search

sleuthkit / autopsy

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
http://www.sleuthkit.org/autopsy/
2.29k stars 586 forks source link

Kali linux cannot run bin/autopsy , Library not found in jar (libtsk_jni) SleuthkitJNI: failed to load libtsk_jni #7887

Open CatharsisCoding opened 3 months ago

CatharsisCoding commented 3 months ago

Here is the error i have when i try to run bin/autopsy after i follow all the installation

┌──(maliki㉿Maliki-club)-[~/hack/autopsy-4.21.0/bin] └─$ sudo ./autopsy WARNING: Unknown module: javafx.base specified to --add-exports WARNING: Unknown module: javafx.controls specified to --add-exports WARNING: Unknown module: javafx.controls specified to --add-opens Library not found in jar (libtsk_jni) SleuthkitJNI: failed to load libtsk_jni

image

Fatal Error! X Problem with Sleuth Kit JNI. Test call failed! Is Autopsy or Cyber Triage already running? Details: java.lang.UnsatisfiedLinkError: 'java.lang.String org.sleuthkit.datamodel.SleuthkitJNI.getVersionNat()' OK

image

It seem that autopsy application cannot be download in kali and but we can use the web app (i prefrere the normal app like in windows)

markmckinnon commented 2 months ago

Can you run the command mmls -V and report what the version of Sleuthkit is?

mhauri commented 3 weeks ago

Have the same issue: mmls -V returns: The Sleuth Kit ver 4.12.1

ecr00012 commented 3 weeks ago

Ever find the solution to this?

markmckinnon commented 2 weeks ago

Here are steps that I have done to uninstall/install Autopsy in a Kali VM.

mkdir autopsy-install cd autopsy-install

sudo apt-get purge --auto-remove autopsy sudo apt-get purge --auto-remove sleuthkit

sudo apt-get update

curl -s -O https://raw.githubusercontent.com/sleuthkit/autopsy/master/linux_macos_install_scripts/install_prereqs_ubuntu.sh chmod 755 install_prereqs_ubuntu.sh

curl -s -O https://raw.githubusercontent.com/sleuthkit/autopsy/master/linux_macos_install_scripts/install_application.sh chmod 755 install_application.sh

curl -L https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0.zip -O autopsy-4.21.0.zip curl -L https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0.zip.asc -O autopsy-4.21.0.zip.asc curl -L https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.12.1/sleuthkit-java_4.12.1-1_amd64.deb -O sleuthkit-java_4.12.1-1_amd64.deb

Install the newest release of sleuthktit

sudo apt-get install ./sleuthkit-java_4.12.1-1_amd64.deb

Install the prereqs for Autopsy

./install_prereqs_ubuntu.sh

Run the following command to get the Java Home

java -XshowSettings:properties -version 2>&1 > /dev/null | grep 'java.home'

Set Java Home based on previous step

I suggest updating this in your profile so it will be persistent

export JAVA_HOME=

./install_application.sh -z ~/autopsy-install/autopsy-4.21.0.zip -i ~/autopsy -j $JAVA_HOME -n autopsy -v autopsy-4.21.0.zip.asc

Change to autopsy bin directory

./autopsy --nosplash

Let me know if this does or does not work for you.

ecr00012 commented 2 weeks ago

Wow, I thought this was only an issue on arm64 architecture. Sorry, I should have specified I’m running Parrot on arm (which should make it identical to kali), so I assumed that was the issue.

Just because I couldn’t install sleuthkit from the deb Package.

So is that not the issue here?

If so, I’ll try this.

Thanks so much!

On Tue, Jun 11, 2024 at 10:47 AM Mark McKinnon @.***> wrote:

Here are steps that I have done to uninstall/install Autopsy in a Kali VM.

mkdir autopsy-install cd autopsy-install

sudo apt-get purge --auto-remove autopsy sudo apt-get purge --auto-remove sleuthkit

sudo apt-get update

curl -s -O https://raw.githubusercontent.com/sleuthkit/autopsy/master/linux_macos_install_scripts/install_prereqs_ubuntu.sh chmod 755 install_prereqs_ubuntu.sh

curl -s -O https://raw.githubusercontent.com/sleuthkit/autopsy/master/linux_macos_install_scripts/install_application.sh chmod 755 install_application.sh

curl -L https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0.zip -O autopsy-4.21.0.zip curl -L https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0.zip.asc -O autopsy-4.21.0.zip.asc curl -L https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.12.1/sleuthkit-java_4.12.1-1_amd64.deb -O sleuthkit-java_4.12.1-1_amd64.deb Install the newest release of sleuthktit

sudo apt-get install ./sleuthkit-java_4.12.1-1_amd64.deb Install the prereqs for Autopsy

./install_prereqs_ubuntu.sh Run the following command to get the Java Home

java -XshowSettings:properties -version 2>&1 > /dev/null | grep 'java.home' Set Java Home based on previous step I suggest updating this in your profile so it will be persistent

export JAVA_HOME=

./install_application.sh -z ~/autopsy-install/autopsy-4.21.0.zip -i ~/autopsy -j $JAVA_HOME -n autopsy -v autopsy-4.21.0.zip.asc Change to autopsy bin directory

./autopsy --nosplash

Let me know if this does or does not work for you.

— Reply to this email directly, view it on GitHub https://github.com/sleuthkit/autopsy/issues/7887#issuecomment-2160954937, or unsubscribe https://github.com/notifications/unsubscribe-auth/BCBEEEWWZLKQDAODJWOVKDTZG4EXJAVCNFSM6AAAAABE6SHCESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRQHE2TIOJTG4 . You are receiving this because you commented.Message ID: @.***>

ecr00012 commented 2 weeks ago

So I’ve followed those instructions, with the exception of manually installing sleuthkit from the tar provided instead of the deb,

And I get the same errors as in the original post.

On Tue, Jun 11, 2024 at 10:47 AM Mark McKinnon @.***> wrote:

Here are steps that I have done to uninstall/install Autopsy in a Kali VM.

mkdir autopsy-install cd autopsy-install

sudo apt-get purge --auto-remove autopsy sudo apt-get purge --auto-remove sleuthkit

sudo apt-get update

curl -s -O https://raw.githubusercontent.com/sleuthkit/autopsy/master/linux_macos_install_scripts/install_prereqs_ubuntu.sh chmod 755 install_prereqs_ubuntu.sh

curl -s -O https://raw.githubusercontent.com/sleuthkit/autopsy/master/linux_macos_install_scripts/install_application.sh chmod 755 install_application.sh

curl -L https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0.zip -O autopsy-4.21.0.zip curl -L https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.21.0/autopsy-4.21.0.zip.asc -O autopsy-4.21.0.zip.asc curl -L https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-4.12.1/sleuthkit-java_4.12.1-1_amd64.deb -O sleuthkit-java_4.12.1-1_amd64.deb Install the newest release of sleuthktit

sudo apt-get install ./sleuthkit-java_4.12.1-1_amd64.deb Install the prereqs for Autopsy

./install_prereqs_ubuntu.sh Run the following command to get the Java Home

java -XshowSettings:properties -version 2>&1 > /dev/null | grep 'java.home' Set Java Home based on previous step I suggest updating this in your profile so it will be persistent

export JAVA_HOME=

./install_application.sh -z ~/autopsy-install/autopsy-4.21.0.zip -i ~/autopsy -j $JAVA_HOME -n autopsy -v autopsy-4.21.0.zip.asc Change to autopsy bin directory

./autopsy --nosplash

Let me know if this does or does not work for you.

— Reply to this email directly, view it on GitHub https://github.com/sleuthkit/autopsy/issues/7887#issuecomment-2160954937, or unsubscribe https://github.com/notifications/unsubscribe-auth/BCBEEEWWZLKQDAODJWOVKDTZG4EXJAVCNFSM6AAAAABE6SHCESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRQHE2TIOJTG4 . You are receiving this because you commented.Message ID: @.***>

markmckinnon commented 2 weeks ago

What tar are you referring to. The error states the jar file cannot be found so my guess is that installing from the tar did not put the jar file in the correct place. If you install from the deb it will put the jar file in the correct place.

ecr00012 commented 1 week ago

There is no deb available for arm64 architecture. That’s my main problem I think. I also transferred the jar file into the correct location, and the link error persisted. I don’t think that’s the issue.

On Wed, Jun 12, 2024 at 7:10 AM Mark McKinnon @.***> wrote:

What tar are you referring to. The error states the jar file cannot be found so my guess is that installing from the tar did not put the jar file in the correct place. If you install from the deb it will put the jar file in the correct place.

— Reply to this email directly, view it on GitHub https://github.com/sleuthkit/autopsy/issues/7887#issuecomment-2162739428, or unsubscribe https://github.com/notifications/unsubscribe-auth/BCBEEEUW7S62QCRUHRHS3R3ZHAUC7AVCNFSM6AAAAABE6SHCESVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRSG4ZTSNBSHA . You are receiving this because you commented.Message ID: @.***>