No problem, let me know if I can help further.
I would advocate grabbing The Sleuth Kit (and Autopsy if inclined) from sleuthkit.org web site and compiling from source. It is very easy and the INSTALL and README included with the source tells all.
Also, if you do it this way you can enable support for HFS (which isn't enabled by default).
regards,
farmerdude
Hey farmerdude,
Do you have any more information about HFS support in the sleuthkit? I looked into this about a month ago when I was at the DoD conference because I heard it mentioned but could only find a
Any ideas or experience?
I have downloaded The Sleuth Kit and have been able to get the tarball openned and to create the subdirectories for sleuthkit-2.03. (I have also downloaded The Autopsy tarball as well, which has created the autopsy-2.06 subdirectory as well. Per SleuthKit.org instructions, I have not done anything towards installing the Autopsy-2.06.)
Like previous poster(s), I am noobie to UNIX/LINUX, but have finally installed SUSE 10.0 Linux with BootManager to machine also running Windows XP-SP2. I can sign on as ROOT. But, I can not find the SHELL icon anywhere, nor can I figure out how to get to a COMMAND LINE. But I have noticed that I can use the file browser to get to /sleuthkit-2.03. Once there, the GUI "File" menu has an entry for "Open in Terminal" which I took as a means to start using the Bash SHELL. The prompt within the terminal session is "linux /tmp/sleuthkit-2.03#" When I key in "make" it give me back
cd src/auxtools; make "CC=gcc" MAKELEVEL=
gcc - DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.03\" -0 - Wall -g -c -o mymalloc.o mymalloc.c
make gcc Command not found
make [myalloc.o] Error 127
make [defs] Error 2
make *** [no-perll Error 2
How can I get this thing to install? Am I correct in assuming that the terminal session is the same as a command line prompt?
Just as a side issue. If you are struggling with the Linux install and compiling sleuthkit, why don't you try a Boot CD with it installed for you. Try Helix by e-fence -
http//
I'm not a Linux guru but I'll try to help - The shell icon on SUSE 10 is the little terminal icon (with the black screen) on your taskbar. Or click the kicker (same place as the Windows start button), and go to System-Terminal.
Installation of both Autopsy and Sleuthkit is straightforward. Once downloaded you can use the GUI compressed file extractor (Konqueror will do it) and copy the folder(s). I placed mine at /usr/local.
Navigate to these folders in the terminal as root. Sleuthkit needs to be compiled first, then Autopsy.
Those error messages are telling you to install some additional packages. You have probably installed SUSE 10 with just the default and basic packages. Click the kicker (Green circle with lizard face - bottom left of taskbar i.e. where the windows start button is) then go to System - Control Centre (YaST) and Software. Click Software Management and select 'Selections' in the drop down menu. Put a tick in the Kernal Development, All of KDE, Gnome system, and C/C++ compiler tools, and Kernal Development. The click accept. This will install extra packages.
I may be giving you too many packages to install, but sod it. I had the same problems with the compilation and it worked for me.
Andy
P.S. Try the one page Linux manual at -
http//
I have gotten past the Linux install. (I am communicating with this forum from within SUSE 10.0 via Firefox.) I am trying to finish up my final course project for a Computer Forensics course, and have very severe time deadlines. ("If it weren't for the last minute, things would never get done.") I can not wait for CD to arrive, so I was hoping that I could get past this compile stage and get right to using the Autopsy/SleuthKit. I am looking everywhere for help, including PCQuest.com articles, but am still stymied. I will try your siggestions.
The "Terminal" screen on the lower right corner of the SUSE GUI does not seem to be doing anything.
Both of the tarballs you downloaded and extracted contain an install readme that will explain the process. However, as Andy pointed out the error
make gcc Command not found
relates to a compiler error and nothing specific to sleuthkit or autopsy. There are at least two possible causes for this problem
1). gcc is not installed on your system
2). gcc is not installed correctly on your system.
You need to fix this problem before you can compile the sources of either program. This isn’t a Linux forum so I don’t want to turn this thread into a Linux ‘how to’, but I do want to help. There is plenty of material and help elsewhere on the net about this problem so you should be able to find a solution, and if you cant then maybe pm me.
If the objective is just to try and use the programs then Andy’s suggestions are good. Also can you get the binaries from the site that are already compiled for your system thus removing the need for you to compile them yourself?
Edit You must have posted your last reply just before mine. If gui icons aren't responding then your entire distro install might have gone wrong. Might be worth a re-install to fix the icons and gcc?
You could try going through YaST and trying to remove then replace or just re-install the gcc package from your installation CD’s. This should install the package cleanly.
I have started the download of the Helix_V1.7-12-07-2005.iso. According to the documentation, I only need to burn this image to a CD and then boot from it. Is that correct? Also, does that mean that The Stealth Kit will be running from the CD, or can I get an install from the *.iso image?
Thanks very much for your ongoing support and encouragement.
Will I need to "immediately" resolve the gcc issues, if I can get either (1) the *.iso image to work, or (2) the Linux Binaries to work?
SuSe will not install gcc or perl or virtually anything else for a programmer -) in its stock install.
Therefore you will not be able to compile anything as your computer now stands.
As others have said you will need to go to Yast and add gcc and as you will need perl add that too.
However the idea to use Helix is a good one and will run from the CD entirely and you will not need to sort out gcc perl etc and will get you out of trouble - but as you are a newbie, I anticipate that you may have issues "saving" your work (your disk won't be writeable). Hopefully you can overcome this.
Don't worry about the linux binaries - everything you need is on the .iso image. Make sure you burn it correctly (not data file but bootable iso)
I would prefer to go the full install way with Yast and add sleuthkit/autopsy but Linux can be a steep learning curve when you are doing something a little out of the ordinary to desktop users and as you see it can be frustrating and time consuming (especially when you don't have any time) trying to learn sleuthkit/autopsy etc when you need a good solid grounding of Linux first.
Hope you have luck.
Regards
Brian C