Installing OCFA on Ubuntu. Practical installation procedures, Installing The Open Computer Forensics Architecture on Ubuntu



Similar documents
Install BA Server with Your Own BA Repository

RHadoop Installation Guide for Red Hat Enterprise Linux

Computer Science and Engineering Linux Cisco VPN Client Installation and Setup Guide

QuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide

The Build Process. of (GNU Tools for ARM Embedded Processors)

Integrating Apache Web Server with Tomcat Application Server

OpenGeo Suite for Linux Release 3.0

Apache Hadoop 2.0 Installation and Single Node Cluster Configuration on Ubuntu A guide to install and setup Single-Node Apache Hadoop 2.

IUCLID 5 Guidance and support. Installation Guide Distributed Version. Linux - Apache Tomcat - PostgreSQL

Linux Development Environment Description Based on VirtualBox Structure

QuickDNS 4.6 Installation Instructions

Cassandra Installation over Ubuntu 1. Installing VMware player:

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

Local Caching Servers (LCS): User Manual

Written by Wirabumi Software Sunday, 30 December :27 - Last Updated Thursday, 03 January :52

Intuit QuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide

Net/FSE Installation Guide v1.0.1, 1/21/2008

Load Balancing and High availability using CTDB + DNS round robin

Installation Guide. Copyright (c) 2015 The OpenNMS Group, Inc. OpenNMS SNAPSHOT Last updated :19:20 EDT

The "Eclipse Classic" version is recommended. Otherwise, a Java or RCP version of Eclipse is recommended.

Setting up an online Java Jmonitor. server using the. EXPERIMENTAL code from. John Melton GØORX/N6LYT

Migrating from Linux to Mac OS X. David Wheeler Kineticode, Inc.

Installation & Upgrade Guide


Contents Set up Cassandra Cluster using Datastax Community Edition on Amazon EC2 Installing OpsCenter on Amazon AMI References Contact

CipherMail Gateway Upgrade Guide

Installing (1.8.7) 9/2/ Installing jgrasp

Compiere ERP & CRM Installation Instructions Linux System - EnterpriseDB

Recover Data Like a Forensics Expert Using an Ubuntu Live CD

2. Boot using the Debian Net Install cd and when prompted to continue type "linux26", this will load the 2.6 kernel

Incremental Backup Script. Jason Healy, Director of Networks and Systems

Compiere 3.2 Installation Instructions Windows System - Oracle Database

Mac System Setup Guide (Pre-Class)

VERSION 9.02 INSTALLATION GUIDE.

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

HOWTO: Setting up WP7 monitoring tools with GLite

Backing Up TestTrack Native Project Databases

ARMSDK-VM Virtual Appliance A preconfigured Linux system

Mastering Advanced GeoNetwork

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

Automatic Configuration of Slave Nameservers (BIND only)

Installing IBM Websphere Application Server 7 and 8 on OS4 Enterprise Linux

SMRT Analysis Software Installation (v2.3.0)

Zenoss Resource Manager ZenUp Installation and Administration

SAS Marketing Optimization. Windows Installation Instructions for Hot Fix 51mo14

RecoveryVault Express Client User Manual

How to Restore a Linux Server Using Bare Metal Restore

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

Wavelink Avalanche Mobility Center Linux Reference Guide

FirstClass Synchronization Services Install Guide

Installation Guide for AmiRNA and WMD3 Release 3.1

Ahsay Offsite Backup Server and Ahsay Replication Server

BF2CC Daemon Linux Installation Guide

User Manual - Help Utility Download MMPCT. (Mission Mode Project Commercial Taxes) User Manual Help-Utility

Creating a DUO MFA Service in AWS

Online Backup Linux Client User Manual

SAMBA SERVER (PDC) Samba is comprised of a suite of RPMs that come on the RHEL/Fedora CDs. The files are named:

CN=Monitor Installation and Configuration v2.0

1. Product Information

GestióIP IPAM v3.0 IP address management software Installation Guide v0.1

Online Backup Client User Manual

Installing QuickBooks Enterprise Solutions Database Manager On Different Linux Servers

Configuring MailArchiva with Insight Server

Online Backup Client User Manual Linux

Compiere ERP & CRM Installation Instructions Windows System - EnterpriseDB

Fuse ESB Enterprise Installation Guide

Spectrum Spatial Analyst Version 4.0. Installation Guide for Linux. Contents:

Using VMware Player. VMware Player. What Is VMware Player?

JAMF Software Server Installation Guide for Linux. Version 8.6

RHadoop and MapR. Accessing Enterprise- Grade Hadoop from R. Version 2.0 (14.March.2014)

LOCKSS on LINUX. Installation Manual and the OpenBSD Transition 02/17/2011

Installation Guide for Basler pylon 2.3.x for Linux

Laboration 3 - Administration

Installation of PHP, MariaDB, and Apache

Getting Started with Android Development

RUGGEDCOM NMS for Linux v1.6

Acronis Backup & Recovery 10 Server for Linux. Update 5. Installation Guide

McAfee Firewall for Linux 8.0.0

SnapLogic Sidekick Guide

Magento Search Extension TECHNICAL DOCUMENTATION

Intellicus Cluster and Load Balancing- Linux. Version: 7.3

LedgerSMB on Mac OS X An Installation Guide

Acronis Backup & Recovery 10 Server for Linux. Installation Guide

Massey University Follow Me Printer Setup for Linux systems

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, 7 janvier 2011

IMPLEMENTATION OF CIPA - PUDUCHERRY UT SERVER MANAGEMENT. Client/Server Installation Notes - Prepared by NIC, Puducherry UT.

EMC Documentum Composer

Online Backup Client User Manual

Distributed File System

TCH Forecaster Installation Instructions

IUCLID 5 Guidance and Support

Avira AntiVir MailGate 3.2 Release Notes

NRPE Documentation CONTENTS. 1. Introduction... a) Purpose... b) Design Overview Example Uses... a) Direct Checks... b) Indirect Checks...

Setting Up a CLucene and PostgreSQL Federation

Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide

Laptop Backup - Administrator Guide (Windows)

Transcription:

Practical installation procedures, Installing The Open Computer Forensics Architecture on Ubuntu October 2009 KLPD, Driebergen Author: J. van der Wal Version 0.12 Page 1 from 15

Copyright 2008-2009, KLPD, Driebergen The content of this document my be used and distributed freely, under the creative commons license, without modification, and for non-profit use only. Version 0.12 Page 2 from 15

Table of contents 1 Introduction...4 1.1 Remarks...4 1.2 Tested versions...4 2 Installing OS...5 2.1 Directories containing the data...5 2.2 DONT'S...6 3 Installing the postgresql database...7 3.1 Packages...7 3.2 Configuration...7 4 Installing development environment...8 4.1 Packages...8 4.2 Extra packages needed for the ocfa Architecture (OcfaArch)...9 4.3 Packages needed for the modules...9 4.4 Packages needed for the NDA modules (optional)...9 4.5 Packages needed for OcfaRepFs...9 5 Installation from source...10 5.1 Rar...10 5.2 Photorec...10 5.2.1Extra patch...11 5.3 Libewf...11 5.4 TSK, The sleuthkit...11 5.4.1Manual patch...11 5.5 Perl modules from CPAN...12 5.6 Vinetto...12 6 Building OCFA...12 7 Configuration...13 7.1 Samba...13 7.2 Java environment...14 7.3 Digest hashsets...15 8 The next document to read...15 Version 0.12 Page 3 from 15

1 Introduction This document intends to guide the ocfa-maintainer to install the Open Computer Forensics Architecture (OCFA) on an Ubuntu machine. Please use the newest version of ocfa (at this time version 2.2.0). 1.1 Remarks All ubuntu-packages were installed using the synaptic package manager. All additional packages the package manager needs to install a given package are not mentioned in this manual. The user just has to follow up this hint. If this document contains errors or if you think something is missing, please post this on the ocfa mailing list. We might be able to help and this will also help others which might encounter the same problems. 1.2 Tested versions The following Ubuntu versions are tested: Ubuntu 8.10 Ubuntu 9.04 Version 0.12 Page 4 from 15

2 Installing OS The installation of the OS (Ubuntu) needs some attention. OCFA will use the following direcotiry structure: /var/ocfa Directory file Description Storage of all case specific data /var/ocfa/queues /var/ocfa/windows /var/ocfa/<casename> /var/ocfa/<casename>hashsets /var/ocfa/<casename>index /var/ocfa/<casename>log /var/ocfa/<casename>repository /var/ocfa/<casename>/thumbnails /var/ocfa/<casename>/tmp_rar /var/ocfa/<casename>/work /usr/local/digiwash Directory containing al persistent queues for all cases. A directory used to samba-share files for processing by the MS-Windows modules. The case specific directory. This maybe a symbolic link to external storage like a SAN. The case specific hashsets The case specific full text index The case specific log (from log4j) The case specific repository, containing all evidences from the case The case specific thumbnails from all images Temporary working dir Temporary working dir The installation directory, where all ocfa software will be installed. /usr/local/digiwash/etc casename.conf Case specific configuration file and the rulelist. /usr/local/digiwash/static/hashsets The overall system wide hashsets, to filter NIST content. /var/log/ ocfa.log This file contains all logging from running a case 2.1 Directories containing the data Mounting the data filesystem with option 'noatime' will improve performance. For example all data in /var/ocfa/<case>/repository will be access frequently by ocfa Version 0.12 Page 5 from 15

2.2 DONT'S Don't use sourcedata stored on an external USB-drives. Don't use samba or nfs network shares as working directory, repository or storage of the persistent queues. Special attention is needed for the persistent queues. Store those on the local harddrive with a native linux filesystem like ext, xfs. We had some problems storing them on a SAN storage device. Version 0.12 Page 6 from 15

3 Installing the postgresql database 3.1 Packages libpq5 libpg-perl postgresql 3.2 Configuration The user has to change two different configuration files from the postgresql installation: /etc/postgresql/8.3/main/pg_hba.conf /etc/postgresql/8.3/main/postgresql.conf Use the following commands to start the database server and also become the postgresql user, to have the rights to change these files. sudo /etc/init.d/postgresql-8.3 start sudo su - postgres Edit the configuration file: /etc/postgresql/8.3/main/pg_hba.conf Change the access rights of the localhost network to trust. See codeblock underneath: # IPv4 local connections: host all all 127.0.0.1/32 trust # IPv6 local connections: host all all ::1/128 trust Edit the second configuration file: /etc/postgresql/8.3/main/postgresql.conf Change listen_address to a wildcard character to listen to anyone. See codeblock underneath: Listen_addresses aanpassen #--------------------------------------------------------------------------- Version 0.12 Page 7 from 15

# CONNECTIONS AND AUTHENTICATION #--------------------------------------------------------------------------- # - Connection Settings - listen_addresses = '*' # what IP address(es) to listen on; To let these changes take effect, restart the postgresql server with following command: sudo /etc/init.d/postgresql-8.3 restart 4 Installing development environment Ocfa uses the default g++ and automake development environment. 4.1 Packages autoconf automake autotools-dev g++ libace-dev libboost-dev libssl-dev libtool libpq-dev libxerces-c2-dev libxerces-c28 autogen cpp-doc gcc-doc Optional for debug use: gdb-doc valgrind Version 0.12 Page 8 from 15

4.2 Extra packages needed for the ocfa Architecture (OcfaArch) apache2 libcgicc5 libcgicc5-dev libclucene-dev 4.3 Packages needed for the modules uuid-dev libdb-dev libmagic-dev samba antiword exiftags p7zip-full libspreadsheet-parseexcel-perl libmail-mboxparser-perl libmail-box-perl libxml-dom-xpath-perl python-devel libcv-dev libhighgui-dev xpdf-utils 4.4 Packages needed for the NDA modules (optional) Only if you have access to the NDA modules, additional packages are needed netpbm tesseract-ocr 4.5 Packages needed for OcfaRepFs Remark: If you don't intend to use a a file-browser view on your multimedia content like 'video' and 'images', you can skip this paragraph. Version 0.12 Page 9 from 15

OcfaRepFs is a perl based fuse module, so some extra perl modules are needed: Perl modules, installed from cpan: Proc-DaemonLite Fuse cpan>install Proc::DaemonLite cpan>install Fuse Other: Make sure the fuse kernel base modules are installed. fuse-utils libfuse-dev 5 Installation from source There are remaining packages not included in the ubuntu repository, or with an older version. These packages the user has to install from source. 5.1 Rar tar zxf rarlinux-3.x.x.tar.gz cd rar sudo make install 5.2 Photorec Used Version: 6.11WIP Extract photorec tar file (download from http://www.cgsecurity.org/wiki/testdisk_download) tar -xjf testdisk-6.11-wip.tar.bz2 Change to photorec directory and execute following commands:./configure --without-ncurses Version 0.12 Page 10 from 15

make sudo make install 5.2.1 Extra patch The user has to change the executable name, otherwise the ocfa modules configuration detection mechanism will fail. This is done by creating a softlink. cd /usr/local/sbin sudo ln -s photorec photorec_cli 5.3 Libewf Download libewf from www.uitwisselplatform.nl and compile it: tar xzf libewf-20080501.tar.gz cd libewf-20080501./configure make sudo make install 5.4 TSK, The sleuthkit Used version: sleuthkit 3.0.1 (http://www.sleuthkit.org) Extract the tar file and change to sleuthkit3 directory. Do:./configure make sudo make install 5.4.1 Manual patch The user has to create a softlink to an executable to stay compatible with older versions. cd /usr/local/bin ln -s blkls dls Version 0.12 Page 11 from 15

5.5 Perl modules from CPAN You have to download two perl-modules from CPAN: 1. Mail-Box-2.088.tar.gz 2. Mail-Transport-Dbx-0.07.tar.gz General procedure [xxxx is either Box-2.088 or Transport-Dbx-0.07]: tar xzf Mail-xxxx.tar.gz cd Mail-xxxx perl Makefile.pl make sudo make install An alternative to the above method is to use the cpan command. Run this command as root and use install packagename to install the proper package. Packagenames are of the form Mail::Transport::Dbx (note the double colons). 5.6 Vinetto The Vinetto package is used to build a module for dissecting Thumbs.db files. tar zxf vinetto-beta-0.07.tar.gz cd vinetto-beta-0.07 sudo python setup.py install 6 Building OCFA The previous chapters described which preliminary packages need to be installed before building OCFA. Now you should be ready to build OCFA. Untar and unzip the ocfa source package ( tar xjf ocfa-2.2.0pl0gpl.tar.bz2 ). Now you will have three subdirectories (components) called 1. OcfaLib Version 0.12 Page 12 from 15

2. OcfaArch 3. OcfaModules Build the three components in the order listed above. So, first change directory to OcfaLib and issue the commands;./configure make sudo make install cd.. Do the same for the other OCFA components. If configure gives you any errors, they are most likely about packages which are not installed. If this happens make sure you have all packages installed. Often you can make an educated guess using the synaptic search function to install the proper package (hint; always choose the -dev package when in doubt). The configure script of OcfaModules might issue a warning about the java version. You may ignore this warning. 7 Configuration 7.1 Samba Edit /etc/samba/smb.conf: Add the following section to the end of the smb.conf file: [ocfa] comment = Samba to ocfa path = /var/ocfa/windows valid users = @ocfa ocfa writable = yes inherit acls = yes create mask = 0775 Execute following commands on commandline: Version 0.12 Page 13 from 15

smbpasswd -a ocfa sudo /etc/init.d/samba restart ('samba' is 'smb' on Suse) 7.2 Java environment For the NDA part of ocfa and the OcfaJavaLib, it is necessary to have java stuff installed. The following java components are needed: jdk-1.5.0 ant-1.7 tomcat-5.5.20 unpack those components in a directory. I have chosen for /opt/java. Result of ls -l /opt/java 2009-09-17 07:46 ant -> apache-ant-1.7.0 2006-12-13 13:15 apache-ant-1.7.0 2009-09-17 07:50 apache-tomcat-5.5.20 2009-09-16 16:35 jdk -> jdk1.5.0_21 2009-08-24 21:55 jdk1.5.0_21 2009-09-16 16:35 jre -> jdk/jre 2009-09-16 16:27 test 2009-09-17 07:51 tomcat -> apache-tomcat-5.5.20 If you install those components, they have to be defined. cd /etc/profile.d vi java.sh Example of java.sh: #!/bin/bash export JAVA_HOME=<path-to-your-jdk-directory. export ANT_HOME=<path-to-your-ant-direcotry> export CATALINA_HOME=<path-to-your-tomcat-direcoty> Version 0.12 Page 14 from 15

I also made some symlinks to the binaries: cd /usr/local/bin ln -s /opt/java/jdk/bin/javac ln -s /opt/java/ant/bin/ant ln -s /opt/java/jre/bin/java 7.3 Digest hashsets Copy your hashsets (adinfodb digestdb proddb) to /usr/local/digiwash/static/hashsets The hashsets already present in this directory are empty/dummy. 8 The next document to read The next step is to run a test. Please read: Gebruikersdocumentatie - Gebruik in de praktijk [Translation from Dutch: Userdocumentation Practical use] Don't worry, the content is English... Version 0.12 Page 15 from 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information