sleuthkit-users Mailing List for The Sleuth Kit (Page 6)
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users — List to discuss Autopsy and The Sleuth Kit.
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
(11) |
Oct
(5) |
Nov
(4) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
(20) |
Mar
(60) |
Apr
(40) |
May
(24) |
Jun
(28) |
Jul
(18) |
Aug
(27) |
Sep
(6) |
Oct
(14) |
Nov
(15) |
Dec
(22) |
| 2004 |
Jan
(34) |
Feb
(13) |
Mar
(28) |
Apr
(23) |
May
(27) |
Jun
(26) |
Jul
(37) |
Aug
(19) |
Sep
(20) |
Oct
(39) |
Nov
(17) |
Dec
(9) |
| 2005 |
Jan
(45) |
Feb
(43) |
Mar
(66) |
Apr
(36) |
May
(19) |
Jun
(64) |
Jul
(10) |
Aug
(11) |
Sep
(35) |
Oct
(6) |
Nov
(4) |
Dec
(13) |
| 2006 |
Jan
(52) |
Feb
(34) |
Mar
(39) |
Apr
(39) |
May
(37) |
Jun
(15) |
Jul
(13) |
Aug
(48) |
Sep
(9) |
Oct
(10) |
Nov
(47) |
Dec
(13) |
| 2007 |
Jan
(25) |
Feb
(4) |
Mar
(2) |
Apr
(29) |
May
(11) |
Jun
(19) |
Jul
(13) |
Aug
(15) |
Sep
(30) |
Oct
(12) |
Nov
(10) |
Dec
(13) |
| 2008 |
Jan
(2) |
Feb
(54) |
Mar
(58) |
Apr
(43) |
May
(10) |
Jun
(27) |
Jul
(25) |
Aug
(27) |
Sep
(48) |
Oct
(69) |
Nov
(55) |
Dec
(43) |
| 2009 |
Jan
(26) |
Feb
(36) |
Mar
(28) |
Apr
(27) |
May
(55) |
Jun
(9) |
Jul
(19) |
Aug
(16) |
Sep
(15) |
Oct
(17) |
Nov
(70) |
Dec
(21) |
| 2010 |
Jan
(56) |
Feb
(59) |
Mar
(53) |
Apr
(32) |
May
(25) |
Jun
(31) |
Jul
(36) |
Aug
(11) |
Sep
(37) |
Oct
(19) |
Nov
(23) |
Dec
(6) |
| 2011 |
Jan
(21) |
Feb
(20) |
Mar
(30) |
Apr
(30) |
May
(74) |
Jun
(50) |
Jul
(34) |
Aug
(34) |
Sep
(12) |
Oct
(33) |
Nov
(10) |
Dec
(8) |
| 2012 |
Jan
(23) |
Feb
(57) |
Mar
(26) |
Apr
(14) |
May
(27) |
Jun
(27) |
Jul
(60) |
Aug
(88) |
Sep
(13) |
Oct
(36) |
Nov
(97) |
Dec
(85) |
| 2013 |
Jan
(60) |
Feb
(24) |
Mar
(43) |
Apr
(32) |
May
(22) |
Jun
(38) |
Jul
(51) |
Aug
(50) |
Sep
(76) |
Oct
(65) |
Nov
(25) |
Dec
(30) |
| 2014 |
Jan
(19) |
Feb
(41) |
Mar
(43) |
Apr
(28) |
May
(61) |
Jun
(12) |
Jul
(10) |
Aug
(37) |
Sep
(76) |
Oct
(31) |
Nov
(41) |
Dec
(12) |
| 2015 |
Jan
(33) |
Feb
(28) |
Mar
(53) |
Apr
(22) |
May
(29) |
Jun
(20) |
Jul
(15) |
Aug
(17) |
Sep
(52) |
Oct
(3) |
Nov
(18) |
Dec
(21) |
| 2016 |
Jan
(20) |
Feb
(8) |
Mar
(21) |
Apr
(7) |
May
(13) |
Jun
(35) |
Jul
(34) |
Aug
(11) |
Sep
(14) |
Oct
(22) |
Nov
(31) |
Dec
(23) |
| 2017 |
Jan
(20) |
Feb
(7) |
Mar
(5) |
Apr
(6) |
May
(6) |
Jun
(22) |
Jul
(11) |
Aug
(16) |
Sep
(8) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
(16) |
Apr
(2) |
May
(6) |
Jun
(5) |
Jul
|
Aug
(2) |
Sep
(4) |
Oct
|
Nov
(16) |
Dec
(13) |
| 2019 |
Jan
|
Feb
(1) |
Mar
(25) |
Apr
(9) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
(5) |
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(4) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
| 2022 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2024 |
Jan
|
Feb
(3) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Brian C. <ca...@sl...> - 2018-03-19 14:44:41
|
We have tried to maintain the lowest possible Java level to enable the most widespread usage. Currently, it is set to 1.6, but we would like to move to the more modern 1.8. If we change to 1.8 is this going to break anyone's Java projects that use the JAR? brian |
|
From: Christopher W. <ch...@cw...> - 2018-03-17 13:04:57
|
Hello, I'm currently creating a Report Module for Autopsy, which is nearly finished now, however for some reason I can't get the progressPanel to update a message which let's the user know what is happening, when it is happening. I have used the exact same method as shown in add hashes module: http://www.sleuthkit.org/autopsy/docs/api-docs/4.5.0/_add_tagged_hashes_to_hash_db_8java_source.html progressPanel.updateStatusLabel <http://www.sleuthkit.org/autopsy/docs/api-docs/4.5.0/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html#a2162ed8086014100811ef5b130fa13f8> ("Adding hashes..."); However - their writing shows up on the progress panel page, where as mine does not. These are the sum of my progressPanel statements in my generateReport method: progressPanel.setIndeterminate(false); progressPanel.start(); progressPanel.updateStatusLabel("Adding files..."); if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { break; } progressPanel.setMaximumProgress(tags.size()); progressPanel.updateStatusLabel("Adding \"" + tagName.getDisplayName() + "\" files to " + configPanel.getSelectedDocumentName() + "..."); progressPanel.updateStatusLabel("Adding " + tag.getContent().getName() + " from \"" + tagName.getDisplayName() + "\" to " + configPanel.getSelectedDocumentName() + "..."); // Increment the progressPanel every time a file is processed progressPanel.increment(); progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); However not a single updateStatusLabel is showing when I generate a report. Note the bar itself is progressing as it should, everything compiles, runs, without errors, increments itself to completion after every file is processed, I have imported the reportProgressPanel from org.sleuthkit.autopsy.report.ReportProgressPanel - exactly the same as add tagged hashes to hash db report module. I have also tried compiling the module itself into a NBM, and then installing it through Autopsy - however still no updated status labels. Could I get your help? Cheers |
|
From: Brian C. <ca...@sl...> - 2018-03-16 20:16:06
|
FYI: A new NIST NSRL index (2.59) has been updated to sourceforge: https://sourceforge.net/projects/autopsy/files/NSRL/NSRL-259m-Autopsy.zip/download brian |
|
From: Brian C. <ca...@sl...> - 2018-03-15 21:05:00
|
Yea, the sleuthkit-java ".deb" file that we produced included the .so file because the version that publicly exists as a Debian package did not have everything we needed. My concern with blindly overwriting it is that we could impact other applications that use it. The TSK tools are usually static and do not rely on the library. But, other tools are not. I need to refresh my memory on the ".so" versioning to know if it is OK for us to overwrite a ".13" file. On Thu, Mar 15, 2018 at 3:47 PM, Danilo Marques <da...@gm...> wrote: > Hi Angus, > > I don't think so. The sleuthkit-java_4.6.0-1_amd64.deb package provides > the lib /usr/lib/x86_64-linux-gnu/libtsk.so.13 and that one conflicts > with the package libtsk13 4.2.0-3. With regards to the TSK in Caine9, it > remains working because of it was built from source, and it is installed in > /usr/local tree. > > 2018-03-15 15:38 GMT-03:00 Angus Marshall <an...@n-...>: > >> Sounds like it could be similar to a minor problem I had when creating >> CAINE-YE using Caine 9 and Autopsy 4.5 The solution was to make sure the >> TSK_HOME variable pointed to the correct version of TSK for Autopsy 4.5 or >> 2, depending on which one the user wanted to run. >> >> > On 15 Mar 2018, at 13:45, Danilo Marques <da...@gm...> wrote: >> > >> > Hi to everyone, >> > >> > Dr. Nanni, I have tested it out in Caine 9 also, and I had the same >> issue. The cause was a conflict with a libtsk13 package, so removing it >> fixed and it was possible to install and to run Autopsy properly. >> > >> > In this way, I think that the problem isn't the >> sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation >> in Caine9, which has a package that conflicts with a lib provided by the >> sleuthkit-java_4.6.0-1_amd64.deb. >> > >> > Regards, >> > >> > Danilo >> > >> > >> > >> > >> > Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> >> escreveu: >> > It works in CAINE (Ubuntu 16.04) and it works on local disks! >> > >> > I installed following your procedure, but when I tried to install >> sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch >> Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar >> fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please >> install the sleuthkit-java.deb file >> > So I used Engrampa Archive Manager and I extract the file inside the >> sleuthkit-java.deb into the matching directories of my system (e.g. >> /usr/share/java, etc.) then when I ran ./autopsy it worked! >> > For working on local disk, you can simply run sudo ./autopsy >> > That's all. >> > Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb >> > PS: Autopsy for Linux seems faster than for Windows ;-) >> > >> > -- >> > Dott. Nanni Bassetti >> > http://www.nannibassetti.com >> > CAINE project manager - http://www.caine-live.net >> > >> > ------------------------------------------------------------ >> ------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >> _________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > ------------------------------------------------------------ >> ------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >> _________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> >> > > > -- > --- > Danilo Caio Marcucci Marques > Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil > Linux user #419162 > [image: MyFreeCopyright.com Registered & Protected] > <http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A> > |
|
From: Danilo M. <da...@gm...> - 2018-03-15 19:47:14
|
Hi Angus, I don't think so. The sleuthkit-java_4.6.0-1_amd64.deb package provides the lib /usr/lib/x86_64-linux-gnu/libtsk.so.13 and that one conflicts with the package libtsk13 4.2.0-3. With regards to the TSK in Caine9, it remains working because of it was built from source, and it is installed in /usr/local tree. 2018-03-15 15:38 GMT-03:00 Angus Marshall <an...@n-...>: > Sounds like it could be similar to a minor problem I had when creating > CAINE-YE using Caine 9 and Autopsy 4.5 The solution was to make sure the > TSK_HOME variable pointed to the correct version of TSK for Autopsy 4.5 or > 2, depending on which one the user wanted to run. > > > On 15 Mar 2018, at 13:45, Danilo Marques <da...@gm...> wrote: > > > > Hi to everyone, > > > > Dr. Nanni, I have tested it out in Caine 9 also, and I had the same > issue. The cause was a conflict with a libtsk13 package, so removing it > fixed and it was possible to install and to run Autopsy properly. > > > > In this way, I think that the problem isn't the > sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation in > Caine9, which has a package that conflicts with a lib provided by the > sleuthkit-java_4.6.0-1_amd64.deb. > > > > Regards, > > > > Danilo > > > > > > > > > > Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> > escreveu: > > It works in CAINE (Ubuntu 16.04) and it works on local disks! > > > > I installed following your procedure, but when I tried to install > sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch > Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar > fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please > install the sleuthkit-java.deb file > > So I used Engrampa Archive Manager and I extract the file inside the > sleuthkit-java.deb into the matching directories of my system (e.g. > /usr/share/java, etc.) then when I ran ./autopsy it worked! > > For working on local disk, you can simply run sudo ./autopsy > > That's all. > > Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb > > PS: Autopsy for Linux seems faster than for Windows ;-) > > > > -- > > Dott. Nanni Bassetti > > http://www.nannibassetti.com > > CAINE project manager - http://www.caine-live.net > > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ > _________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ > _________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > -- --- Danilo Caio Marcucci Marques Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil Linux user #419162 [image: MyFreeCopyright.com Registered & Protected] <http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A> |
|
From: Angus M. <an...@n-...> - 2018-03-15 18:39:08
|
Sounds like it could be similar to a minor problem I had when creating CAINE-YE using Caine 9 and Autopsy 4.5 The solution was to make sure the TSK_HOME variable pointed to the correct version of TSK for Autopsy 4.5 or 2, depending on which one the user wanted to run. > On 15 Mar 2018, at 13:45, Danilo Marques <da...@gm...> wrote: > > Hi to everyone, > > Dr. Nanni, I have tested it out in Caine 9 also, and I had the same issue. The cause was a conflict with a libtsk13 package, so removing it fixed and it was possible to install and to run Autopsy properly. > > In this way, I think that the problem isn't the sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation in Caine9, which has a package that conflicts with a lib provided by the sleuthkit-java_4.6.0-1_amd64.deb. > > Regards, > > Danilo > > > > > Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> escreveu: > It works in CAINE (Ubuntu 16.04) and it works on local disks! > > I installed following your procedure, but when I tried to install sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please install the sleuthkit-java.deb file > So I used Engrampa Archive Manager and I extract the file inside the sleuthkit-java.deb into the matching directories of my system (e.g. /usr/share/java, etc.) then when I ran ./autopsy it worked! > For working on local disk, you can simply run sudo ./autopsy > That's all. > Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb > PS: Autopsy for Linux seems faster than for Windows ;-) > > -- > Dott. Nanni Bassetti > http://www.nannibassetti.com > CAINE project manager - http://www.caine-live.net > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Danilo M. <da...@gm...> - 2018-03-15 13:46:01
|
A desktop launcher. It works in Caine9 and possibly in others Debian based on distros. 2018-03-15 10:38 GMT-03:00 Danilo Marques <da...@gm...>: > I think so. > > 2018-03-15 9:51 GMT-03:00 Nanni Bassetti <dig...@gm...>: > >> Thanks Danilo, >> sorry for my stupid question, but removing libtsk13 of the stock >> installation of TSK, the TSK "stocked" works properly? >> I don't tested yet... :-) >> >> 2018-03-15 13:41 GMT+01:00 Danilo Marques <da...@gm...>: >> >>> Hi to everyone, >>> >>> Dr. Nanni, I have tested it out in Caine 9 also, and I had the same >>> issue. The cause was a conflict with a libtsk13 package, so removing it >>> fixed and it was possible to install and to run Autopsy properly. >>> >>> In this way, I think that the problem isn't the >>> sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation >>> in Caine9, which has a package that conflicts with a lib provided by the >>> sleuthkit-java_4.6.0-1_amd64.deb. >>> >>> Regards, >>> >>> Danilo >>> >>> >>> >>> >>> Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> >>> escreveu: >>> >>>> It works in CAINE (Ubuntu 16.04) and it works on local disks! >>>> >>>> I installed following your procedure, but when I tried to install >>>> sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch >>>> Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar >>>> fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please >>>> install the sleuthkit-java.deb file >>>> So I used Engrampa Archive Manager and I extract the file inside the >>>> sleuthkit-java.deb into the matching directories of my system (e.g. >>>> /usr/share/java, etc.) then when I ran ./autopsy it worked! >>>> For working on local disk, you can simply run sudo ./autopsy >>>> That's all. >>>> Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb >>>> PS: Autopsy for Linux seems faster than for Windows ;-) >>>> >>>> -- >>>> Dott. Nanni Bassetti >>>> http://www.nannibassetti.com >>>> CAINE project manager - http://www.caine-live.net >>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >>>> _________________________________________ >>>> sleuthkit-users mailing list >>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>> http://www.sleuthkit.org >>>> >>> >> >> >> -- >> Dott. Nanni Bassetti >> http://www.nannibassetti.com >> CAINE project manager - http://www.caine-live.net >> >> INFORMATIVA TRATTAMENTO DATI: >> I dati da voi inviati alla mia e-mail dig...@gm... sono trattati >> esclusivamente da me medesimo (Dott. Giovanni Bassetti) e protetti >> adeguatamente e gli allegati possono essere anche conservati cifrati. Per >> qualsiasi informazione e richiesta non esitate a contattarmi. >> L'interessato, può chiedere in qualsiasi momento informazioni e/o >> cancellazione dei suoi dati. La finalità e la tempistica del trattamento è >> formata dalla richiesta pervenutami dall'interessato. >> > > > > -- > --- > Danilo Caio Marcucci Marques > Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil > Linux user #419162 > [image: MyFreeCopyright.com Registered & Protected] > <http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A> > -- --- Danilo Caio Marcucci Marques Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil Linux user #419162 [image: MyFreeCopyright.com Registered & Protected] <http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A> |
|
From: Danilo M. <da...@gm...> - 2018-03-15 13:38:52
|
I think so. 2018-03-15 9:51 GMT-03:00 Nanni Bassetti <dig...@gm...>: > Thanks Danilo, > sorry for my stupid question, but removing libtsk13 of the stock > installation of TSK, the TSK "stocked" works properly? > I don't tested yet... :-) > > 2018-03-15 13:41 GMT+01:00 Danilo Marques <da...@gm...>: > >> Hi to everyone, >> >> Dr. Nanni, I have tested it out in Caine 9 also, and I had the same >> issue. The cause was a conflict with a libtsk13 package, so removing it >> fixed and it was possible to install and to run Autopsy properly. >> >> In this way, I think that the problem isn't the >> sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation >> in Caine9, which has a package that conflicts with a lib provided by the >> sleuthkit-java_4.6.0-1_amd64.deb. >> >> Regards, >> >> Danilo >> >> >> >> >> Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> >> escreveu: >> >>> It works in CAINE (Ubuntu 16.04) and it works on local disks! >>> >>> I installed following your procedure, but when I tried to install >>> sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch >>> Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar >>> fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please >>> install the sleuthkit-java.deb file >>> So I used Engrampa Archive Manager and I extract the file inside the >>> sleuthkit-java.deb into the matching directories of my system (e.g. >>> /usr/share/java, etc.) then when I ran ./autopsy it worked! >>> For working on local disk, you can simply run sudo ./autopsy >>> That's all. >>> Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb >>> PS: Autopsy for Linux seems faster than for Windows ;-) >>> >>> -- >>> Dott. Nanni Bassetti >>> http://www.nannibassetti.com >>> CAINE project manager - http://www.caine-live.net >>> >>> ------------------------------------------------------------ >>> ------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >>> _________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >>> >> > > > -- > Dott. Nanni Bassetti > http://www.nannibassetti.com > CAINE project manager - http://www.caine-live.net > > INFORMATIVA TRATTAMENTO DATI: > I dati da voi inviati alla mia e-mail dig...@gm... sono trattati > esclusivamente da me medesimo (Dott. Giovanni Bassetti) e protetti > adeguatamente e gli allegati possono essere anche conservati cifrati. Per > qualsiasi informazione e richiesta non esitate a contattarmi. > L'interessato, può chiedere in qualsiasi momento informazioni e/o > cancellazione dei suoi dati. La finalità e la tempistica del trattamento è > formata dalla richiesta pervenutami dall'interessato. > -- --- Danilo Caio Marcucci Marques Computer Forensic Investigator - ICCE-DGPTC/PCERJ/Brazil Linux user #419162 [image: MyFreeCopyright.com Registered & Protected] <http://www.myfreecopyright.com/registered_mcn/CEM82_BNX21_KQM8A> |
|
From: Nanni B. <dig...@gm...> - 2018-03-15 12:52:08
|
Thanks Danilo, sorry for my stupid question, but removing libtsk13 of the stock installation of TSK, the TSK "stocked" works properly? I don't tested yet... :-) 2018-03-15 13:41 GMT+01:00 Danilo Marques <da...@gm...>: > Hi to everyone, > > Dr. Nanni, I have tested it out in Caine 9 also, and I had the same issue. > The cause was a conflict with a libtsk13 package, so removing it fixed and > it was possible to install and to run Autopsy properly. > > In this way, I think that the problem isn't the > sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation in > Caine9, which has a package that conflicts with a lib provided by the > sleuthkit-java_4.6.0-1_amd64.deb. > > Regards, > > Danilo > > > > > Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> > escreveu: > >> It works in CAINE (Ubuntu 16.04) and it works on local disks! >> >> I installed following your procedure, but when I tried to install >> sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch >> Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar >> fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please >> install the sleuthkit-java.deb file >> So I used Engrampa Archive Manager and I extract the file inside the >> sleuthkit-java.deb into the matching directories of my system (e.g. >> /usr/share/java, etc.) then when I ran ./autopsy it worked! >> For working on local disk, you can simply run sudo ./autopsy >> That's all. >> Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb >> PS: Autopsy for Linux seems faster than for Windows ;-) >> >> -- >> Dott. Nanni Bassetti >> http://www.nannibassetti.com >> CAINE project manager - http://www.caine-live.net >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ >> _________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> > -- Dott. Nanni Bassetti http://www.nannibassetti.com CAINE project manager - http://www.caine-live.net INFORMATIVA TRATTAMENTO DATI: I dati da voi inviati alla mia e-mail dig...@gm... sono trattati esclusivamente da me medesimo (Dott. Giovanni Bassetti) e protetti adeguatamente e gli allegati possono essere anche conservati cifrati. Per qualsiasi informazione e richiesta non esitate a contattarmi. L'interessato, può chiedere in qualsiasi momento informazioni e/o cancellazione dei suoi dati. La finalità e la tempistica del trattamento è formata dalla richiesta pervenutami dall'interessato. |
|
From: Danilo M. <da...@gm...> - 2018-03-15 12:41:31
|
Hi to everyone, Dr. Nanni, I have tested it out in Caine 9 also, and I had the same issue. The cause was a conflict with a libtsk13 package, so removing it fixed and it was possible to install and to run Autopsy properly. In this way, I think that the problem isn't the sleuthkit-java_4.6.0-1_amd64.deb package, but the "stock" installation in Caine9, which has a package that conflicts with a lib provided by the sleuthkit-java_4.6.0-1_amd64.deb. Regards, Danilo Em Qui, 15 de mar de 2018 05:13, Nanni Bassetti <dig...@gm...> escreveu: > It works in CAINE (Ubuntu 16.04) and it works on local disks! > > I installed following your procedure, but when I tried to install > sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch > Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar > fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please > install the sleuthkit-java.deb file > So I used Engrampa Archive Manager and I extract the file inside the > sleuthkit-java.deb into the matching directories of my system (e.g. > /usr/share/java, etc.) then when I ran ./autopsy it worked! > For working on local disk, you can simply run sudo ./autopsy > That's all. > Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb > PS: Autopsy for Linux seems faster than for Windows ;-) > > -- > Dott. Nanni Bassetti > http://www.nannibassetti.com > CAINE project manager - http://www.caine-live.net > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ > _________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
|
From: Nanni B. <dig...@gm...> - 2018-03-15 08:12:55
|
It works in CAINE (Ubuntu 16.04) and it works on local disks! I installed following your procedure, but when I tried to install sleuthkit-java_4.6.0-1_amd64.deb I got an error. If I try to launch Autopsy sh ./autopsy I got an error, it cannot find the sluethkit-4.6.0.jar fiel: ERROR: /usr/share/java/sleuthkit-4.6.0.jar not found, please install the sleuthkit-java.deb file So I used Engrampa Archive Manager and I extract the file inside the sleuthkit-java.deb into the matching directories of my system (e.g. /usr/share/java, etc.) then when I ran ./autopsy it worked! For working on local disk, you can simply run sudo ./autopsy That's all. Finally the problem is only with the sleuthkit-java_4.6.0-1_amd64.deb PS: Autopsy for Linux seems faster than for Windows ;-) -- Dott. Nanni Bassetti http://www.nannibassetti.com CAINE project manager - http://www.caine-live.net |
|
From: Derrick K. <dk...@gm...> - 2018-03-15 01:43:01
|
Excellent and thank you for the work you guys put into making this happen! I've confirmed that it's working under Debian testing (buster). XD Derrick On Wed, Mar 14, 2018 at 2:25 PM, Brian Carrier <ca...@sl...> wrote: > We've made our first Autopsy release for Linux! > > There are still some things to work out, but we want to do this on an > iterative process to find out what is not working on other people's systems. > > The release and docs are here: > https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.6.0-linux1 > > We've been working with the latest Debian. Not sure how it will work on > other platforms. > > Thanks to all of the folks who have been pursing this and Rishwanth at Basis > Tech. > > Please file github issues with any problems so that we can track them. > > brian > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-announce mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-announce > |
|
From: Brian C. <ca...@sl...> - 2018-03-14 20:25:14
|
We've made our first Autopsy release for Linux!
There are still some things to work out, but we want to do this on an
iterative process to find out what is not working on other people's
systems.
The release and docs are here:
https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.6.0-linux1
We've been working with the latest Debian. Not sure how it will work on
other platforms.
Thanks to all of the folks who have been pursing this and Rishwanth at
Basis Tech.
Please file github issues with any problems so that we can track them.
brian
|
|
From: Brian C. <ca...@sl...> - 2018-03-07 13:59:40
|
There are new (as of 2 weeks ago...) releases to Autopsy and TSK! *Autopsy 4.6.0* has a bunch of things, including: - New viewer for email messages and showing communications - Central repository can store Hash data bases - Run Autopsy from a USB drive for triage - Memory improvements from upgrading Tika - Encryption / True Crypt detection module - lots more <http://sleuthkit.org/autopsy/history.php> You can read about some of the new features in the blog <https://www.autopsy.com/autopsy-4-6-includes-new-communications-viewers-encryption-detection-and-more/> and you can download from here: http://sleuthkit.org/autopsy/download.php We will be shortly also releasing a Debian Linux build for Autopsy. Probably by end of week. *The Sleuth Kit 4.6.0* was also released with: - New Communications related Java classes and database tables. - Java build updates for Autopsy Linux build - Increased cache sizes. - Lots of bounds checking fixes from Google's fuzzing tests. Thanks Google! - HFS fix from uckelman-sf. You can download it from here: http://sleuthkit.org/sleuthkit/download.php |
|
From: Brian C. <ca...@sl...> - 2017-12-07 22:53:19
|
I eventually got up a blog posting on using the new Correlation Engine
feature. You can find it here:
https://www.autopsy.com/correlate-cases-and-get-intelligence/
brian
|
|
From: Sergio F. <se...@gm...> - 2017-11-06 17:54:42
|
Hi all, I really appreciate Autopsy and I would like to use WindowsRegistryIngestModule v1.0. But when I try to install I get this error: "The plugin Autopsy-Core is requested in implementation version 13." Versions I'm using are: Product Version: Autopsy 4.5.0 (RELEASE) Sleuth Kit Version: 4.5.0 Netbeans RCP Build: 201609300101 Java: 1.8.0_144; Java HotSpot(TM) 64-Bit Server VM 25.144-b01 System: Windows 10 version 10.0 running on amd64; Cp1252; es_ES (autopsy) I know this plugin is not ready for newer Autopsy API but I also know is possible to use this old plugin by installing "Autopsy-Core" plugin. I did it in a course, instructor did bring to us "Autopsy-Core" plugin in a pendrive. But I've lost it and really want to use it. Please, can you help me to find "Autopsy-Core" plugin version 13? Thanks ;-) |
|
From: Brian C. <ca...@sl...> - 2017-10-24 20:36:55
|
In the craziness before OSDFCon, I often forget to send out emails about releases. But, many of you already found them via the github release notifications. *Autopsy 4.5.0:* - New Central Repository / Correlation Engine features (I'll do a blog post on this) that allows you to see when a file or phone number was previously seen. - Improved memory usage on large cases (still working on some other areas though) - Attachments are now the children of the message and not of the source file. - Reduced credit card false positives. - Lots more http://www.sleuthkit.org/autopsy/download.php *The Sleuth Kit 4.5.0* - Support for LZVN compressed HFS files (from Joel Uckelman) - Use sector size from E01 (helps with 4k sector sizes) - Faster resolving of HFS hard links - Many fixes from Google Fuzzing efforts http://www.sleuthkit.org/sleuthkit/download.php |
|
From: Pasquale R. <pjr...@gm...> - 2017-09-27 06:29:48
|
Hello, I am working on a FAT32 thumb drive. fsstat shows a file has sectors 1716272-1716327 -> (EOF), when I run istat on the file, it lists sectors from 1716272-1716324 and has 0 0 0 for the last three sectors. I was wondering what the "0 0 0" means for the last three sectors. When looking at the data, those sectors contain data, so I wasn't sure whether that meant those sectors contain other data now or what. Thanks for any explanation, Pasquale |
|
From: Brian C. <ca...@sl...> - 2017-09-26 02:16:35
|
Hi Hoyt, It is not scheduled to include it. We didn't get a chance to look at the code. We prioritize things based on user interest and we haven't received requests for it. Who here is using AFF4 or is waiting to use AFF4 until Autopsy/TSK incorporate it? brian On Mon, Sep 25, 2017 at 11:34 AM, Hoyt Harness <hoy...@gm...> wrote: > I may have missed it, but will the upcoming Sleuth Kit release include the > AFF4 patches? If not, is there any idea when we might see this? I apologize > if I have indeed missed it. > > Hoyt > > > On Fri, Sep 15, 2017 at 12:18 PM, Richard Cordovano < > rco...@ba...> wrote: > >> Scratch that, we have indeed decided to do a 4.5.0 release in early >> October. >> >> On Fri, Sep 15, 2017 at 6:42 AM, <rco...@ba...> wrote: >> >>> Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early October. >>> >>> Sent from my iPhone >>> >>> On Sep 14, 2017, at 11:06 PM, Brian Carrier <ca...@sl...> >>> wrote: >>> >>> We're looking to do a 4.5.0 release in early October (along with an >>> Autopsy release). >>> >>> On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...> >>> wrote: >>> >>>> Brian, >>>> >>>> As you know some CVE's came out after 4.4.2. Looking at the bug >>>> tracker looks like you have them fixed. >>>> >>>> Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit >>>> maintainer, should I create appropriate patches to 4.4.2? Or do you >>>> know if Redhat, Ubuntu, Mint has already done it? >>>> >>>> Thanks >>>> Greg >>>> -- >>>> Greg Freemyer >>>> Advances are made by answering questions. Discoveries are made by >>>> questioning answers. >>>> — Bernard Haisch >>>> >>>> >>>> On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> >>>> wrote: >>>> > I forgot to announce last week that new releases are up. >>>> > >>>> > Autopsy 4.4.1 includes: >>>> > >>>> > Beta version of new central repository feature for correlating >>>> artifacts >>>> > across cases; results are displayed using an Interesting Artifacts >>>> branch of >>>> > the Interesting Items tree and an Other Data Sources content viewer. >>>> I'll >>>> > post a blog post about using this later next week. >>>> > Results viewer (top right area of desktop application) sorts are >>>> persistent >>>> > and can be applied to either the table viewer or the thumbnail viewer. >>>> > Assorted performance improvements, enhancements, and bug fixes. >>>> > >>>> > Download here: http://sleuthkit.org/autopsy/download.php >>>> > >>>> > The Sleuth Kit 4.4.2 includes: >>>> > >>>> > usnjls tool for NTFS USN log (from noxdafox) >>>> > Added index to mime type column in DB >>>> > Use local SQLite3 if it exists (from uckelman-sf) >>>> > Blackboard Artifacts have a shortDescription metho >>>> > Fix for highest HFS+ inum lookup (from uckelman-sf) >>>> > Fix ISO9660 crash >>>> > various performance fixes and added thread safety checks >>>> > >>>> > Download here: http://sleuthkit.org/sleuthkit/download.php >>>> > >>>> > thanks, >>>> > brian >>>> > >>>> > >>>> > ------------------------------------------------------------ >>>> ------------------ >>>> > Check out the vibrant tech community on one of the world's most >>>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> > _______________________________________________ >>>> > sleuthkit-users mailing list >>>> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>> > http://www.sleuthkit.org >>>> > >>>> >>> >>> ------------------------------------------------------------ >>> ------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> >>> _______________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >>> >>> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> >> > > > -- > Hoyt > ----------------- > There are 11 kinds of people - those who think binary jokes are funny, > those who don't, ...and those who don't know binary. > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: Hoyt H. <hoy...@gm...> - 2017-09-25 15:35:19
|
I may have missed it, but will the upcoming Sleuth Kit release include the AFF4 patches? If not, is there any idea when we might see this? I apologize if I have indeed missed it. Hoyt On Fri, Sep 15, 2017 at 12:18 PM, Richard Cordovano < rco...@ba...> wrote: > Scratch that, we have indeed decided to do a 4.5.0 release in early > October. > > On Fri, Sep 15, 2017 at 6:42 AM, <rco...@ba...> wrote: > >> Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early October. >> >> Sent from my iPhone >> >> On Sep 14, 2017, at 11:06 PM, Brian Carrier <ca...@sl...> >> wrote: >> >> We're looking to do a 4.5.0 release in early October (along with an >> Autopsy release). >> >> On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...> >> wrote: >> >>> Brian, >>> >>> As you know some CVE's came out after 4.4.2. Looking at the bug >>> tracker looks like you have them fixed. >>> >>> Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit >>> maintainer, should I create appropriate patches to 4.4.2? Or do you >>> know if Redhat, Ubuntu, Mint has already done it? >>> >>> Thanks >>> Greg >>> -- >>> Greg Freemyer >>> Advances are made by answering questions. Discoveries are made by >>> questioning answers. >>> — Bernard Haisch >>> >>> >>> On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> >>> wrote: >>> > I forgot to announce last week that new releases are up. >>> > >>> > Autopsy 4.4.1 includes: >>> > >>> > Beta version of new central repository feature for correlating >>> artifacts >>> > across cases; results are displayed using an Interesting Artifacts >>> branch of >>> > the Interesting Items tree and an Other Data Sources content viewer. >>> I'll >>> > post a blog post about using this later next week. >>> > Results viewer (top right area of desktop application) sorts are >>> persistent >>> > and can be applied to either the table viewer or the thumbnail viewer. >>> > Assorted performance improvements, enhancements, and bug fixes. >>> > >>> > Download here: http://sleuthkit.org/autopsy/download.php >>> > >>> > The Sleuth Kit 4.4.2 includes: >>> > >>> > usnjls tool for NTFS USN log (from noxdafox) >>> > Added index to mime type column in DB >>> > Use local SQLite3 if it exists (from uckelman-sf) >>> > Blackboard Artifacts have a shortDescription metho >>> > Fix for highest HFS+ inum lookup (from uckelman-sf) >>> > Fix ISO9660 crash >>> > various performance fixes and added thread safety checks >>> > >>> > Download here: http://sleuthkit.org/sleuthkit/download.php >>> > >>> > thanks, >>> > brian >>> > >>> > >>> > ------------------------------------------------------------ >>> ------------------ >>> > Check out the vibrant tech community on one of the world's most >>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> > _______________________________________________ >>> > sleuthkit-users mailing list >>> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> > http://www.sleuthkit.org >>> > >>> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> >> > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > -- Hoyt ----------------- There are 11 kinds of people - those who think binary jokes are funny, those who don't, ...and those who don't know binary. |
|
From: Richard C. <rco...@ba...> - 2017-09-15 17:47:17
|
Scratch that, we have indeed decided to do a 4.5.0 release in early October. On Fri, Sep 15, 2017 at 6:42 AM, <rco...@ba...> wrote: > Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early October. > > Sent from my iPhone > > On Sep 14, 2017, at 11:06 PM, Brian Carrier <ca...@sl...> wrote: > > We're looking to do a 4.5.0 release in early October (along with an > Autopsy release). > > On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...> > wrote: > >> Brian, >> >> As you know some CVE's came out after 4.4.2. Looking at the bug >> tracker looks like you have them fixed. >> >> Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit >> maintainer, should I create appropriate patches to 4.4.2? Or do you >> know if Redhat, Ubuntu, Mint has already done it? >> >> Thanks >> Greg >> -- >> Greg Freemyer >> Advances are made by answering questions. Discoveries are made by >> questioning answers. >> — Bernard Haisch >> >> >> On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> >> wrote: >> > I forgot to announce last week that new releases are up. >> > >> > Autopsy 4.4.1 includes: >> > >> > Beta version of new central repository feature for correlating artifacts >> > across cases; results are displayed using an Interesting Artifacts >> branch of >> > the Interesting Items tree and an Other Data Sources content viewer. >> I'll >> > post a blog post about using this later next week. >> > Results viewer (top right area of desktop application) sorts are >> persistent >> > and can be applied to either the table viewer or the thumbnail viewer. >> > Assorted performance improvements, enhancements, and bug fixes. >> > >> > Download here: http://sleuthkit.org/autopsy/download.php >> > >> > The Sleuth Kit 4.4.2 includes: >> > >> > usnjls tool for NTFS USN log (from noxdafox) >> > Added index to mime type column in DB >> > Use local SQLite3 if it exists (from uckelman-sf) >> > Blackboard Artifacts have a shortDescription metho >> > Fix for highest HFS+ inum lookup (from uckelman-sf) >> > Fix ISO9660 crash >> > various performance fixes and added thread safety checks >> > >> > Download here: http://sleuthkit.org/sleuthkit/download.php >> > >> > thanks, >> > brian >> > >> > >> > ------------------------------------------------------------ >> ------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > _______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > >> > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
|
From: <rco...@ba...> - 2017-09-15 11:08:25
|
Slight clarification: SleuthKit 4.4.3 and Autopsy 4.5.0 in early October. Sent from my iPhone > On Sep 14, 2017, at 11:06 PM, Brian Carrier <ca...@sl...> wrote: > > We're looking to do a 4.5.0 release in early October (along with an Autopsy release). > >> On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...> wrote: >> Brian, >> >> As you know some CVE's came out after 4.4.2. Looking at the bug >> tracker looks like you have them fixed. >> >> Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit >> maintainer, should I create appropriate patches to 4.4.2? Or do you >> know if Redhat, Ubuntu, Mint has already done it? >> >> Thanks >> Greg >> -- >> Greg Freemyer >> Advances are made by answering questions. Discoveries are made by >> questioning answers. >> — Bernard Haisch >> >> >> On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> wrote: >> > I forgot to announce last week that new releases are up. >> > >> > Autopsy 4.4.1 includes: >> > >> > Beta version of new central repository feature for correlating artifacts >> > across cases; results are displayed using an Interesting Artifacts branch of >> > the Interesting Items tree and an Other Data Sources content viewer. I'll >> > post a blog post about using this later next week. >> > Results viewer (top right area of desktop application) sorts are persistent >> > and can be applied to either the table viewer or the thumbnail viewer. >> > Assorted performance improvements, enhancements, and bug fixes. >> > >> > Download here: http://sleuthkit.org/autopsy/download.php >> > >> > The Sleuth Kit 4.4.2 includes: >> > >> > usnjls tool for NTFS USN log (from noxdafox) >> > Added index to mime type column in DB >> > Use local SQLite3 if it exists (from uckelman-sf) >> > Blackboard Artifacts have a shortDescription metho >> > Fix for highest HFS+ inum lookup (from uckelman-sf) >> > Fix ISO9660 crash >> > various performance fixes and added thread safety checks >> > >> > Download here: http://sleuthkit.org/sleuthkit/download.php >> > >> > thanks, >> > brian >> > >> > >> > ------------------------------------------------------------------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > _______________________________________________ >> > sleuthkit-users mailing list >> > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> > http://www.sleuthkit.org >> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Brian C. <ca...@sl...> - 2017-09-15 03:32:30
|
We're looking to do a 4.5.0 release in early October (along with an Autopsy release). On Thu, Sep 14, 2017 at 7:54 PM, Greg Freemyer <gre...@gm...> wrote: > Brian, > > As you know some CVE's came out after 4.4.2. Looking at the bug > tracker looks like you have them fixed. > > Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit > maintainer, should I create appropriate patches to 4.4.2? Or do you > know if Redhat, Ubuntu, Mint has already done it? > > Thanks > Greg > -- > Greg Freemyer > Advances are made by answering questions. Discoveries are made by > questioning answers. > — Bernard Haisch > > > On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> > wrote: > > I forgot to announce last week that new releases are up. > > > > Autopsy 4.4.1 includes: > > > > Beta version of new central repository feature for correlating artifacts > > across cases; results are displayed using an Interesting Artifacts > branch of > > the Interesting Items tree and an Other Data Sources content viewer. I'll > > post a blog post about using this later next week. > > Results viewer (top right area of desktop application) sorts are > persistent > > and can be applied to either the table viewer or the thumbnail viewer. > > Assorted performance improvements, enhancements, and bug fixes. > > > > Download here: http://sleuthkit.org/autopsy/download.php > > > > The Sleuth Kit 4.4.2 includes: > > > > usnjls tool for NTFS USN log (from noxdafox) > > Added index to mime type column in DB > > Use local SQLite3 if it exists (from uckelman-sf) > > Blackboard Artifacts have a shortDescription metho > > Fix for highest HFS+ inum lookup (from uckelman-sf) > > Fix ISO9660 crash > > various performance fixes and added thread safety checks > > > > Download here: http://sleuthkit.org/sleuthkit/download.php > > > > thanks, > > brian > > > > > > ------------------------------------------------------------ > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > sleuthkit-users mailing list > > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > http://www.sleuthkit.org > > > |
|
From: Greg F. <gre...@gm...> - 2017-09-15 00:25:37
|
The github issue has seen no updates since it was created. I would do the packaging for openSUSE if there is going to be a autopsy rpm for it. Willing to test or help out otherwise. I assume "ant build" is the right way to try and build autopsy in linux. With a local build attempt I get: [ 4s] + ant build [ 4s] Buildfile: /home/abuild/rpmbuild/BUILD/autopsy-autopsy-4.4.1/build.xml [ 5s] [ 5s] download: [ 5s] [mkdir] Created dir: /home/abuild/rpmbuild/BUILD/autopsy-autopsy-4.4.1/netbeans-plat/8.2/harness [ 5s] [echo] Downloading clusters harness|java|platform [ 5s] [get] Getting: http://deadlock.netbeans.org/hudson/job/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harn ess/tasks.jar [ 5s] [get] To: /tmp/tasks.jar [ 5s] [get] Error getting http://deadlock.netbeans.org/hudson/job/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans /harness/tasks.jar to /tmp/tasks.jar [ 5s] [ 5s] BUILD FAILED [ 5s] /home/abuild/rp If this is going to be officially part of openSUSE it can't require Internet access during the build, so I don't know if there is any chance of autopsy getting into openSUSE or not. Thanks Greg -- Greg Freemyer Advances are made by answering questions. Discoveries are made by questioning answers. — Bernard Haisch On Tue, Jul 11, 2017 at 4:18 PM, Brian Carrier <ca...@sl...> wrote: > The topic of getting Autopsy packaged up on a Linux distro has come up again > and I wanted to reach out to see who was building Autopsy on Linux and who > was doing packaging work so that we can all work together and make this > happen. can you let me know if you can help out in either? > > I made a github issues to track the development results. > > thanks, > brian > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
|
From: Greg F. <gre...@gm...> - 2017-09-14 23:55:41
|
Brian, As you know some CVE's came out after 4.4.2. Looking at the bug tracker looks like you have them fixed. Are you going to do a 4.4.3 soon, or as the openSUSE sleuthkit maintainer, should I create appropriate patches to 4.4.2? Or do you know if Redhat, Ubuntu, Mint has already done it? Thanks Greg -- Greg Freemyer Advances are made by answering questions. Discoveries are made by questioning answers. — Bernard Haisch On Wed, Aug 16, 2017 at 8:31 PM, Brian Carrier <ca...@sl...> wrote: > I forgot to announce last week that new releases are up. > > Autopsy 4.4.1 includes: > > Beta version of new central repository feature for correlating artifacts > across cases; results are displayed using an Interesting Artifacts branch of > the Interesting Items tree and an Other Data Sources content viewer. I'll > post a blog post about using this later next week. > Results viewer (top right area of desktop application) sorts are persistent > and can be applied to either the table viewer or the thumbnail viewer. > Assorted performance improvements, enhancements, and bug fixes. > > Download here: http://sleuthkit.org/autopsy/download.php > > The Sleuth Kit 4.4.2 includes: > > usnjls tool for NTFS USN log (from noxdafox) > Added index to mime type column in DB > Use local SQLite3 if it exists (from uckelman-sf) > Blackboard Artifacts have a shortDescription metho > Fix for highest HFS+ inum lookup (from uckelman-sf) > Fix ISO9660 crash > various performance fixes and added thread safety checks > > Download here: http://sleuthkit.org/sleuthkit/download.php > > thanks, > brian > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
38 messages has been excluded from this view by a project administrator.
