±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35896
New Yesterday: 1 Visitors: 158

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Slueth 1.72 and Autopsy

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

benjiga69
Newbie
 

Slueth 1.72 and Autopsy

Post Posted: Nov 06, 04 04:26

I am in the midst of finding a bachelors program for computer forensic. There is one at southern oregon university that I am considering attending in the following year. I found this site while looking for various schools offering such a program. I just wanted to give a little preface to my situation. I dont know a lot about the field just yet but I find it very excitng and interesting. I have read some books on c programming and HTML, however I am finding that I know very little. My real question is how do I install the Slueth 1.72 and Autopsy forensics programs on my computer? I looked at the install file, the author refered to typing in $make? But he/she did not say where to type this in? Like for example a compiler program, dos prompt, run? I just need a little help getting started so I can explore these two programs. The answer is something very simple i'm sure, ha, ha!
Thanks  
 
  

Steve
Member
 

Re: Slueth 1.72 and Autopsy

Post Posted: Nov 06, 04 06:13

I believe these tools are written to be run on Linux systems not Windows.
_________________
Steve - CCE 
 
  

Andy
Senior Member
 

Re: Slueth 1.72 and Autopsy

Post Posted: Nov 06, 04 11:50

Autopsy is a web-based graphical interface that uses the Sleuthkit command-line tools. Sleuthkit needs to be installed/compilled first, then autopsy. They are both Linux programs, and to my knowledge not yet been ported into Windows.

It can be run using cygwin. Cygwin is a Linux-like environment for Windows. It can be downloaded here: www.cygwin.com/

Cygwin in Windows and Linux can be complicated if you are not too familiar with them (and by the sound of things you arn't) you might want to try taking a look at a CD-ROM based distro such as Penguin Sleuth Kit at:

www.linux-forensics.co...loads.html

Alternatively (and my personal preference) Helix at:

www.e-fense.com/helix/

You can download both onto your Windows box as iso files, burn them to CD, and then you can boot to them in a Linux environment. No messing with installing Linux onto your machine, it doesn't harm your Windows install, and no need for a dual boot setup, etc. Once your finished you simply remove the CD and reboot, back into Windows.

Both distros have Sleuth and Autopsy built in. Autopsy is the front end HTML based browser for Sleuth. I thought it was a bit tricky to get to grips with when I first used it, and much prefer something more COTS.

Andy  
 
  

jamie
Site Admin
 

Re: Slueth 1.72 and Autopsy

Post Posted: Nov 07, 04 17:14

Autopsy/TSK under Cygwin...I never thought of that Shocked

Interesting...

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus 
 

Page 1 of 1