search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.41k stars 597 forks source link

Autopsy 4.17 on linux #6507

Closed TheMMcOfficial closed 3 years ago

TheMMcOfficial commented 3 years ago

Kernel 5.9

I did the installation following those instructions: https://github.com/sleuthkit/autopsy/blob/develop/Running_Linux_OSX.txt

wget -q -O - https://download.bell-sw.com/pki/GPG-KEY-bellsoft | sudo apt-key add -
echo "deb [arch=amd64] https://apt.bell-sw.com/ stable main" | sudo tee /etc/apt/sources.list.d/bellsoft.list
sudo apt update
sudo apt install -y bellsoft-java8-full
export JAVA_HOME=/usr/lib/jvm/bellsoft-java8-full-amd64
wget https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.10.1/sleuthkit-java_4.10.1-1_amd64.deb
sudo apt install -y ./sleuthkit-java_4.10.1-1_amd64.deb
wget https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.17.0/autopsy-4.17.0.zip
unzip autopsy-4.17.0.zip
cd autopsy-4.17.0
chmod +x unix_setup.sh
sh unix_setup.sh

after the installation done I run Autospy and I get this error when I try to activate some plugins. I can't create a case...

Activation failed: StandardModule:org.sleuthkit.autopsy.core jarFile: /opt/autopsy-4.17.0/autopsy/modules/org-sleuthkit-autopsy-core.jar: java.lang.UnsupportedClassVersionError: org/sleuthkit/datamodel/SleuthkitJNI has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0

markmckinnon commented 3 years ago

Can you check the md5 hash for the sleuth kit Deb file. It should have a md5 hash of c3ca85a89ba19ed34f26d227384a4f11. If not then you have an incorrect file and need to refine load the Deb file and install it.

rcordovano commented 3 years ago

@TheMMcOfficial, the error definitely indicates that you have the erroneous Debian package. Please download the corrected package and try again.

TheMMcOfficial commented 3 years ago 
❯ md5sum sleuthkit-java_4.10.1-1_amd64.deb
c3ca85a89ba19ed34f26d227384a4f11  sleuthkit-java_4.10.1-1_amd64.deb

Do I need to install an other version of JAVA? If i'm refering to this link I had to install java8 and it's what I did. https://github.com/sleuthkit/autopsy/blob/develop/Running_Linux_OSX.txt

esaunders commented 3 years ago

As @rcordovano mentioned above, the error message almost certainly is an indication that the installed Sleuthkit Java bindings are not the right ones. Try uninstalling sleuthkit-java using 'sudo apt remove sleuthkit-java' and reinstall using 'sudo apt install ./sleuthkit-java_4.10.1-1_amd64.deb'

TheMMcOfficial commented 3 years ago

I did it nothing changed. I just realise it works when I use Autopsy on root but with my normal user it doesn't works.

esaunders commented 3 years ago

Your "normal" user account must be picking up the TSK Java bindings from someplace else. What does the output of 'sh ./unix_setup.sh' look like for both user accounts?

TheMMcOfficial commented 3 years ago

I found it. I had to delete the ".autopsy" folder in my "home". after it Autopsy are launching like it should. Before delete the folder I have also reinstall the "sleuthkit-java_4.10.1-1_amd64.deb" and rerun the "unix_setup.sh". After it run like a charm.