forked from sleuthkit/sleuthkit
-
Notifications
You must be signed in to change notification settings - Fork 3
/
INSTALL.txt
114 lines (81 loc) · 3.49 KB
/
INSTALL.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
The Sleuth Kit
http://www.sleuthkit.org/sleuthkit
Installation Instructions
Last Modified: Oct 2012
REQUIREMENTS
=============================================================================
Tested Platform:
- FreeBSD 2-6.*
- Linux 2.*
- OpenBSD 2-3.*
- Mac OS X
- SunOS 4-5.*
- Windows
Build System:
- C/C++ compiler
- GNU Make
- GNU autoconf, automake, and libtool
- Java compiler / JDK (if you want the java bindings)
Optional Programs:
- Autopsy: Provides a graphical HTML-based interface to The
Sleuth Kit (which makes it much easier to use). Install this AFTER
installing The Sleuth Kit.
Available at: http://www.sleuthkit.org/autopsy
Optional Libraries:
There are optional features that TSK can use if you have installed
them before you build and install TSK.
- AFFLIB: Allows you to process disk images that are stored in the
AFF format. Version 3.3.6 has been tested to compile and work with this
release.
Available at: http://www.afflib.org
- LibEWF: Allows you to process disk images that are stored in the
Expert Witness format (EnCase Format). Version 20120304 has been
tested to compile and work with this release.
Available at: http://sourceforge.net/projects/libewf/
INSTALLATION
=============================================================================
Refer to the README_win32.txt file for details on Windows.
The Sleuth Kit uses the GNU autotools for building and installation.
There are a few steps to this process. First, run the 'configure'
script in the root TSK directory. See the CONFIGURE OPTIONS section
for useful arguments that can be given to 'configure.
$ ./configure
If there were no errors, then run 'make'.
$ make
The 'make' process will take a while and will build the TSK tools.
When this process is complete, the libraries and executables will
be located in the TSK sub-directories. To install them, type
'make install'.
$ make install
By default, this will copy everything in to the /usr/local/ structure.
So, the executables will be in '/usr/local/bin'. This directory will
need to be in your PATH if you want to run the TSK commands without
specifying '/usr/local/bin' everytime.
If you get an error like:
libtool: Version mismatch error. This is libtool 2.2.10, but the
libtool: definition of this LT_INIT comes from libtool 2.2.4.
libtool: You should recreate aclocal.m4 with macros from libtool 2.2.10
libtool: and run autoconf again.
Run:
./bootstrap
and then go back to running configure and make. To run 'bootstrap',
you'll need to have the autotools installed (see the list at the
top of this page).
CONFIGURE OPTIONS
-----------------------------------------------------------------------------
There are some arguments to 'configure' that you can supply to
customize the setup. Currently, they focus on the optional disk
image format libraries.
--without-afflib: Supply this if you want TSK to ignore AFFLIB even
if it is installed.
--with-afflib=dir: Supply this if you want TSK to look in 'dir' for
the AFFLIB installation (the directory should have 'lib' and 'include'
directories in it).
--without-ewf: Supply this if you want TSK to ignore libewf even
if it is installed.
--with-libewf=dir: Supply this if you want TSK to look in 'dir' for
the libewf installation (the directory should have 'lib' and 'include'
directories in it).
-----------------------------------------------------------------------------
Brian Carrier
carrier <at> sleuthkit <dot> org