RE: [sleuthkit-users] Perl Binary that Autopsy should use in Live Analysis?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I must say that it does please me that I am not the only person whom has
had problems with compiling Perl so that it is statically linked, as I
have spent a few days on it without any success.

But, I have just had some luck getting Perl to compile statically, at
this stage I haven't had a chance to test it out, basically I just know
that it is linked statically thru what the 'file' command tells me (Not
100% sure how reliable this is however)

So it is basically a case of testing my collection of tools I have put
together for a Forensics CD, in a suspect system (I'm just using the
Scan of the Month from the suspended Linux machine released a couple
months ago.)

If I have any success, I'll post my findings.  However I must note, that
currently I am only working with one particular vendor (Red Hat), and
only one specific platform i386 systems, so I would really have no idea
about other platforms and systems.

Granted, it may turn out that use of Autopsy for a live system analysis
is not the best method/tool to use, however this is part of some
research I am doing, and I can document these findings if this happens
to be the case.

Cheers

Surago

-----Original Message-----
From: Brian Carrier [mailto:ca...@sl...]=20
Sent: Tuesday, 8 June 2004 2:55 a.m.
To: Surago Jones
Cc: <sle...@li...>
<sle...@li...>
Subject: Re: [sleuthkit-users] Perl Binary that Autopsy should use in
Live Analysis?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 7, 2004, at 5:55 AM, Surago Jones wrote:

> When using the Autopsy browser on a Live Analysis, my understanding is

> that Autopsy requires Perl, however I am unable to provide a=20
> statically linked Perl binary (I just can't get the *^#$&^#$ to=20
> compile statically), and when using a Dynamically linked file, does=20
> this not require library files on the live system to be accessed?

Yea it does.  I entered this as bug 919831 when it was released.  I
don't know the best way around this and it is an open problem. In
reality, there is a risk of running any program (even if it is static),
so it will never be 100% safe, but I agree that there must be a better
way than what autopsy currently does.  I have tried playing with getting
Perl to compile statically and, like you, did not have much luck.  Some
OSes, such as OS X, refuse to make any static executables. =20
I also want to look into placing more of the Perl libraries on the CD so
that it uses its local copies instead of the ones from the suspect
system.

I have had luck with the trial version of perl2exe, but I do not own a
full version.

brian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAxIG6OK1gLsdFTIsRAuhtAJ4lUsjVXI56KUHyoTvVWOBNz4yEXQCeOEWd
+HEG6SO7sN+t9qwNAenkbRk=3D
=3D7iIf
-----END PGP SIGNATURE-----