): created for administrative simplification.

* src/threadpool.h (class cppmutex): moved cppmutex to this file.

* src/feature_recorder.h: replaced #include \"cppmutex.h\" with #include \"threadpool.h\"

* src/xml.cpp (xml::close): removed dtd making

* src/cppmutex.h: added cppmutex.h

* src/feature_recorder.h (class feature_recorder): replaced pthread_mutex_t with cppmutex, a C++ cover class for mutexes.

* src/bulk_extractor.cpp (phase1): added #ifdef HAVE_LOCALTIME_R to cover systems that do not have localtime_r.

* src/aftimer.h (aftimer::eta_time): changed from \'when\' to \'t\' for consistency.

* src/scan_aes.cpp (scan_aes): added check -- if sp.buf.bufsize
* src/regex_list.h (class regex_list): removed globbing

* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one.

* src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set.

* src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder

* src/bulk_extractor.h: opt_banner_file moved to feature_recorder

* src/bulk_extractor.cpp (main): outdir now an instance variable

* src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable

* src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable

* src/feature_recorder.h (class feature_recorder): outdir now an instance variables

* src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable

* src/scan_net.cpp (class packet_carver): outdir now read from feature recorder.

* src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder.

* src/MANY - outdir is no longer global.

* src/bulk_extractor.cpp (main): added -G to specify page size

2012-01-29 Simson Garfinkel

* src/xml.h (class xml): added svn_version to DFXML output.

* src/scan_net.cpp: now carries its own ipv6 implementation.

Sat Feb 11 13:00:00 2012 Lawrence Rogers - 1.2.0-1

* Release 1.2.0-1

* src/regex_list.h (class regex_list): removed globbing

* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers
are hashed prior to being decompressed and the same buffer will only be hashed just one.

* src/feature_recorder_set.cpp (scan_zip): alert_recorder is now in feature_recorder_set.

* src/feature_recorder.cpp (feature_recorder::banner_stamp): banner_stamp moved to feature_recorder

* src/bulk_extractor.h: opt_banner_file moved to feature_recorder

* src/bulk_extractor.cpp (main): outdir now an instance variable

* src/feature_recorder_set.h (class feature_recorder_set): outdir now an instance variable

* src/feature_recorder_set.cpp (feature_recorder_set::feature_recorder_set): outdir now an instance variable

* src/feature_recorder.h (class feature_recorder): outdir now an instance variables

* src/feature_recorder.cpp (feature_recorder::feature_recorder): outdir now an instance variable

* src/scan_net.cpp (class packet_carver): outdir now read from feature recorder.

* src/scan_wordlist.cpp (wordlist_split_and_dedup): outdir now read from feature recorder.

* src/MANY - outdir is no longer global.

* src/bulk_extractor.cpp (main): added -G to specify page size

* src/xml.h (class xml): added svn_version to DFXML output.

* src/scan_net.cpp: now carries its own ipv6 implementation.

* configure.ac: advanced version number to 1.2.0RC1 GNUC_HAS_DIAGNOSTIC_PRAGMA now set in configure.ac

* src/bulk_extractor.cpp (main): the -s (context-sensitive stop list) option is removed. The -r (alert list) and
-w (stop list) will now take a list of regular expressions, a list of globs or feature files.

* src/feature_recorder.cpp (feature_recorder::make_histogram): removed get_line_offset(); no longer needed

* src/scan_email.flex: eliminated an increment in LexerInput() validate_email now inline.
find_domain_in_email now inline.
find_domain_in_url now inline

* src/scan_aes.cpp (scan_aes): scan_aes now runs in 15% the time of the original version. It is now, therefore, enabled by default.

* src/feature_recorder_set.cpp (feature_recorder_set::dump_stats): seconds scanners in states changed to scanner_times

* src/bulk_extractor.h: removed gnuexif

* src/bulk_extractor.cpp (scanners_builtin): removed gnuexif info.

* src/scan_gnuexif.cpp: removed file.

* src/xml.cpp (xml::add_DFXML_build_environment): removed gnuexif support.

* configure.ac (HAVE_LIBEWF_H): removed gnuexif support.

* configure.ac: removed check for libpcap because we don\'t actually use it.

* src/scan_net.cpp: removed #include for libpcap because we didn\'t actually use it.

* Makefile.am (EXTRA_DIST): added m4/ax_pthread.m4 to EXTRA_DIST.

* src/scan_exif.cpp (scan_exif): removed md5hex_4k since the code was already in sbuf_t.

* src/sbuf.h (class sbuf_t): whoops. should have been assert(bufsize>=pagesize), not vice-versa (class pos0_t): stoi64() moved to pos0_t.

* src/sbuf.h (class sbuf_t): When we create a new sbuf with the + operator, we need to also add +i to the pos0.
(class sbuf_t): + now asserts that bufsize cannot be smaller than pagesize.

* src/scan_exif.cpp (md5hex_4k): Whoops. Should be hashing min of the pagesize and 4096, not max.

Wed Dec 14 13:00:00 2011 Lawrence Rogers - 1.1.3-1

* Release 1.1.3-1

* src/xml.cpp: now works with older and newer versions of exiv2

* src/histogram.cpp (HistogramMaker::add): looks for \\000 in utf16 strings converted to utf8 and erases them (We were getting them in histograms)

* src/scan_wordlist.cpp (wordlist_split_and_dedup): no longer adds zero-length words to wordlist

* src/feature_recorder.cpp (feature_recorder::make_histogram): histograms no longer banner stamp or version stamp if there is no corresponding feature.

* src/scan_net.cpp (pcap_writepkt): changed file extension from .dmp to .pcap for packets

* src/bulk_extractor.cpp (phase1): added -A offset to add an offset.

* src/bulk_extractor.cpp (phase1): added -Y start-end notation in addition to -Y start notation.

* src/feature_recorder.cpp (feature_recorder::write): added support for opt_offset_add to allow output to be shifted (for parallelizing across multiple systems.)

* src/sbuf.h (class pos0_t): removed snprintf; now uses stringstream.
(operator +): changed most functions to take const & rather than a new object.

* src/feature_recorder.cpp (feature_recorder::write): now always writes out the second \\t for the context, even if there is no context.

* configure.ac: added AC_PROG_CC AC_PROG_CXX and AC_PROG_INSTALL

* src/Makefile.am (.flex.o): FlexLexer.h moved to MyFlexLexer.h to support CentOS where an out-of-date flex is installed.

* src/bulk_extractor.cpp (process_path): fixed handling of /h and /r with -p option

* configure.ac: removed pcap.h tests becuase its not needed

* src/scan_email.flex (Host): now only writes domains>0.

* src/scan_zip.cpp (scan_zip): zip components with no name are now given

* src/scan_winprefetch.cpp (scan_winprefetch): modified to only write out prefect files with non-zero exec name

* src/scan_net.cpp (scan_net): significant update --- I don\'t need libpcap to do packet carving!

* src/image_process.cpp (sbuf_alloc): added a new iterator method it->pos0() returns the pos0 of the sbuf to be allocated by it->sbuf_alloc()
(sbuf_alloc): changed calloc to malloc for performance
(process_aff::sbuf_alloc): now thorws bad_alloc if an exception is encountered
(process_ewf::sbuf_alloc): now thorws bad_alloc
(process_raw::sbuf_alloc): now thorws bad_alloc

* src/bulk_extractor.cpp: removed scanner_enabled().

* src/Makefile.am (bulk_extractor_SOURCES): removed checkpoint.h

* src/bulk_extractor.cpp (main): checkpoint removed; restarting now done through dfxml file.
(phase1): do_phase1 renamed phase1; just_phase1 renamed do_phase1. phase1 and phase2 flags removed. Now automatic.
(main): -2 option removed

* src/image_process_fts.cpp (process_dir::process_dir): added E01 detection.

* src/scan_email.flex (Host): fixed crashing bug on context extraction in MAKESTRING6.

* configure.ac: fixed conforming/non-conforming test for strchr

* src/bulk_extractor.cpp: added HTTP_EOL which is \\r\
in Unix and Mac and

* src/histogram.cpp (HistogramMaker::looks_like_utf16): now recognizes both little-endian and big-endian UTF-16 strings and properly converts them.

* regress.py (analyze): now enables all scanners including wordlist

* python/bulk_extractor.py (BulkReport.open): openfile renamed open

* src/bulk_extractor.cpp (process_find_file): now ignores lines that begin with #

* src/scan_winprefetch.cpp (P): changed utf16_string to wstring (which is the standard).

* src/scan_accts.flex: replaced unicode16_to_string with utf16to8

* src/checkpoint.h (load): named and val no longer shadow values

* src/histogram.h (>): big surprise: it turns out that you should not subclass STL containers! Who knew? Well, a lot of people, apparently:
http://stackoverflow.com/questions/4353203/thou-shalt-not-inherit-from-stdvector
http://stackoverflow.com/questions/245475/how-do-i-create-a-generic-stdvector-destructor
http://stackoverflow.com/questions/3601431/base-class-class-stdvector-has-a-non-virtual-destructor
http://stackoverflow.com/questions/1647298/why-dont-stl-containers-have-virtual-destructors

* src/threadpool.cpp (threadpool): modified so that master and worker are now references, rather than pointers.

* configure.ac (HAVE_PTHREAD): added warnings for C++

* src/base64_forensic.cpp: cleaned up prototypes.

* src/scan_aes.cpp (valid_aes256_schedule): updated off-by-one problem.
(valid_aes192_schedule): updated off-by-one problem.
(valid_aes128_schedule): updated off-by-one problem.

Fri Jul 29 14:00:00 2011 Morgan Weetman - 0.7.24-1
- Initial package


 
ICM