forked from sleuthkit/autopsy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Running_Linux_OSX.txt
133 lines (101 loc) · 5.41 KB
/
Running_Linux_OSX.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
This document outlines how to run a packaged version of Autopsy on Linux or OS X. It does not cover how to compile it from source or the Windows installer.
* Prerequisites *
The following need to be done at least once. They do not need to be repeated for each Autopsy release.
- Install testdisk for photorec functionality
-- Linux: % sudo apt-get install testdisk
-- OS X: % brew install testdisk
- (Optional) Install ImageMagick for Apple's High Efficiency Photo (HEIC/HEIF) support.
-- OS X: % brew install imagemagick
-- Linux:
% sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
% sudo apt-get update
% sudo apt-get install build-essential autoconf libtool git-core
% sudo apt-get build-dep imagemagick libmagickcore-dev libde265 libheif
% cd /usr/src/
% sudo git clone https://github.com/strukturag/libde265.git
% sudo git clone https://github.com/strukturag/libheif.git
% cd libde265/
% sudo ./autogen.sh
% sudo ./configure
% sudo make
% sudo make install
% cd /usr/src/libheif/
% sudo ./autogen.sh
% sudo ./configure
% sudo make
% sudo make install
% cd /usr/src/
% sudo wget https://www.imagemagick.org/download/ImageMagick.tar.gz
% sudo tar xf ImageMagick.tar.gz
% cd ImageMagick-7*
% sudo ./configure --with-heic=yes
% sudo make
% sudo make install
% sudo ldconfig
- Install the BellSoft Java 8 JRE and JavaFX 8 distribution and set JAVA_HOME.
* The BellSoft distribution bundles OpenJDK and OpenJFX. Other distributions we have tried either don't
bundle OpenJFX (AdoptOpenJDK) or don't include all necessary binaries (Amazon Corretto).
-- Linux:
1. Install BellSoft Java 8
% wget -q -O - https://download.bell-sw.com/pki/GPG-KEY-bellsoft | sudo apt-key add -
% echo "deb [arch=amd64] https://apt.bell-sw.com/ stable main" | sudo tee /etc/apt/sources.list.d/bellsoft.list
% sudo apt-get update
% sudo apt-get install bellsoft-java8-full
2. Set JAVA_HOME
% export JAVA_HOME=/usr/lib/jvm/bellsoft-java8-full-amd64
NOTE: You may need to log out and back in again after setting JAVA_HOME before the Autopsy
unix_setup.sh script can see the value.
-- OS X:
1. Install BellSoft Java 8.
% brew tap bell-sw/liberica
for macOS BigSur and later:
% brew install --cask liberica-jdk8-full
for macOS versions before BigSur:
% brew cask install liberica-jdk8-full
2. Set JAVA_HOME environment variable to location of JRE installation.
e.g. add the following to ~/.bashrc
export JAVA_HOME=$(/usr/libexec/java_home -v 1.8)
- Confirm your version of Java by running
% java -version
openjdk version "1.8.0.232"
OpenJDK Runtime Environment (build 1.8.0_232-BellSoft-b10)
OpenJDK 64-Bit Server VM (build 25.232-b10, mixed mode)
* Install The Sleuth Kit Java Bindings *
Autopsy depends on a specific version of The Sleuth Kit. You need the Java libraries of The Sleuth Kit installed, which is not part of all packages.
- Linux: Install the sleuthkit-java.deb file that you can download from github.com/sleuthkit/sleuthkit/releases. This will install libewf, etc. For example:
-- % sudo apt install ./sleuthkit-java_4.8.0-1_amd64.deb
- OS X: Build The Sleuth Kit from source.
See https://slo-sleuth.github.io/tools/InstallingAutopsyOnMacOS.html for a comprehensive write-up
on building The Sleuth Kit and getting Autopsy to run on Mac OS.
* Install Autopsy *
- Extract the contents of the Autopsy ZIP file to a folder.
- Open a terminal and cd into the Autopsy folder.
- Run the unix_setup.sh script to configure Autopsy
% sh unix_setup.sh
* Running Autopsy *
- In a terminal, change to the ‘bin’ directory in the Autopsy folder.
- Run Autopsy
% ./autopsy
* Troubleshooting *
- If you see something like "Cannot create case: javafx/scene/paint/Color" it is an indication that Java FX
is not being found.
Confirm that the file $JAVA_HOME/jre/lib/ext/jfxrt.jar exists. If it does not exist, return to the Java
setup steps above.
- If you see something like "An illegal reflective access operation has occurred" it is an indication that
the wrong version of Java is being used to run Autopsy.
Check the version of Java reported in the ~/.autopsy/dev/var/log/messages.log file. It should contain lines that looks like:
Java; VM; Vendor = 1.8.0_232; OpenJDK 64-Bit Server V 25.232-b10; BellSoft
Runtime = OpenJDK Runtime Environment 1.8.0_232-BellSoft-b10
Java Home = /usr/lib/jvm/bellsoft-java8-amd64/jre
If your messages.log file indicates that Java 8 is not being used:
(a) confirm that you have a version of Java 8 installed and
(b) confirm that your JAVA_HOME environment variable is set correctly:
% echo $JAVA_HOME
- If you see something like "cannot be opened because the developer cannot be verified." it is an indication
that Gatekeeper is running and is stopping a file from being executed. To fix this open a new terminal window
and enter the following command "sudo spctl --master-disable", you will be required to enter your password.
This will allow any program to be be downloaded from anywhere and executed.
* Limitations (Updated May 2018) *
- Timeline does not work on OS X
- Video thumbnails are not generated (need to get a consistent version of OpenCV)
- VHD and VMDK files not supported on OS X