Getting The Sleuth Kit and Autopsy Browser running on Ubuntu 8.04 Desktop with VMware Tools on windows Xp

To begin a few links you'll need.

VMware Player - Lets you create a virtual machine, think Linux inside a window.
Ubuntu 8.04 Desktop - Loads into VMplayer so you have it running in windows
The Sleuth Kit (TSK) - The website is the best source for information here.
Autopsy Forensic Browser - Makes TSK easier to use by adding graphical interface

Once you have all these downloaded you can begin by installing VMware Player.

Next go to where you placed Ubuntu and look for a file called Ubuntu you should be able to double click this to load up Ubuntu in VMware player. You can find the basic information and username/password in the info.txt found inside the same folder.

Once you are at the desktop of Ubuntu you'll be needing the TSK and Autopsy files putting on, I my self just went on firefox which is already on Ubuntu and downloaded the files above. The versions I used are sleuthkit-3.0.1.tar.gz and autopsy-2.21.tar.gz.

On your desktop where the files would appear by default, you will want to extract them using the default program offered.

Next load up Terminal which can be found at the top left in Applications/Accessories

The first thing to do here is download build essential because without it, you wont be able to compile properly. The error I was getting before installing this was.

configure: error: C++ preprocessor "/lib/cpp" fails sanity check

Type the following...

sudo aptitude update
When promoted for password enter your password.
sudo aptitude install build-essential

This should now have installed all the elements of build-essential.

-----
NOTE : Some permission issues/errors that can occur can be fixed by running the same commands from root, You can become root by typing sudo -i in terminal. To exit Root after you have run the command type exit .

Make sure you don't stay in root as it can cause more problems and damage.
-----

Next we'll install TSK. Type the following

cd /home/user/Desktop/sleuthkit-3.0.0

(Obviously if you installed it somewhere else simply adjust the above to match)

Next type.

./configure

This should run without errors after installing build essential as we did above.

Type make

Don't be afraid at all the text that appears just wait till its fininshed.

Next Type make install

You may need to add sudo before this .. so sudo make install


This should have completed the TSK install.

Moving on now to the Autopsy install. (I am assuming you have already extracted the file into a directory)

Type cd /home/user/Desktop/autopsy-2.20

Again type the commands

./configure

make

At the prompt that will appear first you'll want to say No. For more information see the INSTALL.TXT

Next you ll be asked to provide a directory for evidence locker this folder must be made by you. I placed mine on my desktop by right clicking the desktop and selecting Create folder. I named it locker.

So in the box back at the prompt you would type

/home/user/Desktop/locker

Now when you want to run autopsy make sure your in the right directory by typing this from terminal.

cd /home/user/Desktop/autopsy-2.20

Then type ./autopsy

Now copy what it says Http://localhost:9999/autopsy into firefox.

Welcome to TSK with Autopsy !

In time I hope to create some basic images for practise investigations. So keep tuned to the blog!

Remember to keep the terminal window open and when your done with it, you simply press control and c

A helpful thing to remember is check the INSTALL.txt for extra information and a good tip when using terminal is you can drag and drop files into the terminal window to quickly get the directory written for you.

I hope this guide was of use to someone, I don't claim to be an expert I just aimed this at helping any one stuck. If you ran into trouble at any stage of the above please feel free to leave a comment and Ill do my up most to see if I can help you get it fixed.

Any comments welcome.. the good, the bad and even ugly.