sleuthkit-users

[sleuthkit-users] Installation Problems (and hello!)

[Stuart B. <e_t...@ya...>]

Hi

I am new to both Sleuthkit and this list so would like to say hello to 
all. I am a serving law enforcement officer working in a busy UK HTCU. I 
have been in post for just over three years, but have been involved with 
computers for over fifteen years. I am a slightly "better than noob" 
linux user and find myself using it more and more in my current role.

Anyway, thats me. Unfortunately I have a problem that I cannot resolve 
so find myself asking for help on my first visit. I hope this is the 
right place for this sort of question.

Basically, I cannot seem to get "sleuthkit" installed on my system.

I am running Zenwalk (slackware based) on a 2.6.14.4 kernel. I 
downloaded the sleuthkit tarball to my home "dir", "untarred" it, read 
the INSTALL.txt and then typed "make". Lots of text went whizzing by and 
the prompt returned with no obvious errors. I gave gcc installed and all 
that.

I then tried "man sleuthkit" and got a "not found". I tried a couple of 
commands on a test dd image. Each time command not found. I tried 
"whereis sleuthkit" and again nothing found.

I tried installing again, this time from the "/usr" folder and the same 
thing happened.

Could anyone please tell me where I am going wrong. I suspect it is 
something simple but I just can't see it.

Many thanks

Stu

		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

Re: [sleuthkit-users] Installation Problems (and hello!)

[J B <je...@ad...>]

Sleuthkit make simply compiles the tools for your system, doesn't copy them 
to /bin or /usr/local or anything like that.

The executeables (many small programs) are to be found in the /bin dir 
inside where you extracted the tarball.

Copy them to wherever you like.  I'm not sure about man pages.. you might 
have to add a path to your environment variables for those, or maybe copy 
them to wherever other mans are.  I don't know that much about configuring 
man.

-Jessop

Re: [sleuthkit-users] Installation Problems (and hello!)

[Barry J. G. <bg...@im...>]

On Wed, 2006-02-08 at 16:16 +0000, Stuart Bird wrote:

> I then tried "man sleuthkit" and got a "not found". I tried a couple of 
> commands on a test dd image. Each time command not found. I tried 
> "whereis sleuthkit" and again nothing found.

Hi Stuart.

The "man sleuthkit" won't work because sleuthkit is the collection of
tools, not the command.  

When you untarred sleuthkit, and typed "make", you ended up with a
number of directories in that current directory.  One of those is ./bin
and another is ./man

./sleuthkit-2.xx/bin
./sleuthkit-2.xx/man/man1 (for command usage)

(note that the "./" indicates "from the current directory".)

in order to use the programs, you have to either call the program with
the explicit path, copy them to a direcory that is in you $PATH
(/usr, /usr/bin/ ...) or add their current directory to your $PATH.  I
usually choose to leave them where they are and either call them
explicity or use symlinks.

So, to use fsstat, I would type:

timmy Exercises # ~/tools/sleuthkit-2.03/bin/fsstat practical.floppy.dd

...to run fsstat on a floppy image in the "Exercises" directory.  Note
that I had to give the full path to the tool.

Again, if you want to run the man page for a given tool, change to
the ./sleuthkit-2.xx/man/man1 directory and look at the man page using:

timmy man1 # man ./fsstat.1

Note again that the ./ indicates that the file "fsstat.1" is located in
the current directory.

Do a little search on "$PATH" and "$MANPATH" to learn more about why you
either need to edit these paths or move/copy/link the files elsewhere.
Remember, Linux does not look in you current directory by default (like
DOS) for a command.  

HTH a litte...

Also, note that "whereis" normally uses hard coded paths, so it most
likely won't find TSK tools unless they are moved/copied/linked to
standard "program" locations for Linux.  You could use "locate", but
would have to run "updatedb" first.

Barry

-- 
/***************************************
Special Agent Barry J. Grundy
NASA Office of Inspector General
Computer Crimes Division 
Goddard Space Flight Center
Code 190
Greenbelt Rd.
Greenbelt, MD 20771
(301)286-3358
**************************************/

Re: [sleuthkit-users] Installation Problems (and hello!)

[farmer d. <far...@ya...>]

Hi Stu,


> Basically, I cannot seem to get "sleuthkit"
> installed on my system.

The Sleuth Kit doesn't get installed on a system,
unless you use a pre-compiled package from someone
else.  A while back I used to build RPMs when I used
RH Linux for The Sleuth Kit so that the executables
would be copied to '/usr/local/bin', the man pages to
their respective directories, etc.



> read 
> the INSTALL.txt and then typed "make".

The key in that file you read is:

"All tools will be compiled into the 'bin' directory. 
All manual pages are located in the 'man' directory. 
To always have access to the manual pages, add the
directory to your MANPATH environment variable. If you
would like the binaries to be placed in a common
directory, such as /usr/local/bin, then it must be
done manually."

So the file holds the key.  You must do it manually.
You could symlink them or copy or move them to where
you like.  Be careful to not overwrite existing
binaries.


cheers!

farmerdude

http://www.farmerdude.com/



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com