I have installed Sleuthkit-3.1.3 with Autopsy-2.24 in both Linux and Windows environment, everything goes fine it takes images but when I click on Analyze button next page appears where File Analysis, File Type and Meta Data tabs do not work.
Is there anybody who can guide in this situation??????
Regards!!!
Sound like you have added an image file that has either an unsupported/unrecognised file system, or you have added an image file that is in EWF or AFF format, and you haven't build and set the libewf or afflib dependencies correctly
Hope this helps
Ben
Image is in .dd format
I faced same problem on SANS pre-configured Fedora Virtual Machine…
thanks
If it's a known image, do you know what the file system in use is? Could it be something like XFS, which A/SK doesn't handle as of yet?
Kind regards
Ben
Or indeed could it have no filesystem present?
I suggest removing the case from your autopsy evidence locker etc and re-adding it. There is a step during the adding case/evidence stage where autopsy will report on filesystems detected etc. and tell you whether there is or isn't one present, and also inform you if there were any errors or problems adding the evidence.
Kind regards
Ben
Its image of USB Drive having FAT32 File system.
Okay I try it again
Thanks ben
Ok, another idea to consider is that the dd image acquisition did not complete successfully.
If you still have access to the physical device, I would suggest re-acquiring the image using dd or better yet dcfldd with its verbose flag enabled to get more information.
Also, try checking the output to the terminal in Linux (I am assuming you are launching autopsy from Terminal) when you add the image within autopsy to see if any diagnostic messages appear there!
Ben
Its working now…..thanks Brother