search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.41k stars 596 forks source link

Brew sleuthkit mac osx #5868

Open xeen3d opened 4 years ago

xeen3d commented 4 years ago

Hi seems nobody have run only one time the installation on mac osx:

Checking prerequisites and preparing Autopsy:

Checking for PhotoRec...found in /usr/local/bin Checking for Java...found in /Library/Java/JavaVirtualMachines/liberica-jdk-8-full.jdk/Contents/Home Checking for Sleuth Kit Java bindings...ERROR: sleuthkit-4.9.0.jar not found in /usr/share/java/ or /usr/local/share/java/.

In your readme:

Cool next time a unusable Package, brew only install sleuthkit 4.8 not 4.9 so there cant be java bindings for 4.9

And now ?

Andre

xeen3d commented 4 years ago

Hi this maybe fix the issue put that in your readme:

brew install --build-from-source sleuthkit

Update, dont work brew give that here and V4.8 is back:

~/Downloads/sleuthkit-4.9.0(master*) » brew install --build-from-source sleuthkit lauzona@Mac-lap-it-00 Updating Homebrew... ==> Auto-updated Homebrew! Updated 1 tap (homebrew/cask). ==> Updated Casks chromium

==> Downloading https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.8.0/sleuthkit-4.8.0.tar.gz Already downloaded: /Users/lauzona/Library/Caches/Homebrew/downloads/f164ee2d293da69495cdbb7fd50888f3813892a3eb460b68ad3189a5b98d3888--sleuthkit-4.8.0.tar.gz ==> ./configure --prefix=/usr/local/Cellar/sleuthkit/4.8.0 ==> make ==> make install ==> ant 🍺 /usr/local/Cellar/sleuthkit/4.8.0: 491 files, 51.3MB, built in 1 minute 18 seconds

best

Andre

rcordovano commented 4 years ago

https://github.com/sleuthkit/autopsy/blob/develop/Running_Linux_OSX.txt has been updated for Autopsy 4.15.0, which was just released:

OS X: Build The Sleuth Kit from source. See https://slo-sleuth.github.io/tools/InstallingAutopsyOnMacOS.html for a comprehensive write-up on building The Sleuth Kit and getting Autopsy to run on Mac OS.

For the next release, we intend to update the version of Java that Autopsy depends on so that brew should work again.

xeen3d commented 4 years ago

Hi cool i try that thanks for the readme. best Andre

xeen3d commented 4 years ago

Hi hmm in that readme also sleuthkit 4.8 will be installed but only with much more handmade than with brew you are sure that autopsy 4.15 will work on mac osx with sleuthkit 4.8 ?

best Andre

xeen3d commented 4 years ago

That readme you me send is for: cd ~/Downloads/autopsy-4.14.0 what a shit now i have destroyed my working 4.14 and have now nothing many many thanks for that readme. Andre

rcordovano commented 4 years ago

Autopsy 4.15.0 was released with SleuthKit 4.9.0. I am the Director of Engineering of the Cyber Forensics business unit of Basis Technology. My developers built and tested Autopsy 4.15.0 running with SleuthKit 4.9.0 on macOS Catalina.

The link in the readme file was contributed by a community developer and verified by one of my developers.

rcordovano commented 4 years ago

I just checked the linked document. It says the following:

Each version of Autopsy requires a specific version of the sleuthkit. For example, Autopsy 4.14.0 requires Sleuthkit 4.8.0.

It does not say that Autopsy 4.14.0 works with SleuthKit 4.8.0.

You will also note that in the error output you posted, you are told that Sleuthkit 4.9.0 is expected:

Checking for PhotoRec...found in /usr/local/bin Checking for Java...found in /Library/Java/JavaVirtualMachines/liberica-jdk-8-full.jdk/Contents/Home Checking for Sleuth Kit Java bindings...ERROR: sleuthkit-4.9.0.jar not found in /usr/share/java/ or /usr/local/share/java/.

xeen3d commented 4 years ago

Hi Yes i try hole process in that readme after loosing now my working 4.14 what is my own problem i not read correctly that the readme was not for 4.15 i have now done hole like in that readme but for sleuthkit 4.9 and unix_install_sh install say all is ok but than:

org.netbeans.InvalidException: StandardModule:org.sleuthkit.autopsy.core jarFile: /Users/lauzona/autopsy/autopsy/modules/org-sleuthkit-autopsy-core.jar: java.lang.IllegalArgumentException: java.lang.reflect.InvocationTargetException

That is what i mean before i start upgrading to 4.15 having a working solution with some small errors but working and now i have a manual installed sleuth kit 4.9 must search how to get that out of my system that i get autopsy 4.14 back running.

The hole people here make fantastic work with that many many free hours of time go to here but you must not forget that on other side of that line not every-time a developer is sitting Such error messages are for me normally the point where i trash the app and most other normal users too.

make Computer Forensic tasks is not same be a java developer i will only use that Software nothing more, i can make such osx tests for the people here if they have no OSx Computer but real ? you can run a osx in mostly every VM software you wish.

do not misunderstood me i am not will blame someone but you must also see that a simple wrong readme make from a running Autopsy 4.14 on osx a destroyed one with many work now get the running Version back.

Normal i await that if someone make a new release and told it run in osx with these xx steps that these steps are tested an working.

best Andre