search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.43k stars 594 forks source link

Autopsy shuts down while creating a case #7735

Closed swiss-JF closed 1 year ago

swiss-JF commented 1 year ago

Hi, I am running a Windows 11 Virtual Machine on Virtualbox. I installed Autopsy. Everything seems fine and I saw no errors.

However, when I want to start using it. I launch the programm, then click on New case, I input the name for the case and the path. Then, when I hit next, the mouse change to a round turning wheel, and the windows shut down without any error message.

In the log, there don't seems to be an error. I have enough memory, enough storage and enough ram ro run the machine. I reinstalled the VM, but I faced the same issue.

messages.log autopsy.log.0.txt

Hopefully, this helps. Do let me know if I should try some other stuffs to help you narrow down the issue.

The messages.log file seems empty... Its content is below:

Log Session: Wednesday, February 15, 2023 12:04:02 PM PST System Info: Product Version = Autopsy 4.20.0 Operating System = Windows 10 version 10.0 running on amd64 Java; VM; Vendor = 1.8.0_222-1-ojdkbuild; OpenJDK 64-Bit Server VM 25.222-b10; Oracle Corporation Runtime = OpenJDK Runtime Environment 1.8.0_222-1-ojdkbuild-b10 Java Home = C:\Program Files\Autopsy-4.20.0\jre System Locale; Encoding = en_US (autopsy); Cp1252 Home Directory = C:\Users\User Current Directory = C:\Program Files\Autopsy-4.20.0 User Directory = C:\Users\User\AppData\Roaming\autopsy Cache Directory = C:\Users\User\AppData\Local\autopsy\Cache\dev Installation = C:\Program Files\Autopsy-4.20.0\autopsy C:\Program Files\Autopsy-4.20.0\CoreTestLibs C:\Program Files\Autopsy-4.20.0\harness C:\Program Files\Autopsy-4.20.0\java C:\Program Files\Autopsy-4.20.0\platform Boot & Ext. Classpath = C:\Program Files\Autopsy-4.20.0\jre\lib\resources.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\rt.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\sunrsasign.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\jsse.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\jce.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\charsets.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\jfr.jar;C:\Program Files\Autopsy-4.20.0\jre\classes;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\cldrdata.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\dnsns.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\dns_sd.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\jaccess.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\jfxrt.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\localedata.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\nashorn.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\sunec.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\sunmscapi.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Autopsy-4.20.0\jre\lib\ext\zipfs.jar Application Classpath = C:\Program Files\Autopsy-4.20.0\platform\lib\boot.jar;C:\Program Files\Autopsy-4.20.0\platform\lib\org-openide-modules.jar;C:\Program Files\Autopsy-4.20.0\platform\lib\org-openide-util-lookup.jar;C:\Program Files\Autopsy-4.20.0\platform\lib\org-openide-util-ui.jar;C:\Program Files\Autopsy-4.20.0\platform\lib\org-openide-util.jar Startup Classpath = C:\Program Files\Autopsy-4.20.0\platform\core\asm-7.2.jar;C:\Program Files\Autopsy-4.20.0\platform\core\asm-commons-7.2.jar;C:\Program Files\Autopsy-4.20.0\platform\core\asm-tree-7.2.jar;C:\Program Files\Autopsy-4.20.0\platform\core\core-base.jar;C:\Program Files\Autopsy-4.20.0\platform\core\core.jar;C:\Program Files\Autopsy-4.20.0\platform\core\org-netbeans-libs-asm.jar;C:\Program Files\Autopsy-4.20.0\platform\core\org-openide-filesystems-compat8.jar;C:\Program Files\Autopsy-4.20.0\platform\core\org-openide-filesystems.jar;C:\Program Files\Autopsy-4.20.0\autopsy\core\locale\core_autopsy.jar

J2KImageReader not loaded. JPEG2000 files will not be processed. See https://pdfbox.apache.org/2.0/dependencies.html#jai-image-io for optional dependencies. org.xerial's sqlite-jdbc is not loaded. Please provide the jar on your classpath to parse sqlite files. See tika-parsers/pom.xml for the correct version. WARNING [org.openide.filesystems.Ordering]: Found same position 250 for both Services/org-sleuthkit-autopsy-filesearch-FileSearchAction.instance and Services/org-sleuthkit-autopsy-keywordsearch-HighlightedText.instance WARNING [org.openide.filesystems.Ordering]: Not all children in Services/ marked with the position attribute: [AutoupdateType, Browsers, Hidden, Introspector, MIMEResolver, PropertyEditorManager, org-sleuthkit-autopsy-corecomponents-DataContentTopComponent.instance], but some are: [org-sleuthkit-autopsy-directorytree-DirectoryTreeTopComponent.instance, org-sleuthkit-autopsy-directorytree-DirectoryTreeTopComponent2.instance, org-sleuthkit-autopsy-filesearch-FileSearchAction.instance, org-sleuthkit-autopsy-keywordsearch-HighlightedText.instance, org-sleuthkit-autopsy-report-modules-html-HTMLReport.instance, org-sleuthkit-autopsy-report-modules-excel.ExcelReport.instance, org-sleuthkit-autopsy-report-modules-bodyfile-BodyFileReport.instance, org-sleuthkit-autopsy-report-modules-file-FileReportText.instance, org-sleuthkit-autopsy-report-modules-kml-KMLReport.instance, org-sleuthkit-autopsy-report-modules-caseuco-CaseUcoReportModule.instance] WARNING [org.openide.util.io.NbObjectOutputStream]: Serializable class org.sleuthkit.autopsy.modules.interestingitems.FilesSet$Rule$AbstractTextCondition does not declare serialVersionUID field. Encountered while storing: [org.sleuthkit.autopsy.modules.interestingitems.InterestingItemsFilesSetSettings, java.util.HashMap, org.sleuthkit.autopsy.modules.interestingitems.FilesSet, org.sleuthkit.autopsy.modules.interestingitems.FilesSet$Rule, java.util.ArrayList, org.sleuthkit.autopsy.modules.interestingitems.FilesSet$Rule$MetaTypeCondition, org.sleuthkit.autopsy.modules.interestingitems.FilesSet$Rule$MetaTypeCondition$Type, java.lang.Enum, org.sleuthkit.autopsy.modules.interestingitems.FilesSet$Rule$FullNameCondition] See also http://www.netbeans.org/issues/show_bug.cgi?id=19915 WARNING [org.netbeans.ProxyClassLoader]: Will not load class org.apache.commons.logging.impl.SLF4JLogFactory arbitrarily from one of ModuleCL@14a47[org.sleuthkit.autopsy.Tika] and ModuleCL@3a9f26c4[org.sleuthkit.autopsy.core] starting from SystemClassLoader[74 modules]; see http://wiki.netbeans.org/DevFaqModuleCCE log4j:WARN No appenders could be found for logger (org.apache.solr.client.solrj.impl.XMLResponseParser). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. INFO [org.netbeans.core.startup.NbEvents]: Turning on modules: org.openide.util.lookup [8.40 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.util [9.14 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.util.ui [9.15 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.modules [7.55 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.progress/1 [1.54 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.annotations.common/1 [1.34 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.filesystems [9.17 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.awt [7.75 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.swing.plaf [1.49 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.progress.nb [1.54 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.dialogs [7.49 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.nodes [7.52 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.windows [6.84 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.swing.tabcontrol [1.63 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.swing.outline [1.41 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.explorer [6.69 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.editor.mimelookup/1 [1.47 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.text [6.74 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.actions [6.46 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.keyring [1.31 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.intent [1.9 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.io [1.10 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.io [1.56 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.libs.asm [5.10 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.bootstrap/1 [2.85 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.core.startup.base [1.69.0.1 1 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.core.startup/1 [1.69.0.1 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.scripting [1.4 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.queries/1 [1.50 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.templates [1.15 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.filesystems.nb [9.17 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.loaders [7.74 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.sampler [1.21 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.core/2 [3.58 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.progress.compat8 [1.54 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.settings/1 [1.56 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.sleuthkit.autopsy.corelibs/3 [1.4 7 230114] org.netbeans.modules.sendopts/2 [2.43 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.spi.quicksearch [1.34 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.options.api/1 [1.52 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.openide.filesystems.compat8 [9.16 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.sleuthkit.autopsy.Tika/1 [23 1 230114] org.netbeans.core.windows/2 [2.90 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.sleuthkit.autopsy.core/10 [10.24.37 37 230114] org.sleuthkit.autopsy.keywordsearch/6 [6.6.23 23 230114] org.sleuthkit.autopsy.thunderbirdparser/4 [4.0.16 16 230114] org.netbeans.core.multiview/1 [1.51 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.jemmy/3 [3.34 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.libs.junit4 [1.14 201211062253] org.netbeans.insane/1 [1.36.0.1 1 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.nbjunit/1 [1.95 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.api.visual [2.55 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.options.keymap [1.44 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.core.output2/1 [1.49 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.jellytools.platform/3 [3.36 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.sleuthkit.autopsy.coretestlibs [1.0 230114] org.sleuthkit.autopsy.testing/3 [1.4.12 12 230114] org.sleuthkit.autopsy.recentactivity/6 [6.0.19 19 230114] org.sleuthkit.autopsy.imagegallery/2 [2.0.6 6 230114] org.netbeans.libs.batik.read [1.0.0.1 1 netbeans-TLP/netbeans/release113-20-on-20200221] org.openide.util.ui.svg [1.0 netbeans-TLP/netbeans/release113-20-on-20200221] org.netbeans.modules.templates/1 [1.14 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.progress.ui [1.40 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.print [7.33 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.masterfs/2 [2.62.0.2 2 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.masterfs.ui [2.10.0.2 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.masterfs.nio2 [1.22 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.favorites/1 [1.53 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.editor.mimelookup.impl/1 [1.39 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.autoupdate.services [1.62 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.autoupdate.ui [1.53 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.modules.autoupdate.cli [1.20 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.core.ui/1 [1.52 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] org.netbeans.core.io.ui/1 [1.37 11.3-6b879cb782eaa4f13a731aff82eada11289a66f7] WARNING [org.openide.filesystems.Ordering]: Not all children in Menu/ marked with the position attribute: [Case], but some are: [View, Tools, Window, Help] INFO [org.netbeans.ui.metrics.laf]: USG_LOOK_AND_FEEL Diagnostic information Input arguments: -Xms24m -Xmx4G -XX:MaxPermSize=128M -Xverify:none -XX:+UseG1GC -XX:+UseStringDeduplication -Dprism.order=sw -Dnetbeans.user.dir=C:\Windows\system32 -Djdk.home=jre -Dnetbeans.home=C:\Program Files\Autopsy-4.20.0\platform -Dnetbeans.user=C:\Users\User\AppData\Roaming\autopsy -Dnetbeans.default_userdir_root=C:\Users\User\AppData\Roaming\autopsy -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=C:\Users\User\AppData\Roaming\autopsy\var\log\heapdump.hprof -Dsun.awt.keepWorkingSetOnMinimize=true -Dnetbeans.dirs=C:\Program Files\Autopsy-4.20.0\autopsy;C:\Program Files\Autopsy-4.20.0\CoreTestLibs;C:\Program Files\Autopsy-4.20.0\harness;C:\Program Files\Autopsy-4.20.0\java Compiler: HotSpot 64-Bit Tiered Compilers Heap memory usage: initial 24.0MB maximum 4096.0MB Non heap memory usage: initial 2.4MB maximum -1b Garbage collector: G1 Young Generation (Collections=20 Total time spent=0s) Garbage collector: G1 Old Generation (Collections=0 Total time spent=0s) Classes: loaded=8871 total loaded=8871 unloaded 0 INFO [org.netbeans.core.ui.warmup.DiagnosticTask]: Total memory 19,877,531,648 INFO [null]: Total physical memory 19,877,531,648 WARNING [org.openide.filesystems.Ordering]: Found same position 1,400 for both Menu/Tools/org-netbeans-modules-autoupdate-ui-actions-PluginManagerAction.shadow and Menu/Tools/org-sleuthkit-autopsy-actions-OpenPythonModulesFolderAction.shadow WARNING [org.openide.filesystems.Ordering]: Found same position 200 for both Menu/Tools/Separator1.instance and Menu/Tools/org-sleuthkit-autopsy-filesearch-FileSearchAction.shadow

swiss-JF commented 1 year ago

No clue, what it is, but I ran it on a previous version of the Microsoft Windows VM and it worked fine. Seems, it was more an issue with the host, but no clue what it could have been.