Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Any Autopsy specific discussions, events, module releases, that don't fall into the other categories.

Moderator: carrier

Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Postby ketil » Tue Oct 21, 2014 2:52 pm

Hi,

I got Autopsy compiled on Ubuntu 14.04.1. Here's a recipe in case anyone else is interested. I've made the commands pretty thorough, so that it should work on a very basic install of Ubuntu, like a fresh minimal LXC ubuntu install.

If you use LXC or any other minimal headless Ubuntu install, you can connect with "ssh -X hostname" and run autopsy from inside the LXC container if you don't want to install everything on your computer, but you won't have access to files outside the container without some more mounting/configuration. The resulting LXC container is about 3GB.

These instructions build libewf from source, then sleuthkit and autopsy from source straight off github.

Code: Select all
sudo apt-get install software-properties-common # installs add-apt-repository
sudo apt-get install wget # installs wget, used in the wget command
sudo apt-get install xauth # for ssh -X to work

sudo apt-get install git git-svn build-essential libssl-dev libbz2-dev libz-dev ant automake autoconf libtool vim python-dev uuid-dev libfuse-dev libcppunit-dev libafflib-dev
sudo apt-get install gstreamer1.0
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

wget https://53efc0a7187d0baa489ee347026b8278fe4020f6.googledrive.com/host/0B3fBvzttpiiSMTdoaVExWWNsRjg/libewf-20140608.tar.gz
mkdir ~/git
cd ~/git
git clone https://github.com/sleuthkit/sleuthkit.git
git clone https://github.com/sleuthkit/autopsy.git
mkdir ~/src
cd ~/src
tar xvfz ~/libewf-20140608.tar.gz
cd libewf-20140608
./configure --enable-python --enable-verbose-output --enable-debug-output --prefix=$HOME/tsk
make
make install

cd ~/git/sleuthkit
git checkout develop # make sure we're on the develop branch
./bootstrap
./configure --prefix=$HOME/tsk --with-libewf=$HOME/tsk
make
make install

## Fix some missing files...
mkdir -p ~/tsk/bindings/java/dist
cp -v ~/tsk/share/java/Tsk_DataModel.jar ~/tsk/bindings/java/dist
mkdir -p ~/tsk/bindings/java/lib
cp -v ~/git/sleuthkit/bindings/java/lib/sqlite-jdbc-3.7.15-M1.jar ~/tsk/bindings/java/lib

cd ~/git/autopsy
export JDK_HOME=/usr
export LIBEWF_HOME=$HOME/tsk
export TSK_HOME=$HOME/tsk
ant build
ant run


From now on, either set TSK_HOME in your .bashrc file, or set it manually from the command line every time you want to run autopsy from source:

Code: Select all
export TSK_HOME=$HOME/tsk
cd ~/git/autopsy
ant run


Please share if you have any improvements.

[Edit 2015-05-31: added libfuse-dev and uuid-dev, and use already downloaded sqlite-jdbc instead of fetching it again]
[Edit 2015-07-04: added the required libcppunit-dev and the optional libafflib-dev]
Last edited by ketil on Sat Jul 04, 2015 12:31 am, edited 2 times in total.
ketil
 
Posts: 2
Joined: Tue Sep 23, 2014 4:09 pm

Re: Building autopsy on Ubuntu 14.04.1

Postby little.yoda » Sun Feb 01, 2015 9:32 pm

Using 14.04:

Running ant build, i get the following error:
Code: Select all
 [nb-javac] /home/sven/forensic/autopsy/autopsy/CoreLibs/src/org/sleuthkit/autopsy/corelibs/SigarLoader.java:21: error: package com.sun.javafx does not exist
 [nb-javac] import com.sun.javafx.PlatformUtil;
 [nb-javac]                      ^
 [nb-javac] /home/sven/forensic/autopsy/autopsy/CoreLibs/src/org/sleuthkit/autopsy/corelibs/SigarLoader.java:21: error: package com.sun.javafx does not exist
 [nb-javac] import com.sun.javafx.PlatformUtil;
 [nb-javac]                      ^
 [nb-javac] /home/sven/forensic/autopsy/autopsy/CoreLibs/src/org/sleuthkit/autopsy/corelibs/SigarLoader.java:46: error: cannot find symbol
 [nb-javac]                         if (PlatformUtil.isWindows()) {
 [nb-javac]                             ^
 [nb-javac]   symbol:   variable PlatformUtil
 [nb-javac]   location: class SigarLoader
 [nb-javac] 2 errors


Suggestions?
Thanks,

Sven
little.yoda
 
Posts: 2
Joined: Sun Feb 01, 2015 9:28 pm

Re: Building autopsy on Ubuntu 14.04.1

Postby ketil » Sun Feb 01, 2015 10:10 pm

Are you sure you're using Oracle Java8? I seem to recall having a problem like this when I tried with the Ubuntu bundled java.
ketil
 
Posts: 2
Joined: Tue Sep 23, 2014 4:09 pm

Re: Building autopsy on Ubuntu 14.04.1

Postby little.yoda » Mon Feb 02, 2015 7:58 pm

yes. But also Oracle Java 7 was installed and some variables pointed to this version.

I've updated your script. Simply create an empty directory, put the script in this directory and run it.
Later you can rerun the script to update sleuthkit and autopsy

- Sven

Code: Select all
#!/bin/bash
workingdir=`pwd`

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install  oracle-java8-installer software-properties-common wget xauth git git-svn build-essential libssl-dev libbz2-dev libz-dev ant automake autoconf libtool vim python-dev gstreamer1.0

export JAVA_HOME="/usr/lib/jvm/java-8-oracle/"
export JDK_HOME="/usr/lib/jvm/java-8-oracle/"
export JRE_HOME="/usr/lib/jvm/java-8-oracle/jre/"
export TSK_HOME=$workingdir/tsk
# Download files / Git Reps
wget -c -O libewf.tar.gz https://github.com/libyal/libewf/releases/download/20150126/libewf-experimental-20150126.tar.gz
if [ ! -d sleuthkit ]
then   
   git clone https://github.com/sleuthkit/sleuthkit.git
fi
cd sleuthkit
make clean
git pull
cd ..

if [ ! -d autopsy ]
then
   git clone https://github.com/sleuthkit/autopsy.git
fi
cd autopsy
make clean
git pull
cd ..

# Compile libewf
rm -rf libewf/
mkdir libewf
cd libewf
tar --strip-components=1 -xvzf ../libewf.tar.gz
./bootstrap
./configure --enable-python --enable-verbose-output --enable-debug-output --prefix=$workingdir/tsk
make
make install

# Compile Sleuthkit
cd $workingdir/sleuthkit
./bootstrap
./configure --prefix=$workingdir/tsk --with-libewf=$workingdir/tsk
make
make install

# Build autopsy
mkdir -p $workingdir/tsk/bindings/java/dist
mkdir -p $workingdir/tsk/bindings/java/lib
cp $workingdir/tsk/share/java/Tsk_DataModel.jar $workingdir/tsk/bindings/java/dist/
cd $workingdir/tsk/bindings/java/lib
wget -c https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.7.15-M1/sqlite-jdbc-3.7.15-M1.jar
cd $workingdir/autopsy
ant build
little.yoda
 
Posts: 2
Joined: Sun Feb 01, 2015 9:28 pm

Re: Building autopsy on Ubuntu 14.04.1

Postby danpos » Fri Mar 13, 2015 2:27 pm

I followed the little.yoda's script line by line and it worked out like a charm.

In my case, I did it on Ubuntu 15.04 which was set up on virtual machine (Virtual Box).

Just for your information.

- Danilo
danpos
 
Posts: 2
Joined: Thu Mar 12, 2015 2:38 am

Re: Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Postby mfrade » Tue Nov 17, 2015 4:23 pm

Hi,

As anyone been able to compile Autopsy 4 on Linux?

I also followed the little.yoda's script succefully for autopsy 3.1.3 on Ubuntu 14.04.3. However, with the realease of autopsy 4.0.0 I get an error:

BUILD FAILED
/home/mfrade/src/build_script/autopsy/netbeans-plat/8.0.2/harness/suite.xml:187: The following error occurred while executing this line:
/home/mfrade/src/build_script/autopsy/Core/build.xml:36: The following error occurred while executing this line:
/home/mfrade/src/build_script/autopsy/Core/build.xml:25: Warning: Could not find file /home/mfrade/src/build_script/tsk/bindings/java/dist/Tsk_DataModel_PostgreSQL.jar to copy.


It seems that "tsk/bindings/java/dist/Tsk_DataModel_PostgreSQL.jar" is not built for some reason.
Are there any required packages related with PostgreSQL?
mfrade
 
Posts: 2
Joined: Thu Sep 17, 2015 4:11 pm

Re: Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Postby vezza » Mon Nov 23, 2015 5:46 am

I'm having the same problem on a Fedora 22 x86_64 system... I'm building autopsy using Oracle java open jdk but I think it is not the problem...
vezza
 
Posts: 1
Joined: Mon Nov 23, 2015 5:31 am

Re: Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Postby rickyars » Tue Nov 24, 2015 12:04 am

I'm having the same problem. Tried to build 4.0.0 today. Would be interested to know if anyone has found a solution.
rickyars
 
Posts: 1
Joined: Mon Nov 23, 2015 11:55 pm

Re: Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Postby artful.lurker » Thu Jan 07, 2016 3:53 am

I'm having the same problem mfrade bumped into. I'm trying to find a solution. It would help if I knew a little bit about this mysterious Tsk_DataModel_PostgreSQL.jar file. In my past life I was a C and UNIX developer and I avoided java like the plague (it's coming back to haunt me now). Can some one show me the exact line in little.yoda's script where this file gets built? Is anyone working on this?
artful.lurker
 
Posts: 1
Joined: Wed Dec 10, 2014 5:41 am
Location: Pacific North West

Re: Building autopsy on Ubuntu 14.04.1 [Updated July 2015]

Postby wmesser » Mon Jan 11, 2016 10:59 pm

So, I pulled the jars out of the Windows .msi file. (Use cabextract) The Windows Jars don't have hyphens in the filenames, but you can figure out where they go from the error messages you'll get with ant build.

However, now I have a new problem. I don't get any obvious errors when building, but when I do ant run, instead of launching Autopsy 4, I get the autopsy loading screen, then it loads up Netbeans instead. No clear errors in the IDE log, either.

Just sharing in case getting unstuck on this point helps someone else get a little farther.
wmesser
 
Posts: 1
Joined: Mon Jan 11, 2016 10:56 pm

Next

Return to Autopsy General

Who is online

Users browsing this forum: No registered users and 1 guest

cron