Wed Sep 11 20:01:48 UTC 2013 - Greg.Freemyer@gmail.com
- update to v1.4.0
* There is a long list of bug fixes and improvements, see ChangeLog and be-1.4.0-announcement.pdf in /usr/share folder
* added support for lightgrep library which greatly improves keyword search speed
* src/scan_accts.flex (dob): DOBs, Fedex#s, and SSNs are now recorded to a feature recorder called 'pii.txt'.
* src/scan_net.cpp (scan_net): the -S variable carve_tcp is now implemented by the scan_net scanner to enable or disable TCP/IP memory structure carving. It is disabled by default.
* src/scan_zip.cpp (scan_zip_component): now prints mtime in ISO8601 format
* src/bulk_extractor.h: removed all global options; replaced with the be config system
* src/bulk_extractor.cpp (main): -S now sets options; -s now sets sampling fraction.
* src/bulk_extractor.cpp (usage): The -B option for specifying the blocksize for bulk data analysis has been removed. Instead specify it with -S block_size=NN.
- commented out be-1.3.1-cpuid.patch. It is unclear how to rebase.
- rebase ppc-cpuid.patch, ppc build still broken possibly because of missing be-1.3.1-cpuid patch
- delete be-1.3.1-remove-date-time.patch
- add be-1.4.0-remove-date-time.patch (it is in a different source file, so this is not just a rebase)
- add BuildRequires lightgrep shared library
* This is not mandatory and could be conditioned out for architectures that don't have it
- add patch to prevent a new test program from being packaged
* PATCH-FIX-OPENSUSE be-1.3.1-remove-debug-program [/usr/bin/plugin_test should not be installed]
- Add BuildRequires java-devel. This allows the BEViewer to build and install
- BEViewer.jar is installing to /usr/bin. Move it to /usr/share/bulk_extractor.
- use sed to update BEViewer to reference the jar in /usr/share/bulk_extractor, not /usr/bin
- Add BEViewer script and jar file to %files section
- Add the announcement email as a standalone PDF as documentation
- Add requires: sleuthkit so that identify_filenames.py works properly
Tue Apr 3 19:55:37 UTC 2012 - Greg.Freemyer@gmail.com
- update to v 1.2.0
* src/scan_zip.cpp (scan_zip): now detects decmopression bomb attack and changes mode of operation so that buffers are hashed prior to being decompressed and the same buffer will only be hashed just one.
* src/bulk_extractor.cpp (main): added -G to specify page size
* src/xml.h (class xml): added svn_version to DFXML output.
* src/bulk_extractor.cpp (main): the -s (context-sensitive stop
list) option is removed. The -r (alert list) and -w (stop list)
will now take a list of regular expressions, a list of globs or
feature files.
* src/scan_aes.cpp (scan_aes): scan_aes now runs in 15% the time of the original version. It is now, therefore, enabled by default.
