Hello,
I've just installed The Sleugh Kit and Autopsy following this guide
When I start autopsy using cygwin using "./autopsy" and go to a web browser (FF) and enter "http//localhost9999/autopsy" I get a failed to connect error. I've tried with my firewall disabled.
Anyone got any ideas why?
Many thanks!
Have you tried setting FF to "Work Offline"?
Thanks for the response. I've just tried it and its still not working. Do you have to do something to activate TSK?
Do you use a proxy ?
Have you tried telneting to the port ?
another idea download tcpview from systernals and see if it is listening
check if a ping to 127.0.0.1 is possible, this is the local machine. If this ping is not possible, the error is in your network. Good luck Chris
I can see it listening on port 9999 in tcpview. I don't use a proxy either.
In the path in environmental variables I had it set to C\cygwin\usr\local\bin
That been the location of the TSK .exe files.
Edit Pinged ok.
I just reconfigured autopsy and it found version 3.0.1 of tsk. Also I have vmware server installed. I tried killing that in task manager which didn't work either.
May want to try the mailing list. Brian seems to be very responsive to such problems.
To troubleshoot
1. Ping localhost (also check your hosts file for strange entries http//
Do you get a response?
2. telnet localhost 9999
(possibly try running on a different port)
Do you get a banner or a failure to connect?
Have you tried switching to a different port? (http//
obtw…what browser are you using? (version)
Hope that helps you troubleshooting the problem. (Also, I'd validate the expected process is running on that port)
Sorry for the slow response. I have exams at the moment.
I've got Penguin Sleuth Kit in VMware which seems to work apart from I can't connect my external USB drive. At first I got an error proclaiming I had to upgrade the virtual machine for high speed support. I'm using the latest version of vmware. Under VM the update vm selection is grayed out.
I found that adding ehci.present = "true" to the vmx file prevents the error.
Where does one locate the drive in Knoppix? I think automatic mounting is disabled. Still I'm not very familiar with Knoppix.
Many thanks.
…Where does one locate the drive in Knoppix? I think automatic mounting is disabled. Still I'm not very familiar with Knoppix.
Many thanks.
Are you running the Knoppix ISO in vmware or did you do an install to a vmware container? There may be some other issues in 'handing off' the USB drive to the virtual machine.
As I recall PSK doesn't auto mount by design, you will need to set up a mount point and then use the 'mount' command with -r to make it read only (if that is what you want). I am not sure if you are new to linux so -
mkdir /mnt/your mount point
mount -t (insert the file system type here) -r /dev/sd* /mnt/your mount point
sd* refers to the partition to mount so if the USB drive is sda with one partition you would input sda1
This gives you a read only mount on the USB partition.