A quick installation guide for the latest TSK and autopsy on Ubuntu 8.04.
The default version of TSK and autopsy in Ubuntu repositories are sleuthkit-2.09-2 and autopsy-2.08-2. The latest versions are sleuthkit-3.0.1 and autopsy-2.21.
Download afflib.tar.gz and unpack it with tar –xvf afflib.tar.gz
There are three dependencies to resolve before afflib can be installed.
Type sudo apt-get install build-essential zlib1g-dev libssl-dev
Then navigate to afflib folder and type the usual:
./configure, make, sudo make install
Download libewf, unpack and install all three .deb packages
Step 3Install uuid-dev by typing sudo apt-get install uuid-dev
Then download sleuthkit-3.0.1.tar.gz
Unpack, and run ./configure, make, sudo make install
Step 4Download autopsy-2.21.tar.gz
Create your evidence directory, autopsy will ask for it later.
Extract autopsy and run ./configure, make, sudo make install
When asked, type the full path to your evidence directory and you done.
To start autopsy, just type sudo ./autopsy and follow the instructions.
Update for Ubuntu 9.10 - 25 November 2009
For Ubuntu 9.10 the procedure is similar except for Step 1.
afflib make may not work, and if you really want aff support, the simple solution is to download .deb files for older distributions.
The files below worked for me:
afflib-dev_1.6.31-0ubuntu1_i386.deb and afflib_1.6.31-0ubuntu2_i386.deb
and can be downloaded from these locations:
Step 2 is easy, just get all 3 libewf packages (just search with Synaptic).
The rest of the procedure is the same.
Updates for Ubuntu 10.10 and the Sleuthkit 3.2.0 are here
Bash Bunny PDF Dropper - More than 5 years ago, I worked out a technique to drop any file on a machine which has removable storage disabled. The technique used a Teensy to simulate...
1 day ago