search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.41k stars 597 forks source link

Ubuntu 18.04 Autopsy 4.14.0 Illegal reflective access by org.netbeans.ProxyURLStreamHandlerFactory #5797

Closed globeone closed 4 years ago

globeone commented 4 years ago

When starting Autopsy 4.14.0 on Ubuntu 18.04.4 the following error message occurs

autopsy-4.14.0$ bin/autopsy WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.netbeans.ProxyURLStreamHandlerFactory (file:/home/kat/programs/autopsy-4.14.0/platform/lib/boot.jar) to field java.net.URL.handler WARNING: Please consider reporting this to the maintainers of org.netbeans.ProxyURLStreamHandlerFactory WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release

Autopsy shows up with a empty window and

image

and it's not possible to open a new case image

According to unix_setup.sh everything is set up correctly

autopsy-4.14.0$ ./unix_setup.sh

Checking prerequisites and preparing Autopsy:

Checking for PhotoRec...found in /usr/bin Checking for Java...found in /usr/lib/jvm/bellsoft-java8-amd64 Checking for Sleuth Kit Java bindings...found in /usr/share/java Copying sleuthkit-4.8.0.jar into the Autopsy directory...done

Autopsy is now configured. You can execute bin/autopsy to start it

globeone commented 4 years ago

So I found that Autopsy was trying to use Java 11 even though Java 8 was defined. In ~/autopsy-4.14.0/etc/autopsy.conf I forced Autopsy to use Bellsoft Java

#jdkhome="/path/to/jdk"
jdkhome="/usr/lib/jvm/bellsoft-java8-amd64"

image

But it's still impossible to open a new case. image

globeone commented 4 years ago

The file permissions for the /home/$USER/.autopsy/dev/config/Windows2Local/Modes/.nbattrs was also set to root:root. Changed this to $USER:$USER which removed the warning

INFO [org.openide.filesystems.FileSystem]: Cannot delete Windows2Local/Modes/.nbattrs msg Caused: org.openide.filesystems.FSException: /home/$USER/.autopsy/dev/config/Windows2Local/Modes/.nbattrs is read-only.

globeone commented 4 years ago

Solved: The solution is to remove Autopsy use the bellsoft-java-full package as it contains the Java-FX package.

sudo apt install bellsoft-java-full

In the file Running_Linux_OSX.txt the apt instruction needs to be updated to read sudo apt install bellsoft-java8-full

`-- Linux:

  1. Install BellSoft Java 8 ... % sudo apt-get install bellsoft-java8-full`
globeone commented 4 years ago

In the file Running_Linux_OSX.txt the apt instruction needs to be updated to read sudo apt install bellsoft-java8-full