Sleuth Kit Installa...
 
Notifications
Clear all

Sleuth Kit Installation on Debian

24 Posts
9 Users
0 Likes
2,182 Views
(@israel)
Posts: 11
Active Member
Topic starter
 

Hey there, I'm a little new to Linux. And a complete noob to Forensics… but I'm running Mepis (a Debian distro) and needed some help setting up Sleuth Kit. Does anyone know what commands I need to use to install this package. I've already tried
apt-get install sleuthkit-1.2.whatever
dpkg -i sleuthkit-1.2.whatever
Any tips?

 
Posted : 06/01/2006 9:10 am
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

try apt-get install sleuthkit.

or apt-cache search sleuthkit.

The package should be there. If all else fails, go to packages.debian.org to search for the package name.

 
Posted : 06/01/2006 7:20 pm
(@fatrabbit)
Posts: 132
Estimable Member
 

The files for the 2.03 version are downloaded as a tarball, not a package, which need to be extracted first. Then all you have to do is run the makefile with the following command from root

$ make

This worked for me on my SUSE distro.

 
Posted : 06/01/2006 7:28 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

Maybe it's only provided as a tarball for SUSE, but debian has it packaged already.

In suse, you could do rpmbuild to create a package, so you can maintain it more easily.

 
Posted : 06/01/2006 7:33 pm
(@fatrabbit)
Posts: 132
Estimable Member
 

I dont need to manage it as a package as the latest version of the source comes from the sleuthkit site as a tarball which, once extracted, can be installed in seconds using the included make file.

 
Posted : 06/01/2006 7:37 pm
(@israel)
Posts: 11
Active Member
Topic starter
 

Well, I tried running the makefile but when I did it opened and revealed its source code.(didn't install itself) I saw /bin/sh at the top and ran that. I assume /bin/sh must open the gcc compiler? (Dev C++ Compiler Right?) Like I said I'm new to Linux, I've haven't compilied a script on it yet. (But I have many time on Windows) Where do I go from here?

 
Posted : 07/01/2006 3:11 pm
(@fatrabbit)
Posts: 132
Estimable Member
 

Ok no problem I'll try and help you out. Seeing /bin/sh at the top of the file tells linux that this is a shell script and it needs the shell program to interpret it, but dont worry about this.

From what you've said it sounds as if you are navigating through Konqueror (or whatever) and clicking on the makefile. What you need to do is start a root shell which you can do by right clicking on the shell icon and selecting root shell from the context menu. I'm not sure what your distros GUI looks like but if it's KDE then it should be at the bottom of the desktop looking like a shell or it'll be one of the options in the main menu. Once your shell is running and you've logged in as root all you have to do is change the directory to where the makefile is located by typing cd followed by the path, similar to DOS. Once there just type make and hit enter.

Sorry for the long description.

 
Posted : 08/01/2006 3:43 pm
(@israel)
Posts: 11
Active Member
Topic starter
 

Great! I had actually read about the "make" command, but I didn't know you had to change to that directory to make it work. Unfortunately everything flew by so fast while installing I didn't see where sleuthkit installed to. How do I run it?

 
Posted : 08/01/2006 7:22 pm
(@fatrabbit)
Posts: 132
Estimable Member
 

That's the problem with the makefile, the only time it stops to let you know whats going in is when it encounters an error!

If you extracted the tarball of the latest source code then it should have installed all of the program components into whatever directory you extracted the tarball to, sleuthkit-2.03 for example. All of the tools will be located in the bin directory within that directory. If all else fails search for a file called dcalc, the parent directory that this file is contained within is the location of all of the tools.

Remember that all of these tools are driven from the command line which means you have to fire up a shell, navigate to the bin directory I mentioned above and reference the tool by name with the correct parameters. Here is the link to the page on the sleuthkit site that details the use and format of the tools.

Tools

It might be worth you downloading the Autopsy Forensic Browser from the same site, this is essentially a browser based front end for the Sleuthkit and enables you to access and use the tools from within a browser. However some people are of the opinion that this front end isn't very good but it might be worth a look until you get more familiar with the command line in general and the Sleuthkit tools specifically. Hope this helps.

 
Posted : 08/01/2006 11:57 pm
(@israel)
Posts: 11
Active Member
Topic starter
 

Very good help indeed! Thank you…

 
Posted : 09/01/2006 12:42 pm
Page 1 / 3
Share: