Dependencies Windows

Joachim Metz edited this page May 3, 2018 · 84 revisions

This page contains detailed instructions on how to build and install dependencies on Windows.

There are multiple ways to install the dependencies on Windows:

  • Prepackaged dependencies;
  • Using the log2timeline devtools to batch build most of the dependencies;
  • Manual build of the dependencies.

Prepackaged dependencies

Moved to https://github.com/log2timeline/plaso/wiki/Dependencies#windows

Batch build

Moved to https://github.com/log2timeline/plaso/wiki/Dependencies#batch-build

Manual build

For ease of maintenance the following instructions use as much MSI package files as possible via "Programs and Features". Note that the resulting MSI files are not intended for public redistribution.

Note that when making MSI packages, make sure the remove the previous versions before installing the newer version.

Alternative installation methods like installing directly from source, using easy_install or pip are not recommended because when not maintained correctly they can mess up your setup more easily than using MSIs. E.g. easy_installer and pip do not always remove older versions, e.g. when upgrading IPython 0.13 to 1.1, though Python distutil generated MSI packages don't detect and remove previous versions either it is less likely you'll end up with multiple different versions of the same package installed side-by-side.

If you run into problems building, installing or running the dependencies first check: Troubleshooting.

Build essentials

Make sure the necessary building tools and development packages are installed on the system:

Note that plaso itself is platform independent but if you use a 64-bit version of Python all of the dependencies should be compiled as 64-bit.

First create a build root directory:

C:\plaso-build\

Cython

Download the latest source package from: http://cython.org/#download

To build the MSI file run the following commands from the build root directory:

tar xfv Cython-0.23.1.tar.gz
cd Cython-0.23.1
C:\Python27\python.exe setup.py bdist_msi
cd ..

This will create a MSI in the dist sub directory e.g.:

dist\Cython-0.23.1.win32-py2.7.msi

Install the MSI.

Python modules

The following instructions apply to the following dependencies:

Name Download URL Comments Dependencies
artifacts https://github.com/ForensicArtifacts/artifacts/releases
bencode https://pypi.python.org/pypi/bencode
binplist https://github.com/google/binplist/releases
construct https://pypi.python.org/pypi/construct#downloads 2.5.2 or later 2.x version six
dateutil https://pypi.python.org/pypi/python-dateutil
dfdatetime https://github.com/log2timeline/dfdatetime/releases
dfvfs https://github.com/log2timeline/dfvfs/releases
dfwinreg https://github.com/log2timeline/dfwinreg/releases
dpkt https://pypi.python.org/pypi/dpkt
google-apputils https://pypi.python.org/pypi/google-apputils
hachoir-core https://bitbucket.org/haypo/hachoir/wiki/Install/source
hachoir-parser https://bitbucket.org/haypo/hachoir/wiki/Install/source
hachoir-metadata https://bitbucket.org/haypo/hachoir/wiki/Install/source
pefile https://github.com/erocarrera/pefile/releases
psutil https://pypi.python.org/pypi/psutil
PyParsing http://sourceforge.net/projects/pyparsing/files/ 2.0.3 or later 2.x version
python-gflags https://github.com/google/python-gflags/releases
pytsk https://github.com/py4n6/pytsk/releases
pytz https://pypi.python.org/pypi/pytz
PyYAML http://pyyaml.org/wiki/PyYAML
pyzmq https://pypi.python.org/pypi/pyzmq Needs Cython to build
requests https://github.com/kennethreitz/requests/releases Make sure to click on: "Show # newer tags"
six https://pypi.python.org/pypi/six#downloads
yara-python https://github.com/VirusTotal/yara-python
XlsxWriter https://github.com/jmcnamara/XlsxWriter/releases

Building a MSI

Setup.py allows you to easily build a MSI in most cases. This paragraph contains a generic description of building a MSI so we do not have to repeat this for every dependency.

To build a MSI file from package-1.0.0.tar.gz run the following commands from the build root directory.

First extract the package:

tar zxvf package-1.0.0.tar.gz

If you are not familiar with extracting tar files on Windows see: How to unpack a tar file in Windows

Next change into the package source directory and have setup.py build a MSI:

cd package-1.0.0\
C:\Python27\python.exe setup.py bdist_msi

This will create a MSI in the dist sub directory e.g.:

dist\package-1.0.0.win32.msi

Note that the actual MSI file name can vary per package.

To install the MSI from the command line:

msiexec.exe /i dist\package-1.0.0.win32.msi /q

libyal

The following instructions apply to the following dependencies:

Name Download URL Comments Dependencies
libbde https://github.com/libyal/libbde
libesedb https://github.com/libyal/libesedb
libevt https://github.com/libyal/libevt
libevtx https://github.com/libyal/libevtx
libewf https://github.com/libyal/libewf-legacy zlib
libfsntfs https://github.com/libyal/libfsntfs
libfvde https://github.com/libyal/libfvde
libfwnt https://github.com/libyal/libfwnt
libfwsi https://github.com/libyal/libfwsi
liblnk https://github.com/libyal/liblnk
libmsiecf https://github.com/libyal/libmsiecf
libolecf https://github.com/libyal/libolecf
libqcow https://github.com/libyal/libqcow
libregf https://github.com/libyal/libregf
libscca https://github.com/libyal/libscca
libsigscan https://github.com/libyal/libsigscan
libsmdev https://github.com/libyal/libsmdev
libsmraw https://github.com/libyal/libsmraw
libvhdi https://github.com/libyal/libvhdi
libvmdk https://github.com/libyal/libvmdk
libvshadow https://github.com/libyal/libvshadow

Install the following dependencies for building libyal:

  • zlib

TODO: describe building dependencies.

Since the build process for the libyal libraries is very similar, the following paragraph provides building libevt as an example. For more details see the build instructions of the individual projects e.g. https://github.com/libyal/libevt/wiki/Building.

Note that there is also a script to batch build the libyal dependencies more information here: https://github.com/log2timeline/l2tdevtools/wiki/Build-script

Example: libevt and Python-bindings

Download the latest source package from: https://github.com/libyal/libevt/releases

Extract the source package:

tar xfv libevt-alpha-20131013.tar.gz

Next change into the package source directory and have setup.py build a MSI:

cd libevt-20131013
C:\Python27\python.exe setup.py bdist_msi

This will create a MSI in the dist sub directory e.g.:

dist\pyevt-20131013.1.win32-py2.7.msi

Install the MSI.

pysqlite

By default Python 2.7 comes with pysqlite 2.6.0 which works fine in combination with sqlite3 version 3.7.8.

Follow the instructions below if you wish to update pysqlite to a newer version.

Download the latest source package from: https://pypi.python.org/pypi/pysqlite

TODO: describe what changes are necessary to get this working, DLL import and find the sqlite3.h include header.

To build the MSI file run the following commands from the build root directory:

tar xfv pysqlite-2.6.3.tar.gz
cd pysqlite-2.6.3\
cp ..\sqlite3\sqlite3.h src\
cp ..\sqlite3\msvscpp\Release\sqlite3.dll .
cp ..\sqlite3\msvscpp\Release\sqlite3.lib .
C:\Python27\python.exe setup.py bdist_msi
cd ..

This will create a MSI in the dist sub directory e.g.:

dist\pysqlite-2.6.3.win32.msi

Remove:

C:\Python27\DLL\sqlite3.dll
C:\Python27\DLL\_sqlite3.pyd
C:\Python27\Lib\sqlite3\

Install the MSI.

Copy sqlite3.dll to:

C:\Python27\Lib\site-package\pysqlite2\

pywin32

Download the latest installer from: http://sourceforge.net/projects/pywin32/files/pywin32/

SQLite

Plaso requires at least sqlite3 version 3.7.8. By default Python 2.7 comes with a far older version that cannot handle newer FireFox sqlite3 database files.

Download the latest source package from: http://www.sqlite.org/download.html

E.g. sqlite-amalgamation-3080100.zip

Extract the source package in the build root directory.

Download the sqlite3 Visual Studio 2008 solution files.

Extract the sqlite3 Visual Studio 2008 solution files in the sqlite-amalgamation source directory.

Open the Microsoft Visual Studio 2008 solution file:

C:\plaso-build\sqlite-amalgamation-3080100\msvscpp\sqlite3.sln

Build the solution.

If the build is successful copy the SQLite DLL to your Python installation:

copy C:\plaso-build\sqlite-amalgamation-3080100\msvscpp\Release\sqlite3.dll C:\Python27\DLLs\

Optional dependencies for output modules

elasticsearch-py

Download the latest source package from: https://github.com/elastic/elasticsearch-py

TODO: describe

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.