@bcarrier bcarrier released this Mar 14, 2018 · 3927 commits to develop since this release

Assets 4

We're incrementally releasing a packaged version of Autopsy for Linux. This is the first version of it based on the official 4.6.0 release.

Prerequisites

The following need to be done at least once. They do not need to be repeated for each Autopsy release.

  1. Install testdisk for photorec functionality
    % sudo apt-get install testdisk
  2. Install Oracle Java and set JAVA_HOME. Use the instructions here:
    https://medium.com/coderscorner/installing-oracle-java-8-in-ubuntu-16-10-845507b13343

Installation

  1. Install the sleuthkit-java.deb file that is part of this Autopsy release. This is not an official package yet. This will install libewf, etc.
    % sudo apt install ./sleuthkit-java_4.6.0-1_amd64.deb
  2. Make a directory for autopsy, for example:
    % mkdir autopsy-4.6.0-linux1
  3. Move the ZIP file that is part of this release into the folder and extract the contents (note the ZIP file does not contain a single top-level folder).
  4. Run the unix_setup script to configure Autopsy
    % sh unix_setup.sh

Running

  1. In a terminal, change to the ‘bin’ directory in the folder you created.
  2. Run Autopsy
    ./autopsy

Known Limitations

  • Multi-user cases are not supported
  • Local drives cannot be analyzed
  • VMDK / VHDI images not supported
  • Dead JAR issues if you ever run as ‘root’. Other users can’t overwrite one of the .so files. To fix it, have root delete the /tmp/libtsk_jni.so file.