sift
sift copied to clipboard
teamdfir
Autopsy 4?
Hi, Is Autopsy 4 on the roadmap? Autopsy 2.24 is a bit long in the tooth. ~Salty
I'm sure this should be possible. Right now we're installing it through the Ubuntu PPA, and that's pinned at 2.24. We'll likely have to build from source, so I'll take a look at what it'll take to get it working.
Hi digitalsleuth,
I found this project over the weekend.
https://github.com/labcif/autopsy-packager
~Salty
Hey @salty4n6 , sorry for the delay, but I'm looking at this right now. It looks promising, but I need to confirm some dependency issues which seem to be popping up. I'll keep you posted.
Hi @salty4n6 , I've taken a great deal of time trying to find a workaround with getting this into SIFT, however the primary issue is that Autopsy depends on certain older versions of libvmdk libewf and libvhdi, which have since been updated by Joachim Metz under the GIFT Repo.
The newer versions are already installed in SIFT, as is Sleuthkit, and this causes a conflict when trying to install Autopsy.
As a workaround, I've created a simple Autopsy docker which can be used within SIFT. If you'd like, you can take a look at it here. The instructions can be found in the repo, and the docker is already built and available on the Docker Hub.
Hopefully, until we find a more permanent solution, I hope this helps.
@digitalsleuth - Looks awesome! Much appreciated. I'll kick the tires more soon but from what I've tested so far, it's great.
~Salty
@digitalsleuth want to sync on this issue at some point. Might be a good time to try and solve it. I've had at least one other request as of late.
Sounds good to me. I'm away on vacation this week, but will be available this weekend!
Hey @ekristen , I'm back from vacation and ready to take a look at this whenever you are.