From e28ca07b03a9a00364f95636f9c6528d7efd8652 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Tue, 12 Jun 2012 12:26:00 -0400 Subject: [PATCH] Updated docs --- BUILDING.txt | 38 ++++++++++++++------ KNOWN_ISSUES.txt | 26 +++++++------- NEWS.txt | 2 +- README.txt | 92 +++++++++++++++++++++++++++--------------------- 4 files changed, 92 insertions(+), 66 deletions(-) diff --git a/BUILDING.txt b/BUILDING.txt index b01dc103ad..ac72b54316 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -1,3 +1,5 @@ + Last Updated: June 12, 2012 + This file outlines what it takes to build Autopsy from source. Note that it currently only works out of the box on Windows. We @@ -5,33 +7,48 @@ are working on getting the process working under non-WIndows systems. It generally works, but needs some custom mangling to find the correct C libraries. + STEPS: -1) Download and install 32-bit version of JDK (32-bit is currently +1) Get Java Setup +1a) Download and install 32-bit version of JDK (32-bit is currently needed even if you have a 64-bit system). -2) Ensure that JDK_HOME is set to the root JDK directory. +1b) Ensure that JDK_HOME is set to the root JDK directory. -3) Download and install Netbeans IDE 7.0.1 (http://netbeans.org/) +1c) Download and install Netbeans IDE 7.0.1 (http://netbeans.org/) -4) Download and build the release version of Libewf2 (20120304 or later). All you need is the dll file. Note that you will get a launching error if you use libewf 1. + +2) Get Sleuth Kit Setup +2a) Download and build the release version of Libewf2 (20120304 or later). All you need is the dll file. Note that you will get a launching error if you use libewf 1. - http://sourceforge.net/projects/libewf/ -5) Set LIBEWF_HOME environment variable to root directory of LIBEWF +2b) Set LIBEWF_HOME environment variable to root directory of LIBEWF -6) Download and build release version of Sleuth Kit (TSK) 4.0. You +2c) Download and build release version of Sleuth Kit (TSK) 4.0. You need to build the tsk_jni project. - At the time of this writing, 4.0 is not released. You can get it from either -- GIT: git://github.com/sleuthkit/sleuthkit.git -- SVN: http://svn.github.com/sleuthkit/sleuthkit.git -7) Build the TSK JAR file by typing 'ant' in bindings/java from a +2d) Build the TSK JAR file by typing 'ant' in bindings/java from a command line or by opening the project in NetBeans. -8) Set TSK_HOME environment variable to the root directory of TSK +2e) Set TSK_HOME environment variable to the root directory of TSK -9) Start NetBean IDE and open the Autopsy project. -10) Choose to build the Autopsy project / module. It is the highest +3) Get gstreamer Setup + +If Autopsy installer is not used, add the following entries to Windows PATH environment variable +(replace GSTREAMER_INSTALL_DIR with the location of gstreamer install root directory): + + GSTREAMER_INSTALL_DIR\bin\; + GSTREAMER_INSTALL_DIR\lib\gstreamer-0.10\; + + +4) Compile Autopsy +4a) Start NetBean IDE and open the Autopsy project. + +4b) Choose to build the Autopsy project / module. It is the highest level project that will then cause the other modules to be compiled. @@ -55,5 +72,4 @@ rebuild both the dll and the JAR file. --------------- Brian Carrier -4/6/2012 carrier sleuthkit org diff --git a/KNOWN_ISSUES.txt b/KNOWN_ISSUES.txt index f51fcbe88d..0552958c64 100644 --- a/KNOWN_ISSUES.txt +++ b/KNOWN_ISSUES.txt @@ -1,17 +1,17 @@ -Known issues and limitations + Known Issues -We plan to address the following issues in future releases. + Last Reviewed: June 12, 2012 -General: -- Only a single instance of the application can be started at once. -There is no check if another instance is already running. Running a second instance will cause issues. -- Only a single case can be opened at a time. -Keyword search module: -- Keyword search maximum size of files of known types to be indexed and searched is 100MB. -There is no limit on size of unknown file types indexed using string extraction. -- Currently we extract only English strings from files of unknown types. +This lists the bugs and issues thare are known and could effect +investigation results. There are other minor interface bugs that +are not listed here. -Installation: -- Installer version currently supports only Windows OS (XP or newer), -- Currently only 32 bit version of Autopsy is provided with the installer (works on 64 bit Windows OS) \ No newline at end of file +Keyword Search module: +- Slack space of files is not added to the index and therefore will +not be searched. +- Files larger than 100MB AND that are file types that are supported +by Tika (word docs, PDF, HTML, JPEG, etc.) are not being added to +the index. +- For unknown file types, we extract UTF-8 (Ascii) and UTF-16 English +strings. No non-English strings are extracted. diff --git a/NEWS.txt b/NEWS.txt index 2bdc2f48a7..7a1566b5b2 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,4 +1,4 @@ -3.0.0b3 (June X, 2012) +3.0.0b3 (June 12, 2012) New Features: - Ingest manager runs triage/ingest task after disk is added. - Keyword search (indexed via SOLR) diff --git a/README.txt b/README.txt index c7691a9b09..ca546bd46e 100644 --- a/README.txt +++ b/README.txt @@ -21,61 +21,71 @@ There is no need for manual installation of additional dependencies if the insta Refer to the next section for additional info on third-party software requirements to run Autopsy without installer. +Refer to the KNOWN_ISSUES.txt file for known bugs that could cause investigation problems. + + +SUPPORT + +There is a built-in help system in Autopsy once you get it started. There is also a QuickStart Guide that came +with the installer. + +Send any bug reports or feature requests to the sleuthkit-users e-mail list. + http://www.sleuthkit.org/support.php + + +LICENSE + +The Autopsy code is released under the Apache License, Version 2. See LICENSE-2.0.txt for details. + EMBEDDED SOFTWARE -Autopsy (core) utilizes the following third-party software tools. -The tools are bundled with the installer, unless specified otherwise. +This section lists the software components and libraries that are used inside of +Autopsy. These tools are bundled with the installer, unless specified otherwise. -* JRE (Java Runtime Environment) 1.6, 32 bit +JRE (Java Runtime Environment) 1.6, 32 bit +- Web page: http://www.oracle.com/technetwork/java/index.html +- License: http://www.oracle.com/technetwork/java/javase/terms/license/index.html -Web page: http://www.oracle.com/technetwork/java/index.html -Oracle license: http://www.oracle.com/technetwork/java/javase/terms/license/index.html - -JRE needs to be manually installed on the system if Autopsy installer is not used. - -* Netbeans 7.0.1 RCP platform and .jar files bundled with the platform - -Web page: http://netbeans.org/features/platform/ -License: +Netbeans 7.0.1 RCP platform and .jar files bundled with the platform +- Web page: http://netbeans.org/features/platform/ +- License: http://services.netbeans.org/downloads/licence/nb-7.0-final-2011-04-20-license.txt -* Solr (including Lucene and TIKA) -Web page: http://projects.apache.org/projects/solr.html -Apache license: http://www.apache.org/licenses/LICENSE-2.0 +Sleuth Kit for analyzing disk images. +- Web page: http://www.sleuthkit.org/sleuthkit/ +- License: http://sleuthkit.org/sleuthkit/licenses.php -* GStreamer -Web page: http://gstreamer.freedesktop.org/ -License: http://www.gnu.org/licenses/lgpl.html +Libewf for opening E01 files +- Web page: http://sourceforge.net/projects/libewf/ +- License: http://www.gnu.org/licenses/lgpl.html -If Autopsy installer is not used, add the following entries to Windows PATH environment variable -(replace GSTREAMER_INSTALL_DIR with the location of gstreamer install root directory): +zlib for opening E01 files +- Web page: http://zlib.net/ +- License: http://zlib.net/zlib_license.html -GSTREAMER_INSTALL_DIR\bin\; -GSTREAMER_INSTALL_DIR\lib\gstreamer-0.10\; +Solr (including Lucene and TIKA) for keyword search +- Web page: http://projects.apache.org/projects/solr.html +- License: http://www.apache.org/licenses/LICENSE-2.0 +GStreamer for viewing video files +- Web page: http://gstreamer.freedesktop.org/ +- License: http://www.gnu.org/licenses/lgpl.html -* GStreamer-java -Web page: http://code.google.com/p/gstreamer-java/ -License: http://www.gnu.org/licenses/lgpl.html +GStreamer-java for viewing video files +- Web page: http://code.google.com/p/gstreamer-java/ +- License: http://www.gnu.org/licenses/lgpl.html +Regripper for pulling recently activity +(Including custom plugins) +- Web page: http://regripper.wordpress.com/ +- License: http://www.gnu.org/licenses/gpl.html -* Regripper -(regripper and custom plugins found in autopsy/thirdparty) -Web page: http://regripper.wordpress.com/ -License: http://www.gnu.org/licenses/gpl.html +Pasco2 for pulling Internet Explorer activity +- Web page: http://sourceforge.net/projects/pasco2/ +- License: http://www.gnu.org/licenses/gpl.html -* Pasco -Web page: http://sourceforge.net/projects/odessa/files/Pasco/ - -* Advanced installer 9.0 (Freeware) +Advanced installer 9.0 (Freeware) (not embedded in Autopsy, but used to generate Autopsy installer.) -If you want to generate Autopsy installer, you will need to install the freeware version of Advanced Installer software) +- Web page: http://www.advancedinstaller.com/ -Web page: http://www.advancedinstaller.com/ - - -FEEDBACK - -Send any bug reports or feature requests to the sleuthkit-users e-mail list. - http://www.sleuthkit.org/support.php \ No newline at end of file