autopsy icon indicating copy to clipboard operation
autopsy copied to clipboard

Published 20 hours ago verified publisher icon sleuthkit

Java-Problems on Mac OSX Mojave

Open chef2505 opened this issue 6 years ago • 22 comments

Hi. I tried to install autopsy 4.9 on MacOsX Mojave, following the instructions provided in the zip-file. Installation works well, but when starting, I only receive a blank window, without the possibility to open a case or work with autopsy. Trying to activate the autopsy-core-plugin, I receive the following message:

" Activation failed: StandardModule:org.sleuthkit.autopsy.core jarFile: /Users/Henry/Downloads/autopsy-4.9.0/autopsy/modules/org-sleuthkit-autopsy-core.jar: java.lang.UnsupportedClassVersionError: org/sleuthkit/datamodel/SleuthkitJNI has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0"

I have tried to install different java-versions, but without success. Is there anyone with a solution for me? Regards

chef2505 avatar Nov 05 '18 15:11 chef2505

Hey, same issue, let me load the GUI but couldn't begin an acquisition. Can anyone look into a patch, and let this thread know?

apicciut avatar Nov 05 '18 18:11 apicciut

My guess is that it has to do with the version of Java that brew uses.

bcarrier avatar Nov 05 '18 18:11 bcarrier

Thanks for the quick response Brian, what would your suggested work around be?

apicciut avatar Nov 05 '18 19:11 apicciut

Hi.. The mismatching java-version was also my first thought, hence I tried several java versions. Perhaps I missed the right one. Thx

chef2505 avatar Nov 06 '18 06:11 chef2505

Chef2505, let me know if you are able to successfully roll back to a version that will compile the core plugins.

apicciut avatar Nov 07 '18 04:11 apicciut

I have started with autopsy 4.8, which I was not able to run, respectively I was not able to activate the core plugins, the same problem like 4.9. So there was no version running on my mac. Sorry

chef2505 avatar Nov 08 '18 06:11 chef2505

It looks like the brew package was compiled with JDK 11 (class version 55), but Autopsy uses JDK 8 (class version 52).

Long-term, it would be good if brew shipped with the TSK Jar file complied with JDK 8. Short-term, you'll need to compile TSK yourself.... Download the TSK .tar.gz file and compile it. (./configure, make, make install, etc.).

I'll follow up with the brew people.

bcarrier avatar Nov 08 '18 15:11 bcarrier

I'm not entirely sure how to follow up with the brew people....

bcarrier avatar Nov 08 '18 16:11 bcarrier

Thank you for putting so much care into this issue, take your time with the brew situation. For the meantime, could you explain your solution a little more? I’m not a very proficient Unix user. None of the students in my class are either. Thank you again! Regards, Anthony

apicciut avatar Nov 08 '18 17:11 apicciut

Hi. Thanks a lot, that was the answer, I was looking for.. Happy new year...

Liebe Grüsse, Henry

Am 30.12.2018 um 13:11 schrieb Fabian Zeindl <[email protected]mailto:[email protected]>:

Just run brew install --build-from-source sleuthkit

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sleuthkit/autopsy/issues/4259#issuecomment-450556654, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Apzt2mrRYlyK4bboGRZgp9oGhyFU0jw1ks5u-K2GgaJpZM4YOnfr.

chef2505 avatar Dec 30 '18 18:12 chef2505

Using the --build-from-source switch didn't work for me

KMayne avatar Feb 21 '19 14:02 KMayne

Using the --build-from-source switch didn't work for me

Same, this didnt work for me either

tssandifer avatar Feb 21 '19 17:02 tssandifer

Please upvote comments with 👍instead of adding a +1 comment

KMayne avatar Mar 01 '19 16:03 KMayne

Building from source worked for me - make sure you reinstall and also reconfigure...

Warning: sleuthkit 4.6.5 is already installed and up-to-date
To reinstall 4.6.5, run `brew reinstall sleuthkit`

$ brew reinstall --build-from-source sleuthkit
$ sh unix_setup.sh
$ ./bin/autopsy

alohaninja avatar Apr 14 '19 07:04 alohaninja

Hey, I have tried ever option. I just finish trying to reinstall it however, I am still having the same greyed out issue. Please if anyone can resolve this, that would be awesome. I have a project due soon. Thank you

chrishithe avatar Mar 25 '20 03:03 chrishithe

In order to build Sleuthkit from source correctly, you need to edit the formula first:

brew edit sleuthkit

Then change the JAVA_HOME:

  def install
    #ENV["JAVA_HOME"] = Formula["openjdk"].opt_libexec/"openjdk.jdk/Contents/Home"
    ENV["JAVA_HOME"] = "/Library/Java/JavaVirtualMachines/liberica-jdk-8-full.jdk/Contents/Home"

Make sure you are using the Liberica JDK, as written in the docs. full.

Reinstall from source and run the setup again:

brew reinstall --build-from-source sleuthkit
sh unix_setup.sh

There seems to be another error about OpenJFX now, but at least this part is solved.

Edit: OK, the issue was about using liberica-jdk8 instead of liberica-jdk8-full.

Lazza avatar Apr 12 '20 13:04 Lazza

Hi

I follow hole Steps above and wow I see the first time a autopsy Interface on Mac Osx But can't use it hole Interface is gray out no Menu or Button works the normal Menu above the Interface work but than if I try make a new case I get javaFX Errors like:

java.lang.ClassNotFoundException: com.sun.javafx.PlatformUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:419) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352) at java.lang.ClassLoader.loadClass(ClassLoader.java:352) at org.netbeans.ProxyClassLoader.loadClass(ProxyClassLoader.java:222) Caused: java.lang.ClassNotFoundException: com.sun.javafx.PlatformUtil starting from ModuleCL@3acd7742[org.sleuthkit.autopsy.corelibs] with possible defining loaders null and declared parents [org.netbeans.MainImpl$BootClassLoader@7cd84586] at org.netbeans.ProxyClassLoader.loadClass(ProxyClassLoader.java:224) at java.lang.ClassLoader.loadClass(ClassLoader.java:352) Caused: java.lang.NoClassDefFoundError: com/sun/javafx/PlatformUtil at org.sleuthkit.autopsy.corelibs.SigarLoader.getSigar(SigarLoader.java:46) at org.sleuthkit.autopsy.coreutils.PlatformUtil.getPID(PlatformUtil.java:502) at org.sleuthkit.autopsy.coreutils.Installer.restored(Installer.java:60) at org.sleuthkit.autopsy.core.Installer.restored(Installer.java:385) at org.netbeans.core.startup.NbInstaller.loadCode(NbInstaller.java:468) [catch] at org.netbeans.core.startup.NbInstaller.loadImpl(NbInstaller.java:391) at org.netbeans.core.startup.NbInstaller.access$000(NbInstaller.java:102) at org.netbeans.core.startup.NbInstaller$1.run(NbInstaller.java:343) at org.openide.filesystems.FileUtil$2.run(FileUtil.java:437) at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:127) at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:519) at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:421) at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:441) at org.netbeans.core.startup.NbInstaller.load(NbInstaller.java:340) at org.netbeans.ModuleManager.enable(ModuleManager.java:1365) at org.netbeans.ModuleManager.enable(ModuleManager.java:1170) at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:340) at org.netbeans.core.startup.ModuleList.trigger(ModuleList.java:276) at org.netbeans.core.startup.ModuleSystem.restore(ModuleSystem.java:301) at org.netbeans.core.startup.Main.getModuleSystem(Main.java:181) at org.netbeans.core.startup.Main.getModuleSystem(Main.java:150) at org.netbeans.core.startup.Main.start(Main.java:307) at org.netbeans.core.startup.TopThreadGroup.run(TopThreadGroup.java:123) at java.lang.Thread.run(Thread.java:748)

I try hole Steps tree times every time same result I can now open Autopsy first time since I try get it running on Mac (I try since V 4.6) I feel no I hope I be near get a working autopsy but be also at end of my skills here.

If someone have a good Tip for me find the Solution to get Autopsy up and running with a case I would be so happy ;-)

Best

Andre

xeen3d avatar Apr 14 '20 10:04 xeen3d

You need to run it with liberica-jdk8-full, not liberica-jdk8. Also see this:

https://github.com/sleuthkit/autopsy/issues/5804

Lazza avatar Apr 14 '20 11:04 Lazza

Hi Lazza found the issue in install osx file is the wrong command for brew there is not a. brew cask install liberica-jdk8-full there is a brew cask install liberica-jdk8

and that is the wrong one I change the brew command to full and make a sleuth kit install from source with brew run unix_setup command and all looks good.

I am so happy have a running Autopsy on my Mac native running you can not believe me :-)

Many many many thanks for all Posters here you help me very well.

Best

Andre

xeen3d avatar Apr 14 '20 21:04 xeen3d

found the issue in install osx file is the wrong command for brew

Yes, this is why I proposed #5803. 😄

Lazza avatar Apr 14 '20 22:04 Lazza

I hope in 4.15 the updated Mac Instructions are included than other Users maybe real Mac Users not Administrators since 28 years like me can handle the process bring autopsy to running ;-)

And if sometime vmdk and local disks like mounted volumes are functional it become a real cool Tool for Investigation and Security researchers And my last Dream was a working Timeline :-)

A last question how you did run autopsy in user space or with sudo ? I start it in User Space but then I have no access to local disks. A dream coms near no VMware for Investigation ok I need it for cuckoo but if autopsy was full. working I never need starting Windows with Forensic Tools :-)

Best

Andre

xeen3d avatar Apr 14 '20 22:04 xeen3d

@xeen3d I run it as a normal user. I would personally not use it on real disks... and if I needed that, I would use xmount as root to create a read-only virtual raw device. It has the advantage to make disks accessible to Wine apps as well. 😛

Lazza avatar Apr 14 '20 22:04 Lazza