How to install Sleuthkit and Autopsy in Ubuntu

Sleuth Kit and Autopsy are investigation tools for Digital Forensics. Autopsy Forensics Browser is a graphical interface to the command line digital investigation analysis tool in Sleuth Kit. Like other Disk Analysis tools like Photo Rec and Foremost, this tool will be used for recovering the lost files from the file system. It can be run both in Windows and Linux.

The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The plug-in framework allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

First download the files from the website.

1. Autopsy

2. Sleuth Kit

After the download extract the files into a directory.

1. First get into the Sleuth Kit directory.

2. Run the configure file. P.S: This should be run without any errors

3. Then run the make command. This may take some time 🙂

4. Then type make install, you should be a super user to run this command

1
2
3
4
user@ubuntu:~/Desktop/Download/Tools$ cd sleuthkit-4.0.1/
user@ubuntu:~/Desktop/Download/Tools/sleuthkit-4.0.1$ ./configure
user@ubuntu:~/Desktop/Download/Tools$ make
user@ubuntu:~/Desktop/Download/Tools/sleuthkit-4.0.1$ sudo make install

Sleuth Kit Configuration is finished next moving to Autopsy,

1. Get into the autopsy folder

2. Run the configure file. If you run it, it will prompt for the NIST NSR library hash file configuration and press no for it. Next prompt will be regarding the Evidence Locker directory path. Autopsy saves the configuration files, logs, output everything in this directory. Create a directory of your own name and provide it’ path name in the prompt. I am creating a directory with name  “Evidence_Locker” in my home directory.

1
2
user@ubuntu:~/Desktop/Download/Tools$ cd autopsy-2.24/
user@ubuntu:~/Desktop/Download/Tools/autopsy-2.24$ ./configure

3. Creating the Evidence Locker folder. P.S:

1
2
3
user@ubuntu:~$ mkdir Evidence_Locker
user@ubuntu:~/Evidence_Locker$ pwd
/home/shankie/Evidence_Locker

P.S: Paste your path name of the directory in the prompt. This is mine :p

1
2
3
Enter the directory that you want to use for the Evidence Locker:
/home/user/Evidence_Locker

Yep, you are done with the installation part! Will execute and see what happens!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
user@ubuntu:~/Desktop/Download/Tools/autopsy-2.24$ ./autopsy
============================================================================
Autopsy Forensic Browser
ver 2.24
============================================================================
Evidence Locker: /home/user/Evidence_Locker
Start Time: Fri Nov 16 12:02:32 2012
Remote Host: localhost
Local Port: 9999
Open an HTML browser on the remote host and paste this URL in it:
http://localhost:9999/autopsy
Keep this process running and use <ctrl-c> to exit

There you go, paste the URL in your browser. Should come like this in your browser

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: