markmckinnon
commented
5 years ago what version of Ubuntu? What directions did you follow to create 4.8 of Autopsy? Going to try and recreate your environment so I can see what is going on.
Closed mrh1 closed 5 years ago
markmckinnon
commented
5 years ago what version of Ubuntu? What directions did you follow to create 4.8 of Autopsy? Going to try and recreate your environment so I can see what is going on.
mrh1
commented
5 years ago Oh, sorry, Ubuntu 16.04. The SANS SIFT workstation ova file (https://digital-forensics.sans.org/community/downloads).
I installed Autopsy as follows (pardon the large font, which was copied from a PowerPoint): •UpdateSIFT to Java 1.8: Follow instructions at-https://medium.com/coderscorner/installing-oracle-java-8-in-ubuntu-16-10-845507b13343 •Setthe JAVA_HOME environment variable-Editthe /etc/environment file »sudogedit/etc/environment-Insertthe java path on a new line at the bottom:◦JAVA_HOME="/usr/lib/jvm/java-8-oracle"-Addthe JAVA_HOME variable to your current shell (to avoid having to log out andback in)◦export JAVA_HOME="/usr/lib/jvm/java-8-oracle" •Downloadsleuthkit-java_4.6.2-1_amd64.debfrom-http://github.com/sleuthkit/sleuthkit/releases-CDto the Downloads directory; install sleuthkit java»cd~/Downloads»sudo aptinstall ./sleuthkit-java_4.6.2-1_amd64.deb•Downloadautopsy-4.8.0.zip from-https://github.com/sleuthkit/autopsy/releases/ •Unzipthe file, cd to the unzipped directory,and install»unzipautopsy-4.8.0.zip»cdautopsy-4.8.0»sh ./unix_setup.sh•Startautopsy with the command:»bin/autopsy Autopsy worked fine that way using the built-in plugins, and with one community-developed python plugin I tried (Chrome passwords identifier at https://github.com/tomvandermussele/autopsy-plugins).
-Mark From: Mark McKinnon notifications@github.com To: markmckinnon/Autopsy-Plugins Autopsy-Plugins@noreply.github.com Cc: mrh1 mrheckman@yahoo.com; Author author@noreply.github.com Sent: Tuesday, September 25, 2018 4:34 PM Subject: Re: [markmckinnon/Autopsy-Plugins] Volatility plugin exception in Autopsy 4.8.0 on Ubuntu (#13)
what version of Ubuntu? What directions did you follow to create 4.8 of Autopsy? Going to try and recreate your environment so I can see what is going on.— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
markmckinnon
commented
5 years ago Try the plugin I uploaded to my google drive to see if it fixes the issue. If it does I will move it over. https://drive.google.com/open?id=1zb-vPOQksTaGoFxCv3uSE67VizTekjTU
mrh1
commented
5 years ago It doesn't hang Autopsy or crash on startup, so that's good.
When I want to read a memory image as a data source, what Data Source type should I choose: a Disk Image or VM File, a Local Disk, a set of Logical Files, or Unallocated Space Image File?
From: Mark McKinnon <notifications@github.com>To: markmckinnon/Autopsy-Plugins Autopsy-Plugins@noreply.github.com Cc: mrh1 mrheckman@yahoo.com; Author author@noreply.github.com Sent: Wednesday, September 26, 2018 2:31 PM Subject: Re: [markmckinnon/Autopsy-Plugins] Volatility plugin exception in Autopsy 4.8.0 on Ubuntu (#13)
Try the plugin I uploaded to my google drive to see if it fixes the issue. If it does I will move it over. https://drive.google.com/open?id=1zb-vPOQksTaGoFxCv3uSE67VizTekjTU— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
mrh1
commented
5 years ago I specified the memory image as "unallocated", then unchecked all of the ingest modules except "Volatility Dump File Module", "Volatility Module", and "Volatility Convert Hiber/Crash Module". This is the result (missing "colatility File"):
From: Mark McKinnon <notifications@github.com>To: markmckinnon/Autopsy-Plugins Autopsy-Plugins@noreply.github.com Cc: mrh1 mrheckman@yahoo.com; Author author@noreply.github.com Sent: Wednesday, September 26, 2018 2:31 PM Subject: Re: [markmckinnon/Autopsy-Plugins] Volatility plugin exception in Autopsy 4.8.0 on Ubuntu (#13)
Try the plugin I uploaded to my google drive to see if it fixes the issue. If it does I will move it over. https://drive.google.com/open?id=1zb-vPOQksTaGoFxCv3uSE67VizTekjTU— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
markmckinnon
commented
5 years ago You will have to add the memory dump as a local file.
mrh1
commented
5 years ago Do you mean as a Logical File?
I'm getting this now, by the way, whenever I try to add a new data source:
And the Volatility Ingest modules don't run anyway, with the error I sent you earlier:
From: Mark McKinnon <notifications@github.com>To: markmckinnon/Autopsy-Plugins Autopsy-Plugins@noreply.github.com Cc: mrh1 mrheckman@yahoo.com; Author author@noreply.github.com Sent: Wednesday, September 26, 2018 4:45 PM Subject: Re: [markmckinnon/Autopsy-Plugins] Volatility plugin exception in Autopsy 4.8.0 on Ubuntu (#13)
You will have to add the memory dump as a local file.— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
markmckinnon
commented
5 years ago I have fixed the issues and you should not get this issue with the new version. I am closing this issue, please reopen if the issue persists.
Here is the traceback:
Traceback (most recent call last): File "/home/sansforensics/.autopsy/dev/python_modules/Volatility/Volatility_Dump.py", line 120, in getIngestJobSettingsPanel return VolatilitySettingsWithUISettingsPanel(self.settings) File "/home/sansforensics/.autopsy/dev/python_modules/Volatility/Volatility_Dump.py", line 613, in init self.initComponents() File "/home/sansforensics/.autopsy/dev/python_modules/Volatility/Volatility_Dump.py", line 938, in initComponents self.Plugin_LB = JList( self.Plugin_list, valueChanged=self.onchange_plugins_lb) TypeError: javax.swing.JList(): 1st arg can't be coerced to java.util.Vector, java.lang.Object[], javax.swing.ListModel
[catch] at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)