A quick installation guide for the latest TSK and autopsy on Ubuntu 8.04.
The default version of TSK and autopsy in Ubuntu repositories are sleuthkit-2.09-2 and autopsy-2.08-2. The latest versions are sleuthkit-3.0.1 and autopsy-2.21.
Step 1
Download afflib.tar.gz and unpack it with tar –xvf afflib.tar.gz
There are three dependencies to resolve before afflib can be installed.
Type sudo apt-get install build-essential zlib1g-dev libssl-dev
Then navigate to afflib folder and type the usual:
./configure, make, sudo make install
Step 2
Download libewf, unpack and install all three .deb packages
Step 3Install uuid-dev by typing sudo apt-get install uuid-dev
Then download sleuthkit-3.0.1.tar.gz
Unpack, and run ./configure, make, sudo make install
Step 4Download autopsy-2.21.tar.gz
Create your evidence directory, autopsy will ask for it later.
Extract autopsy and run ./configure, make, sudo make install
When asked, type the full path to your evidence directory and you done.
To start autopsy, just type sudo ./autopsy and follow the instructions.
Update for Ubuntu 9.10 - 25 November 2009
For Ubuntu 9.10 the procedure is similar except for Step 1.
afflib make may not work, and if you really want aff support, the simple solution is to download .deb files for older distributions.
The files below worked for me:
afflib-dev_1.6.31-0ubuntu1_i386.deb and afflib_1.6.31-0ubuntu2_i386.deb
and can be downloaded from these locations:
http://packages.ubuntu.com/intrepid/i386/afflib-dev/download
or
http://np.archive.ubuntu.com/ubuntu/pool/universe/a/afflib/
Step 2 is easy, just get all 3 libewf packages (just search with Synaptic).
The rest of the procedure is the same.
Updates for Ubuntu 10.10 and the Sleuthkit 3.2.0 are here
Interfacing With A Cheap Geiger Counter
-
I got a cheap Geiger counter from Aliexpress: This picture was taken on an
airplane: you have more radiation (cosmic rays) at high altitude. I figured
out ...
20 hours ago
4 comments:
Would these same instructions also work on 9.04 and 9.10?
Thanks
Probably not, usually new versions of Ubuntu differ from each other significantly because included new packages aka compilers, libraries etc. I haven't got a chance to look at the issue, but I've seen on the net someone was already complaining about afflib-3.5.2 package and missing -luuid.
It should be easily solved by running "apt-get install uuid-dev", but probably there would be some other issues to be solved. I haven't got much time at the moment, but may look at it at a later time.
afflib 3.5.2 in 9.10 compiles just fine, these are the packages that you'll need/want:
apt-get install libewf1 libewf-dev zlib1g-dev build-essential libexpat1-dev libfuse2 libfuse-dev fuse-utils gvfs-fuse libncurses5-dev libreadline-dev uuid-dev
so far so good, playing with PTK rather than autopsy for the multiplayer/database backed bit.
good job, regardless.
Thanks for the input.
Post a Comment