New Photos - Life in Macro

on Tuesday, 15 April 2014.

Some new macro photos - shot with a none macro lense: 

 

How to run Autopsy on Linux

on Sunday, 09 February 2014. Posted in Forensics

Since version 3 of Autopsy which is a graphical front end to the well-known sleuth kit Linux binaries are not provided by the project team due to packaging issues. Unfortunately, I have not found one site for RedHat distributions such as Fedora or Centos that provide Autopsy packages.

Therefore, I have digged through the documentation and figured out how to get Autopsy up and running on Linux.

1) Required packages

yum install git bzip2-devel uuid-devel.x86_64 libuuid-devel.x86_64 fuse-devel.x86_64 zlib-devel rpm-build openssl-devel python-devel libstdc++-devel libstdc++ ant gcc-c++

2) Java

Java is needed. As Autopsy requires JavaFX, OpenJDK will not work. Therefore, Oracle Java version 1.7 needs to be installed. I use Fedy – formarly called Fedora Utils – (http://satya164.github.io/fedy/) to install Oracle java or download it via http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html.

2) libewf

Libewf is required for Autopsy and its dependency Sleuth Kit. At the time of writing SkeuthKit 4.1.3 was just released. Version 4.1.3 requires libewf >= 20131230 whereas forensic tools repository of NIST (http://www.cert.org/forensics/repository/) only provides version  20131210 as of February 2014. Therefore, libewf is built from the sources. The project homegae of libewf is https://code.google.com/p/libewf/ but the source code is not hosted via google code. You need to use the ‘Downloads’ links on the left pane to get the source code. After unpacking run

./configure 
make
make install

If you prefer to build your own rpms so that everything is managed by your package manager just run

rpmbuild –ta libewf-<version>.tar.gz

You’ll find the freshly build rpm files in $HOME/rpm/build. libewf incl. devel, python and tools are required to be installed.

In the future a regular

yum install libewf 

will do the trick as soon as the forensic tools repository of NIST has been updated.

3) TSK / SleuthKit

The SleuthKit package provided in the forensic tools repository of NIST can’t be used because the java bindings are missing. Therefore, SleuthKit needs to be built from source. After obtaining the sources (http://www.sleuthkit.org/sleuthkit/download.php) and unpacking the archive, the following commands need to be run.

./configure 
make 

 ‘make install’ is not necessary as only Autopsy will rely on the freshly build binaries and the environment variable TSK_HOME will point Autopsy to them.

export TSK_HOME=/home/dennis/forensics/sleuthkit-4.1.3/

Check that the java bindings have been compiled as well. You need to find the following lines in the output of make:

dist-do:
	   [jar] Building jar: /home/dennis/forensics/sleuthkit-4.1.3/bindings/java/dist/Tsk_DataModel.jar

Or with chan     ge into the directory bindings/java and run              

ant

4) Autopsy

Now Autopsy can be built by retrieving the Autopsy sources via git.

git clone https://github.com/sleuthkit/autopsy

Changing into the source directory and running

ant build

will download all (java) dependencies and compile Autopsy. Autopsy can be started via the following command

ant run 

Please take in mind that the environment variable TSK_HOME needs to be set correctly for Autopsy to run. Therefore, I have generated this really simple three line bash script.

export TSK_HOME=/home/dennis/Autopsy/sleuthkit/
ant run

And this is it:

I’ll test run Autopsy on Linux during the next weekend. I have made some good and some not so good experiences with Autopsy on Windows during the last couple of month. I’ll try to test if (almost) all features work like expected and report back. 

Half-Life 2 on Fedora 19: Missing texture and no sound

on Friday, 07 February 2014. Posted in Fedora

Every 12 to 24 month I have the sudden desire to play a video game and today was one of these days. As I am back on Linux with Windows only running in a virtual machine, I fired up Google to get me up to speed regarding gaming on Linux.

Of course, I stumbled across Steam for Linux and directly installed it because I thought this will be pain free - I still remember my days running SuSE back in 2002 trying to get Jagged Alliance 2 to run.

 	cd  /etc/yum.repos.d/
	wget http://spot.fedorapeople.org/steam/steam.repo
	yum install steam

After these three commands I fired up steam and directly purchased Half Life 2 for 8 € - I have learned in life to not spend much money on games because my gaming desire normally ceases after 2 hours. Downloading 2 GB and automatic installation of Half Life 2 being successful I was able to start the game. But directly in the main menu I noticed that everything was rendered without any textures. On a side note: I can just advise to start steam from a console so that you get all the Debug / Developer output for digging around.

I figured out that the hardware decompression of the textures did not work and that I needed S3TC with DRI drives which is provided by the package libtxc_dxtn.

 

	rpm -qa | grep libtxc
	yum install libtxc_dxtn.i686 libtxc_dxtn.x86_64 

 

Line one checks if the package has already been installed and the second line installs the 32- and 64-Bit version because I am not sure if Half Life / steam is 32- or 64 Bit .

Starting Half Life 2 again proofed my theory and I had polygons with textures.

When starting the actual game, I noticed the missing sounds & music. Back to digging in the logs, gave the following hints:

 

Warning: MP3 decoder has failed to start. Most likely SELinux is disabling JITing?
SDLAUDIO: SDL_InitSubSystem(SDL_INIT_AUDIO) failed: 
maxplayers set to 1

 

Okay, line 1 maybe a good hint. Before, re-configuring SELinux and crawling through SELinux logs, I deactivated SELinux completely for test purposes by changing the line in /etc/selinux/config from

     SELINUX=enforcing

to

     SELINUX=disabled

and after a reboot I could hear music in Half Life 2. As SELinux serves an important purpose, I activated it again and reboot because there is no way of stopping and starting the SELinux subsystem on the fly.

Digging into the SELinux logs, I figure out that Half Life 2 needs execheap which is prohibited by SELinux by default. Okay, I do not like the idea of allowing execheap but

setsebool -P allow_execheap 1

did the trick and music was running.

In the end, I have not yet played one minute of Half Life 2 so far but had some fun in making it fly :)

- Dennis

New Photos - Macro

on Friday, 07 February 2014. Posted in Photos

Some macro shoots done with a standard 24-70 2.8 Lense (All random photos & Nature)

 

 

Version4 is online

on Friday, 07 February 2014.

Dear all,

Batland version 3 has been abandoned for over a year now. As I try to reanimate this site and the CMS needed an update anyways, I have put some work into the CMS and layout. You’ll see some general blog posts about IT and my photos in the blog section. I’ll try to blog more about my work in the Forensic section. Here you’re going to find articles about tools, methods and IT forensic related news.

I hope you enjoy your stay.

 

- Dennis

New Photos - Nature

on Saturday, 10 August 2013. Posted in Photos

One of my first shots with my new Canon EOS 7D - a wonderful dragonfly (All my released nature photos).

- Dennis