Suggestion: move autopsy maintenance to Debian Forensics team
Fabian Grünbichler
fabian.gruenbichler at tuwien.ac.at
Mon Mar 17 06:11:47 UTC 2014
On 03/17/2014 01:16 AM, Eriberto wrote:
> Hi!
>
> I looked over the new autopsy 3 (currently in 3.0.9 version)[1]. The
> upstream says[2]:
>
> "Although Autopsy is designed to be cross-platform (Windows, Linux,
> MacOSX), the current version is fully functional and fully tested only
> on Windows.
> We have run it on XP, Vista, and Windows 7 with no problems."
>
> My first impression is that is a pure Windows based program. The
> upstream stuffed several third-party softwares in his tarball, doing
> 79 MB. An example:
>
> $ ls thirdparty
> ant-contrib crt gstreamer jdiff jfxrt junit libscalpel_jni
> mactime pasco2 sigar
>
> I think that the upstream linked autopsy with some specific versions
> of the other programs. Exemple:
>
> $ ls thirdparty/ant-contrib/1.0b3/lib
> bcel-5.1.jar commons-httpclient-3.0.1.jar commons-logging-1.0.4.jar
> ivy-1.3.1.jar
>
> As I talked before, I will analyse all in two or three weeks. But I
> think that this is a Windows only code...
>
> Good night!
>
> Cheers,
>
> Eriberto
>
> [1] https://github.com/sleuthkit/autopsy/releases
> [2] https://github.com/sleuthkit/autopsy
>
>
> 2014-03-14 12:16 GMT-03:00 Henri Salo <henri at nerv.fi>:
>> I'm happy to help with testing. We can talk more in #debian-forensics
Hello,
my first impression was about the same - it doesn't look like the most
Debian/Linux-friendly upstream to me ;)
OTOH, their github repository (or repositories, one for sleuthkit, one
for autopsy) compiles without problems using an up to date wheezy/sid
install.
I haven't tried replacing the included jars and libs with ones available
in Debian. I can run Autopsy and ingest a raw image (didn't try other
formats), but some features are broken. E.g., viewing recovered images
or videos only displays a black panel instead of the actual content. I
am sure other stuff does not work as expected as well, I only had time
for limited tests.
I will report back as soon as I found the time to test some more.
Kind regards,
Fabian
--
GPG: https://web.student.tuwien.ac.at/~fgruenbi/key.asc or on your
favourite keyserver
More information about the forensics-devel
mailing list