Known Repository for the Sleuth Kit
I am looking for a known repository to install The Sleuth Kit. I am currently running Suse 9.x and am having a hell of a time installing The Sleuth Kit. I am getting one dependecy error after another. When I do try and add the dependency I get a conflict after conflict.
1. Does anyone know of a software repository to obtain The Sleuth Kit.
2. What is everyone's favorite linux distribution for doing forensics work? I used to like Fedora, but doesn't play nice with VMware (or at least it didnt.)
Thanks in advance.
2. What is everyone's favorite linux distribution for doing forensics work?
My personal favourite is Gentoo Linux, I would also recommend you look at SMART Linux http//www.asrdata.com which uses Slackware. Another option would be to install Helix, Debain based, Heilx already has Sleuthkit installed. Note that installing Helix to hard drive is not currently supported, but it is possible -)
I use Debian with Sleuth Kit and Autopsy in VMware, works fine, only problem is that VMware doesnÂ´t support Firewire and I could not use my Writeblocker. So I have to create the image on a physical machine.
To answer your first question, I have Mepis installed on my home machine. It is based on Ubuntu, which in turn is based on Debian. Sleuthkit and Autopsy are both in the Mepis/Ubuntu repository, and installed on my machine without a hitch. I am relatively certain that they would both also be in the various Debian repositories as well.
As far as the second question…..that's the beauty of Linux, you can dig around and find your own favorite. My preference are Debian based systems because I like APT.
I run my entire business off Mepis.. I love it! I have many tools for security work installed (pen testing and audits mostly), but its not forensically sound. If your looking for anything that might get challenged - use Helix.
I have a machine with a empty drive (be sure its forensically sound as a repository for data) and a fast CDROM drive. I slave the drive being evaluated to the system and boot to the CD.
Then its just the usual.. make a image, open a case with Autopsy and investigate away!
I am looking for a known repository to install The Sleuth Kit. I am currently running Suse 9.x and am having a hell of a time installing The Sleuth Kit.
I think the main problem might be your distro version. Is there any chance that you could upgrade to SuSe 10.x? I am running SuSe 10.0 and upgraded to the latest versions of TSK and Autopsy at the weekend with online repositories. Unfortunately I couldn't tell you which specific repository that it came from, I use the repositories listed in THIS PAGE
You can download the source files and install it according to their readme.
I've never seen that fail.