search

teamdfir / sift

SIFT
MIT License
489 stars 67 forks source link

Autopsy 4? #577

Open salty4n6 opened 2 years ago

salty4n6 commented 2 years ago

Hi, Is Autopsy 4 on the roadmap? Autopsy 2.24 is a bit long in the tooth. ~Salty

digitalsleuth commented 2 years ago

I'm sure this should be possible. Right now we're installing it through the Ubuntu PPA, and that's pinned at 2.24. We'll likely have to build from source, so I'll take a look at what it'll take to get it working.

salty4n6 commented 2 years ago

Thank you.

salty4n6 commented 2 years ago

Hi digitalsleuth,

I found this project over the weekend.

https://github.com/labcif/autopsy-packager

~Salty

digitalsleuth commented 2 years ago

Hey @salty4n6 , sorry for the delay, but I'm looking at this right now. It looks promising, but I need to confirm some dependency issues which seem to be popping up. I'll keep you posted.

digitalsleuth commented 1 year ago

Hi @salty4n6 , I've taken a great deal of time trying to find a workaround with getting this into SIFT, however the primary issue is that Autopsy depends on certain older versions of libvmdk libewf and libvhdi, which have since been updated by Joachim Metz under the GIFT Repo.

The newer versions are already installed in SIFT, as is Sleuthkit, and this causes a conflict when trying to install Autopsy.

As a workaround, I've created a simple Autopsy docker which can be used within SIFT. If you'd like, you can take a look at it here. The instructions can be found in the repo, and the docker is already built and available on the Docker Hub.

Hopefully, until we find a more permanent solution, I hope this helps.

salty4n6 commented 1 year ago

@digitalsleuth - Looks awesome! Much appreciated. I'll kick the tires more soon but from what I've tested so far, it's great.

~Salty

ekristen commented 1 year ago

@digitalsleuth want to sync on this issue at some point. Might be a good time to try and solve it. I've had at least one other request as of late.

digitalsleuth commented 1 year ago

Sounds good to me. I'm away on vacation this week, but will be available this weekend!

digitalsleuth commented 1 year ago

Hey @ekristen , I'm back from vacation and ready to take a look at this whenever you are.

cah-sean-whalen commented 1 month ago

@ekristen @digitalsleuth Can you please revive this effort?

ekristen commented 1 month ago

Yes.

ekristen commented 1 month ago

@digitalsleuth if you want to look at this one. Need it for both 22.04 and 24.04.

digitalsleuth commented 1 month ago

So far, I've got it working, with the use of the Snap package found here. However, there is a minor issue with a dialog box popping behind the splash screen, which makes it look like it's stuck loading. I'll prepare installation tests on 22 and 24 first, then resolve the dialog box issue.