An Autopsy [snap package](https://snapcraft.io/) file can be installed by running `sudo snap install --dangerous autopsy.snap`. The `--dangerous` needs to be specified because the snap package isn't signed (see [install modes](https://snapcraft.io/docs/install-modes#heading--dangerous) for more information). Super-priveleged may need to be connected. This can be done manually by running `snap connections autopsy` to determine any missing connections, and then running `snap connect autopsy:home` replacing `home` with the name of the plug. Another option is to run this script, which will connect all missing plugs: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. One other possible option may be to install the application with `--devmode` instead of `--dangerous`.
An Autopsy [snap package](https://snapcraft.io/) file can be installed by running `sudo snap install --dangerous autopsy.snap`. The `--dangerous` needs to be specified because the snap package isn't signed (see [install modes](https://snapcraft.io/docs/install-modes#heading--dangerous) for more information). By default, snap doesn't allow certain interactions with the operating system. These [Super-privileged connections](https://snapcraft.io/docs/super-privileged-interfaces) may need to be connected. This can be done manually by running `snap connections autopsy` to determine any missing connections, and then running `snap connect autopsy:home` replacing `home` with the name of the plug. Another option is to run this script, which will connect all missing plugs: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. One other possible option may be to install the application with `--devmode` instead of `--dangerous`. The `--devmode` flag is more permissive and will allow all connections to the operating system. More information on interface management can be found at the [snapcraft website](https://snapcraft.io/docs/interface-management).
## Running Autopsy
...
...
@@ -14,4 +14,14 @@ A [snap package](https://snapcraft.io/) of Autopsy can be generated using the [`
The version of Autopsy in the [`snapcraft.yml`](./snapcraft.yaml) can be updated by calling [`version_update.py`](./version_update/version_update.py) with a command like `python version_update.py -s sleuthkit_release_tag -a autopsy_release_tag -v snapcraft_version_name`. You will likely need to install the python dependencies in the [requirements.txt](./version_update/requirements.txt) with a command like: `pip install -r requirements.txt`.
The version of Autopsy can be updated manually by modifying fields relating to git repositories and commits in [`snapcraft.yml`](./snapcraft.yaml) under `parts.autopsy` and `parts.sleuthkit`. Specifically `source`, `source-branch`, and `source-tag`. More information can be found [here](https://snapcraft.io/docs/snapcraft-yaml-reference).
\ No newline at end of file
The version of Autopsy can be updated manually by modifying fields relating to git repositories and commits in [`snapcraft.yml`](./snapcraft.yaml) under `parts.autopsy` and `parts.sleuthkit`. Specifically `source`, `source-branch`, and `source-tag`. More information can be found [here](https://snapcraft.io/docs/snapcraft-yaml-reference).
## Troubleshooting
### Solr won't run
An error like "Local Solr Server did not respond to status request" or something similar, may indicate that not all snap connections may have not all snap connections may have been connected. These [Super-privileged connections](https://snapcraft.io/docs/super-privileged-interfaces) may need to be connected. This can be done manually by running `snap connections autopsy` to determine any missing connections, and then running `snap connect autopsy:home` replacing `home` with the name of the plug. Another option is to run this script, which will connect all missing plugs: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. One other possible option may be to install the application with `--devmode` instead of `--dangerous`. The `--devmode` flag is more permissive and will allow all connections to the operating system. More information on interface management can be found at the [snapcraft website](https://snapcraft.io/docs/interface-management).
### There are no local disks for processing
Autopsy looks at the block devices in the `/dev` directory for local disks to process. If autopsy can't read block devices in that directory, it won't show the local disk. In most instances, starting autopsy with a command like `sudo -g disk autopsy` should give autopsy the right permissions to view local disks. This assumes that the `disk` group has read rights to local disks (i.e. `/dev/sda1`). Appropriate permissions can be determined by running something like `ls -l /dev` looking for the permissions required for the local disks. Then autopsy should be started in such a way that the `$USER` and `$HOME` are preserved (i.e. running as root may be problematic), but the user account and, consequently, autopsy, has sufficient permissions to access local disk block devices.
