Provide installation procedure for Linux

[sidahmed-malaoui]

I've been looking for a while on the net, and I can't find any useful procedure to install the latest version of autopsy on Linux.

So can you provide an installation procedure on the README.md file please.

[rcordovano]

sidahmed-malaoui, at Basis Technology we are not currently actively supporting Autopsy on Linux, although community efforts to do so are underway. I hope to make the change to README.md that you are requesting at some time in the future.

Sincerely, Richard Cordovano Autopsy Team Lead Director of Engineering - Digital Forensics, Basis Technology

[sidahmed-malaoui]

Thanks, I appreciate it.

[bcarrier]

I just created a shell of a README just for Linux and OS X. For those that are working on getting Autopsy working on Linux and OS X, they can add their instructions to this file and send them to us via pull requests.

[sidahmed-malaoui]

Thanks @bcarrier .

[marshalla99]

This is a working installation file for Debian systems. It has a few nasty dependencies - which are documented in the comments - so may break, but it gets Autopsy 4.5.1 up and running on my test system.

NewAutopyInst.sh.txt

[cogwizzle]

@marshalla99 I'm going to take the script you just posted and spin it up inside of a docker container to bootstrap the plugin development process.

[cogwizzle]

@marshalla99 Do you want to create a git repository for that code so that other people can contribute and make pull request?

[marshalla99]

I guess we could - or we could just add it to this repository as a linux build option and update the Readme that Brian has left as a placeholder.

Maybe create a folder full of Linux build scripts to cater for apt, dnf and yum based systems in particular?

[cogwizzle]

@marshalla99, @bcarrier It is up to you. I'm still pretty new to the project, but I'd really like to make the startup process easier for those trying to get this running on Linux.

[marshalla99]

I'd vote for doing it as part of the main distribution and keeping it within this structure - it'll get a wider audience and keep everything under one umbrella. But it's really up to @bcarrier and @rcordovano as the leads, I guess.

[marshalla99]

For now, since I'm evolving scripts for Debian and Ubuntu (with the intention of adding Autopsy 4 to a live distro. for a course I'm teaching next year), I'm making the scripts available on a Google Drive shared folder at: https://drive.google.com/drive/folders/1wL8_JI6U_3_Kq4hJKBhxhGIJk-sSdVVK?usp=sharing

[danpos]

@marshalla99 Hi, I have made a few fixes to your script, to compile and build Autopsy 4.5.1 as a non-root user in my Ubuntu16.04 x64 workstation.

NewAutopsyInst.sh.txt

[marshalla99]

Cool. Thanks. I'll merge into the newest versions later this week.

[0x736E]

@marshalla99 and @danpos thanks for this, have been trying to get it building since last night but this script did it.

I think it should be possible to build on this script, maybe clean it up and account for edge cases, and make it part of the default build/install process for Linux (given that there really isn't any Linux procedure).

[marshalla99]

It's still pretty rough and definitely needs to be cleaned up - but all it does it get something to build. That something may or may not work properly (my instance doesn't, yet) so we need to keep plugging away figuring out the rest of the missing dependencies (I have another version which grabs additional files and patches some source to resolve other problems.)

Sometime, we should probably turn it into a proper Makefile or similar.

[marshalla99]

Just dropping in a couple of build warnings that I'm getting at the moment. No idea if these relate to the Timeline problem, but I guess anything is possible. I'll fix them later and add to the Ubuntu script.

[nb-javac] warning: [path] bad path element "/home/osboxes/AutopsyInst/autopsy/Core/release/modules/ext/LGoodDatePicker-10.3.1.jar": no such file or directory [nb-javac] warning: [path] bad path element "/home/osboxes/AutopsyInst/autopsy/Core/release/modules/ext/mchange-commons-java-0.2.11.jar": no such file or directory

[0x736E]

@marshalla99 I also got that, which lead to me submitting #3295

It's a problem with the dependency management of this project; being that it uses 'ivy' which appears to be fairly defuct (at least with regards to Netbeans). I managed to fix most dependency issues by installing Apache Ivy: http://ant.apache.org/ivy/

This does not fix the issue you have though (despite earlier edits of this comment). Though I think it probably should, which may suggest that we have an underlying dependency management issue at play.

[marshalla99]

That's interesting. I guess there's a problem with the standard implementation of ivy (which the build process seems to download automagically) then? That would explain why the list of missing .jars is so variable - the two listed above are always missing, but about every third or fourth build attempt throws a list of at least 6 others. That's even after multiple passes through the dependencies.

I've created an additional shell script to drag them down, just in case.

[0x736E]

If the build process downloads ivy automagically, it does so in a way that does not work well on Linux. I had to install it manually to get it to fetch dependencies. Even so, LGoodDatePicker always seemed to be missing.

Bizarrely, when I manually added the dependencies to their expected path, I've had builds that were completely absent any ingest modules.

[marshalla99]

Ugh. That's horrible. I'm starting to wonder if we mightn't be better off just picking up Autopsy 2 and developing it some more ;) (especially with the missing bindings files problem in TSK).

[marshalla99]

OK - V1.3 of the Ubuntu build script is in the Google Drive folder. More pre-requisites added to try to solve some problems, including ivy. This version now auto-downloads an extra script which automates the download of some .jar files for the TSK java bindings.

There's also a chunk of script commented out. It grabs various files, including LGoodDatePicker and copies them to the appropriate sub-directories to try to help the build process. If you're consistently getting problems, it's worth enabling this.

Most functions seem to work OK for me - except for TimeLine (see #3247 ), which freezes the whole program, and the occasional build hiccup described above.

[bcarrier]

The ivy jar file should get downloaded to ~/.ant/lib/ivy.jar. Does it exist there for those of you who it is not working? If it doesn't work, can you send me the output from running 'ant' in sleuthkit/bindings/java? I'm curious what error messages it reports.

FYI, we have an intern starting next month who is going to focus on packaging for Linux and OS X. My impression thus far is that we will need to move to maven for dependency management since the Linux packages seem to better deal with it than ivy.

[marshalla99]

Thanks Brian - the ivy.jar file is present - but its behaviour is inconsistent, as described above. We always have two missing .jars, as noted above, for Autopsy but sometimes a lot more. It seems to need 2 or 3 passes through the ant build process to get it down to a consistent 2 missing.

Installing apache ivy before starting the build seems to to have cured that problem

The sleuthkit bindings are also problematic, and need some tweaking during the build process to get the right files and filenames available for the later stages.

.

[bcarrier]

Are there any error messages when it fails to download some of them?

[marshalla99]

From memory, nothing obvious - just a lot of warnings about the missing files during the build process.

[0x736E]

@bcarrier I would +1 moving to maven or gradle

[danpos]

@bcarrier it follows up my last build, with all sort of warnings. Build_Ubuntu_x64_Dec_20th_2017.txt

[danpos]

@bcarrier the last one. Build_Ubuntu_x64_Dec_20th_2017_after_script_tweak.txt

[marshalla99]

Those are pretty consistent with what I'm seeing. It looks, to me, like a couple of classes are missing. Based on the names, they're top level display elements of some sort.

[marshalla99]

OK - if you look at my comments on #3330 and the #3247 Timeline issue, a change of environment seems to have enacted a cure for the Timeline showstopper and the non-closing dialog. I suspect it may be a desktop environment problem, but I've also made a few tweaks to the build script to get it to work on CAINE 9.0. I'll report back when I've had a chance to test it on the Ubuntu VM.

The ivy dependency management issue is consistently present on all platforms I've tried so far.

[marshalla99]

Ok - I think I have a fix for both Timeline and the non-closing dialog now. Those who are working on it, please could you check to see if you have libboost-dev installed?

[petterlopes]

Hi friends, script to install Autopsy updated today. Fixed some issues

TESTED WITH AUTOPSY 4.5.0 (most recent, Ubuntu and Kali), NOT WORK WITH JAVA 9.

See on: https://periciacomputacional.com/linux-install-autopsy

[marshalla99]

OK - we seem to have ironed out most of the building problems now, and Autopsy runs well on Linux. I guess we need to figure out what's needed to build it as a standalone package rather than something that runs in dev. mode all the time. ( Satisfying #2938 ). Anyone have any ideas?

[bcarrier]

Great. We just started the packaging process this week with our new intern. We are starting with getting the Java code from The Sleuthkit installed as part of that package for Debian. From the experience with that small code set, we'll then jump to the much bigger Autopsy code set.

[marshalla99]

Cool. If there's anything I can do to help, please do put your intern in contact with me.

[danpos]

Cool [2]. Me too!

2018-01-11 14:37 GMT-02:00 marshalla99 notifications@github.com:

Cool. If there's anything I can do to help, please do put your intern in contact with me.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sleuthkit/autopsy/issues/2863#issuecomment-356985088, or mute the thread https://github.com/notifications/unsubscribe-auth/AgnXa-kyK3PKLBrRttJ9x-umAEIY2YG-ks5tJjjfgaJpZM4N-I0C .

--

Danilo Caio Marcucci Marques Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil Linux user #419162 [image: MyFreeCopyright.com Registered & Protected] http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A

[marshalla99]

And the good news is - none of my students managed to break it during the practicals last week. Now we just need to see if survives the assessment...

[danpos]

Cool!

Em 5 de fev de 2018 09:40, "marshalla99" notifications@github.com escreveu:

And the good news is - none of my students managed to break it during the practicals last week. Now we just need to see if survives the assessment...

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sleuthkit/autopsy/issues/2863#issuecomment-363060582, or mute the thread https://github.com/notifications/unsubscribe-auth/AgnXa_5qoFXcR_ZhmLaT7DB5i2_SssjFks5tRuixgaJpZM4N-I0C .

[marshalla99]

Half-way through the assessment period, no support requests or reports of errors yet.

[danpos]

@marshalla99 Hi. I've tried out a new build, at this time with 4.6.0 branch, using your script for a CAINE powered workstation and it has failed, with the following error:

getTSKJars:

BUILD FAILED /home/caine/sources/autopsy/netbeans-plat/8.2/harness/suite.xml:187: The following error occurred while executing this line: /home/caine/sources/autopsy/Core/build.xml:58: Warning: Could not find file /home/caine/sources/tsk/bindings/java/dist/sleuthkit-postgresql-4.6.0.jar to copy

[danpos]

Install_log.txt

[danpos]

@marshalla99 I've figured out the issue and I've fixed it.

[Lost4Now]

@danpos can you explain how you got past the error:

/home/caine/sources/autopsy/Core/build.xml:58: Warning: Could not find file /home/caine/sources/tsk/bindings/java/dist/sleuthkit-postgresql-4.6.0.jar to copy

[danpos]

@Lost4Now

I think that you've used the script to build Autopsy from source, then it's necessary to change one line of the script, to get it done at the end. I've attached the script, take a look at it and see it solves your issue.

2018-03-16 19:15 GMT-03:00 Lost4Now notifications@github.com:

@danpos https://github.com/danpos can you explain how you got past the error:

/home/caine/sources/autopsy/Core/build.xml:58: Warning: Could not find file /home/caine/sources/tsk/bindings/java/dist/sleuthkit-postgresql-4.6.0.jar to copy

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sleuthkit/autopsy/issues/2863#issuecomment-373859601, or mute the thread https://github.com/notifications/unsubscribe-auth/AgnXa9YRra0sarcdnm6fLOzTuH7emWisks5tfDl6gaJpZM4N-I0C .

--

Danilo Caio Marcucci Marques Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil Linux user #419162 [image: MyFreeCopyright.com Registered & Protected] http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A

[ckgthb]

@danpos

Hi, I had the same error (that it could not find the file sleuthkit-postgresql-4.6.0.jar to copy). The directory dist seems to contain 2 files: sleuthkit-4.6.0.jar and Tsk_DataModel_PostgreSQL.jar, but not sleuthkit-postgresql-4.6.0.jar. It was mentioned above that the issue can be solved by changing one line of the script. Could you please indicate which line needs to be changed and how? Thank you in advance!