search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.37k stars 591 forks source link

Unable to install autopsy on mac #3781

Closed sankardasroy closed 6 years ago

sankardasroy commented 6 years ago

Hi, I downloaded the zip file (from https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.7.0/autopsy-4.7.0.zip ). Then, I followed instructions on "Running_Linux_OSX.txt". I successfully did "brew install testdisk" and "brew install sleuthkit". Then, when I ran "sh unix_setup.sh", I got an error as follows.

A1:autopsy-4.7.0 abc$ sh unix_setup.sh photorec found Java found in /Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home sleuthkit.jar file not found exiting ..

Any comment on what I do now?

I suspect that while I did "brew install sleuthkit", java was disabled as shown below.

A1:autopsy-4.7.0 abc$ brew reinstall sleuthkit ==> Reinstalling sleuthkit ==> Downloading https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.6.1/sleuthkit-4.6.1.tar.gz Already downloaded: /Users/sankar/Library/Caches/Homebrew/sleuthkit-4.6.1.tar.gz ==> ./configure --prefix=/usr/local/Cellar/sleuthkit/4.6.1 --disable-java ==> make ==> make install 🍺 /usr/local/Cellar/sleuthkit/4.6.1: 98 files, 12.1MB, built in 54 seconds

rishwanth1995 commented 6 years ago

"brew install sleuthkit" will install sleuthkit without java by default. You can see that in the log above.

  1. So, to install sleuthkit with java bindings add --with-jni option to install command, like this brew install sleuthkit --with-jni
  2. To see all options for sleuthkit run the command: brew options sleuthkit
  3. To install sleuthkit with ewf and afflib support run the command: brew install sleuthkit --with-jni --with-libewf --with-afflib

I hope this helps

bcarrier commented 6 years ago

As Rishwanth said, use option 3 above. We just updated the docs about this. When we released Autopsy and TSK, we weren't sure exactly what was going to happen with brew. Now that they updated, we do.

The limitation is that you can't use PostgreSQL on OS X.

Thanks.

sankardasroy commented 6 years ago

Rishwanth, and Brian, thanks a lot for the quick response. I followed what you guys said, and autopsy is working now on my macbook. One time autopsy has crashed though, and another time the system has hung. However, other times it is working like a gem and producing results.

ajinkyawani commented 5 years ago

As Rishwanth said, use option 3 above. We just updated the docs about this. When we released Autopsy and TSK, we weren't sure exactly what was going to happen with brew. Now that they updated, we do.

The limitation is that you can't use PostgreSQL on OS X.

Thanks.

Greetings!! As you said, I ran above mentioned command (brew install sleuthkit --with-jni --with-libewf --with-afflib) to install Sleuthkit with java libraries, but it gives me the below mentioned error.

"Error: invalid option: --with-jni"

Could you please help me understand the cause and with any solution as I am trying to install Autopsy on my machine.

Thanks, Ajinkya

rishwanth1995 commented 5 years ago

brew install sleuthkit is now enough to install sleuthkit with java and other dependent libraries.

Thanks.

ajinkyawani commented 5 years ago

brew install sleuthkit is now enough to install sleuthkit with java and other dependent libraries.

Thanks.

Thanks for the quick reply Rishwanth!

I ran the same command (brew install sleuthkit) to install Sleuthkit, but after that when I try to install Autopsy with the help of the installation instructions document and ran "sh unix_setup_sh" command, it gives me following message.

"photorec found Java found in /Library/Java/JavaVirtualMachines/openjdk-11.0.2.jdk/Contents/Home sleuthkit.jar file not found"

Thanks, Ajinkya

virajpatil1 commented 5 years ago

"photorec found Java found in /Library/Java/JavaVirtualMachines/openjdk-11.0.2.jdk/Contents/Home sleuthkit.jar file not found"

As Rishwanth said, use option 3 above. We just updated the docs about this. When we released Autopsy and TSK, we weren't sure exactly what was going to happen with brew. Now that they updated, we do. The limitation is that you can't use PostgreSQL on OS X. Thanks.

Greetings!! As you said, I ran above mentioned command (brew install sleuthkit --with-jni --with-libewf --with-afflib) to install Sleuthkit with java libraries, but it gives me the below mentioned error.

"Error: invalid option: --with-jni"

Could you please help me understand the cause and with any solution as I am trying to install Autopsy on my machine.

Thanks, Ajinkya

same issue Error: invalid option: --with-jni

ghost commented 5 years ago

Same error:

MacBook-Pro-di-Emanuele:autopsy-4.11.0 emanuelelongheu$ sh unix_setup.sh

Checking prerequisites and preparing Autopsy:

-n Checking for PhotoRec... found in /usr/local/bin -n Checking for Java... found in /Library/Java/JavaVirtualMachines/jdk-10.0.1.jdk/Contents/Home -n Checking for Sleuth Kit Java bindings... ERROR: sleuthkit-4.6.6.jar not found in /usr/share/java/ or /usr/local/share/java/. Please install the Sleuth Kit Java bindings file. See https://github.com/sleuthkit/sleuthkit/releases.

........The shell displays this: ERROR: sleuthkit-4.6.6.jar not found in /usr/share/java/ or /usr/local/share/java/. ........but sleuthkit-4.6.6.jar effectively is in /usr/local/share/java/ folder...

uhlhosting commented 5 years ago

Same error:

MacBook-Pro-di-Emanuele:autopsy-4.11.0 emanuelelongheu$ sh unix_setup.sh

Checking prerequisites and preparing Autopsy:

-n Checking for PhotoRec... found in /usr/local/bin -n Checking for Java... found in /Library/Java/JavaVirtualMachines/jdk-10.0.1.jdk/Contents/Home -n Checking for Sleuth Kit Java bindings... ERROR: sleuthkit-4.6.6.jar not found in /usr/share/java/ or /usr/local/share/java/. Please install the Sleuth Kit Java bindings file. See https://github.com/sleuthkit/sleuthkit/releases.

........The shell displays this: ERROR: sleuthkit-4.6.6.jar not found in /usr/share/java/ or /usr/local/share/java/. ........but sleuthkit-4.6.6.jar effectively is in /usr/local/share/java/ folder...

It seems there is no one maintaining the OSX Brew package, that bottle is on 4.6.5 and the sh script it could use solid improvements, to check for earlier versions of sleuthkit.

tjt263 commented 4 years ago

brew install sleuthkit is now enough to install sleuthkit with java and other dependent libraries. Thanks.

Thanks for the quick reply Rishwanth!

I ran the same command (brew install sleuthkit) to install Sleuthkit, but after that when I try to install Autopsy with the help of the installation instructions document and ran "sh unix_setup_sh" command, it gives me following message.

"photorec found Java found in /Library/Java/JavaVirtualMachines/openjdk-11.0.2.jdk/Contents/Home sleuthkit.jar file not found"

Thanks, Ajinkya

photorec is bundled with testdisk.

sharad1126 commented 4 years ago

I am getting the same issuse here:

$ sh unix_setup.sh                                             
---------------------------------------------
Checking prerequisites and preparing Autopsy:
---------------------------------------------
-n Checking for PhotoRec...
ERROR: PhotoRec not found, please install the testdisk package.

Did anyone managed to successfully run the script on macos?

cstergianos commented 2 years ago

So I found the solution and it is pretty stupid. Just do a nano on the unix_setup.sh file and then replace

elif [ -f "$photorec_osx_filepath" ]; then

with

elif [ -d "$photorec_osx_filepath" ]; then

s3cg33k commented 1 year ago

brew install sleuthkit

I am facing the same issue, did you found a way to resolve it ?, if yes please share it.

Checking prerequisites and preparing Autopsy:

-n Checking for PhotoRec... found in /usr/local/bin -n Checking for Java... found in /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home -n Checking for Sleuth Kit Java bindings... ERROR: sleuthkit-4.11.1.jar not found in /usr/share/java/ or /usr/local/share/java/. Please install the Sleuth Kit Java bindings file. See https://github.com/sleuthkit/sleuthkit/releases.

ghost commented 1 year ago

I am getting the same issuse here:

$ sh unix_setup.sh                                             
---------------------------------------------
Checking prerequisites and preparing Autopsy:
---------------------------------------------
-n Checking for PhotoRec...
ERROR: PhotoRec not found, please install the testdisk package.

Did anyone managed to successfully run the script on macos?

Sir, did you solved the issue? i got same problem here

mhansen commented 1 year ago

In unix_setup.sh I see:

photorec_filepath=/usr/bin/photorec

And this is checked for a file, if not found, shows error

But on my machine, photorec is installed here:

$ which photorec
/opt/homebrew/bin/photorec

I guess this script should be updated to look in other locations, or check which photorec perhaps?