Re: [sleuthkit-users] "Proper" install method for TSK on Ubuntu
Brought to you by:
carrier
From: Tom Y. <to...@ya...> - 2018-11-19 21:49:20
|
I can try that, but it will dump if I just run it against a text file. Also, this isn't confined to one machine, we're talking three or four different systems (over the span of two or so years). The rest of the TSK tools work fine (except for the recent problem I had with fls), it's only srch_strings. Tom PGP Key ID - B32585D0 On Mon, Nov 19, 2018 at 3:35 PM Derrick Karpo <dk...@gm...> wrote: > Hi Tom. > > I doubt you are doing anything wrong in regards to getting TSK built > and installed on your machine. I'm wondering if you have something > else up with your machine in regards to insufficient memory, a bad > memory module, or maybe a kernel issue? I suspect the issue isn't > within TSK but maybe you could link us your core dump to investigate > further. > > I replicated using srch_strings and fls using my latest "TCU Live" > (https://drive.google.com/drive/u/1/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8) > on a couple different hardware configs and within a KVM VM. I didn't > run in to any issues at all so as a test maybe try using that as a > base just to rule out any hardware or kernel issues? > > Derrick > > > On Fri, Nov 16, 2018 at 11:26 PM Tom Yarrish <to...@ya...> wrote: > > > > Hello, > > I wanted to find out if anyone has or knows of a write up on the proper > way to install TSK on an Ubuntu system. I'm not talking about using the > packages (because they are behind in terms of releases), I mean building > from the Source Release packages on the Github site. > > > > The reason I'm asking is there seems to be a step I'm missing. The last > three version of Ubuntu I've run (all LTS) I've never been able to run > srch_strings on it. It ALWAYS core dumps. Even if I run it against a text > file. > > > > Then recently I was using F-Response (my Tactical license) to connect to > a VM running on my Ubuntu Host (Windows Guest). I had a raw image of the > guest mounted, but when I tried to do an fls on it (I was looking for a > specific file), it core dumped. > > > > I'm at the point that I'm wonder if there's an installation step that > I'm doing wrong, some library I might be missing, or something else. No > matter which way I've installed it, apt for all the packages (even libewf, > libaff, etc), or using apt for libewf, libaff, etc and then installing from > the release source, or even a git pull from the Github site, I end up with > the same result. > > > > I'm getting ready to build a new Linux Forensic laptop (Ubuntu 18.04) so > I wanted to get the kinks out of my install process (and I'd rather not run > the SIFT installer on top of it). > > > > Thanks..... > > Tom > > > > PGP Key ID - B32585D0 > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > |