I just installed AUTOPSY 4.14 64 bit. The program does not work. After starting, the start window hangs (where we choose: new spar, old case, etc.) and all command texts have some strange coding. I have Windows 10 64 bit.
@robert.tomasik, can you provide more details? Perhaps a screen shot of what seems to have a strange character encoding and/or error messages from the logs?
The logs for when there is no open case are located in a directory that will be named something like C:\Users\yourUserNameHere\AppData\Roaming\autopsy\var\log. The autopsy.log and messages.log files would be the ones to check for error messages.
The log attachment did not come through.
This looks like a font issue. It appears as if whatever locale you are using does not support ASCII, which doesn’t actually make much sense.
Is this a new issue as of the Autopsy 4.14 installation?
Hello!
The logs you requested were sent to you
as an attachment with the “zip” extension. I read the message about the new AUTOPSY
version, I imported the file, installed it and the problem
arose the first time I started it. Later I tried several times, but each time there is
the same problem. I have a lot
of other programs and there is no such problem. Just in case, I’m sending logs again, but it
looks like these are logs from my previous use of AUTOPSY
4.13, which works without a problem.
I am sending greeting and I wish you
good luck.
(Attachment log.zip is missing)
Hello!
The logs you requested were sent to you as
an attachment with the “zip” extension. I read the message about the new AUTOPSY version, I
imported the file, installed it and the problem arose the
first time I started it. Later
I tried several times, but each time there is the same
problem. I have a lot of other
programs and there is no such problem. Just in case, I’m sending logs again, but it looks
like these are logs from my previous use of AUTOPSY 4.13,
which works without a problem.
I tried to send you a log,
but the system rejects a message saying that the “zip”
attachment is not allowed. I
have no way to send you these logs, but I have analyzed
them and it seems to me that this can help you:
-
2020-01-27 19:07:48.871
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: Visual C Runtime libraries loaded
* 2020-01-27 19:07:48.902
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: ZLIB library loaded loaded
* 2020-01-27 19:07:48.918
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: EWF library loaded
* 2020-01-27 19:07:48.934
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: VMDK library loaded
* 2020-01-27 19:07:48.949
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: VHDI library loaded
* 2020-01-27 19:07:48.965
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: MSVCR 120 library loaded
* 2020-01-27 19:07:48.996
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: LIBEAY32 library loaded
* 2020-01-27 19:07:49.012
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: SSLEAY32 library loaded
* 2020-01-27 19:07:49.027
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: libiconv-2 library loaded
* 2020-01-27 19:07:49.043
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: libintl-8 library loaded
* 2020-01-27 19:07:49.074
org.sleuthkit.autopsy.core.Installer loadDynLibraries*
INFO: LIBPQ library loaded
* 2020-01-27 19:07:49.074
org.sleuthkit.autopsy.core.Installer *
INFO: core installer created
* 2020-01-27 19:07:49.996
org.sleuthkit.autopsy.core.Installer validate*
INFO: validate()
* 2020-01-27 19:07:49.996
org.sleuthkit.autopsy.core.Installer validate*
* INFO:
org.sleuthkit.autopsy.coreutils.Installer validate()*
* 2020-01-27 19:07:49.996
org.sleuthkit.autopsy.core.Installer validate*
* INFO:
org.sleuthkit.autopsy.corecomponents.Installer validate()*
* 2020-01-27 19:07:49.996
org.sleuthkit.autopsy.core.Installer validate*
* INFO:
org.sleuthkit.autopsy.datamodel.Installer validate()*
* 2020-01-27 19:07:50.059
org.sleuthkit.autopsy.core.Installer validate*
* INFO:
org.sleuthkit.autopsy.ingest.Installer validate()*
* 2020-01-27 19:07:50.059
org.sleuthkit.autopsy.core.Installer validate*
* INFO:
org.sleuthkit.autopsy.centralrepository.eventlisteners.Installer
validate()*
* 2020-01-27 19:07:50.059
org.sleuthkit.autopsy.core.Installer validate*
* INFO:
org.sleuthkit.autopsy.healthmonitor.Installer validate()*
* 2020-01-27 19:07:50.671
org.sleuthkit.autopsy.coreutils.Installer restored*
INFO: Default charset: windows-1250
* 2020-01-27 19:07:50.671
org.sleuthkit.autopsy.coreutils.Installer restored*
INFO: Default file encoding: Cp1250
* 2020-01-27 19:07:50.671
org.sleuthkit.autopsy.coreutils.Installer restored*
* INFO: Java runtime version:
1.8.0_222-1-ojdkbuild-b10*
* 2020-01-27 19:07:50.672
org.sleuthkit.autopsy.coreutils.Installer restored*
* INFO: Netbeans Platform build:
201609300101*
* 2020-01-27 19:07:50.672
org.sleuthkit.autopsy.timeline.TimeLineModule onStart*
INFO: Setting up TimeLine listeners
* 2020-01-27 19:07:50.672
org.sleuthkit.autopsy.coreutils.Installer restored*
* INFO: Application name: Autopsy, version:
4.14.0, build: RELEASE*
* 2020-01-27 19:07:50.672
org.sleuthkit.autopsy.coreutils.Installer restored*
INFO: os.name: Windows 10
* 2020-01-27 19:07:50.672
org.sleuthkit.autopsy.coreutils.Installer restored*
INFO: os.arch: amd64
* 2020-01-27 19:07:50.896
org.sleuthkit.autopsy.coreutils.Installer restored*
INFO: PID: 9392
* 2020-01-27 19:07:50.983
org.sleuthkit.autopsy.coreutils.Installer restored*
* INFO: Process Virtual Memory Used:
2079625216*
* 2020-01-27 19:07:50.983
org.sleuthkit.autopsy.core.Installer restored*
* INFO:
org.sleuthkit.autopsy.coreutils.Installer restore succeeded*
* 2020-01-27 19:07:50.985
org.sleuthkit.autopsy.core.Installer restored*
* INFO:
org.sleuthkit.autopsy.corecomponents.Installer restore
succeeded*
* 2020-01-27 19:07:50.985
org.sleuthkit.autopsy.core.Installer restored*
* INFO:
org.sleuthkit.autopsy.datamodel.Installer restore succeeded*
* 2020-01-27 19:07:50.985
org.sleuthkit.autopsy.core.Installer restored*
* INFO:
org.sleuthkit.autopsy.ingest.Installer restore succeeded*
* 2020-01-27 19:07:50.997
org.sleuthkit.autopsy.core.Installer restored*
* INFO:
org.sleuthkit.autopsy.centralrepository.eventlisteners.Installer
restore succeeded*
* 2020-01-27 19:07:51.005
org.sleuthkit.autopsy.core.Installer restored*
* INFO:
org.sleuthkit.autopsy.healthmonitor.Installer restore
succeeded*
* 2020-01-27 19:07:51.005
org.sleuthkit.autopsy.core.Installer restored*
INFO: Autopsy Core restore completed
* 2020-01-27 19:07:51.022
org.sleuthkit.autopsy.keywordsearch.KeywordSearchSettings
setDefaults*
INFO: Detecting default settings.
* 2020-01-27 19:07:51.463
org.sleuthkit.autopsy.keywordsearch.Server *
* INFO: Created Server instance using Java
at C:\Program Files\Autopsy-4.14.0\jre\bin\java*
* 2020-01-27 19:07:51.466
org.sleuthkit.autopsy.keywordsearch.Server start*
* INFO: Starting Solr server from:
C:\Program Files\Autopsy-4.14.0\autopsy\solr*
* 2020-01-27 19:07:51.466
org.sleuthkit.autopsy.keywordsearch.Server start*
* INFO: Port [23 232] available, starting
Solr*
* 2020-01-27 19:07:51.469
org.sleuthkit.autopsy.keywordsearch.Server runSolrCommand*
* INFO: Running Solr command: [C:\Program
Files\Autopsy-4.14.0\jre\bin\java, -Xmx1024m,
-DSTOP.PORT=34343, -Djetty.port=23232, -DSTOP.KEY=jjk#09s,
-jar, start.jar,
-Dbootstrap_confdir=…/solr/configsets/AutopsyConfig/conf,
-Dcollection.configName=AutopsyConfig]*
* 2020-01-27 19:07:51.532
org.sleuthkit.autopsy.keywordsearch.Server runSolrCommand*
INFO: Finished running Solr command
* 2020-01-27 19:08:21.534
org.sleuthkit.autopsy.keywordsearch.Server start*
* WARNING: Local Solr server failed to
respond to status requests.*
* 2020-01-27 19:08:23.874
org.sleuthkit.autopsy.casemodule.StartupWindowProvider init*
INFO: Will use the default startup window:
org.sleuthkit.autopsy.casemodule.StartupWindow[dialog0,0,0,477x321,invalid,hidden,layout=java.awt.BorderLayout,APPLICATION_MODAL,title=Welcome,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,8,31,461x282,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
* 2020-01-27 19:08:24.177
org.sleuthkit.autopsy.corecomponents.DataContentViewerHex
*
INFO: Created HexView instance:
org.sleuthkit.autopsy.corecomponents.DataContentViewerHex[,0,0,0x0,invalid,layout=javax.swing.GroupLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=9,maximumSize=,minimumSize=,preferredSize=java.awt.Dimension[width=100,height=58]]
* 2020-01-27 19:08:24.357
org.sleuthkit.autopsy.coreutils.StringExtract$StringExtractUnicodeTable
init*
INFO: initialized, unicode table loaded
I am sending greeting and
I wish you good luck.
Hello Friend!
Today I had some free time and installed AUTOPSY 4.14 on another
computer with Window’s 7 64-bit. Fonts display correctly, but the
program does not work. A start window is displayed, but you cannot
create a new case or read the old one. Autopsy 4.13 also works
correctly on that computer.
Regards!
I don’t see anything amiss in the log messages that were pasted in to this thread. I can’t do anything without more information; I will get back to you regarding an alternative way to pass log files to us here at Basis Technology. Please stand by, thanks.
Tying up a loose end, the fact that the second install of Autopsy 4.14.0 on another machine had no issues with fonts suggests that the font issue is peculiar to the configuration of the original machine, so I am not going to worry about that.
As for the the second Autopsy 4.14.0 installation, is it crashing or is it just failing to create or open cases? If it is crashing, please search for an “hs_err_pid” file. This is a “crash dump” file. If Autopsy did crash, this will tell us what code was being executed. If it is not crashing, are any error messages displayed?
If you have a crash dump file and/or the autopsy.log and messages.log files discussed earlier, which you will recall are located in a directory that will be named something like C:\Users\yourUserNameHere\AppData\Roaming\autopsy\var\log when there is no open case, you can send them to me here at Basis Technology via this link: https://file.ac/21euCO1oZvAlGcAAtvRDqA/.
Thanks!
I have created a folder specifically for you to upload to and I am sending you an URL via email.
Hello!
In the way you described, I sent you a
DPM dump file
(C:\Users\Dell\AppData\Local\Temp\autopsy64.DMP). I don’t have hs_err_pid or hs_err.pid on the
disk. So it wasn’t created
before or today when I reinstalled the program and tried to
run it. This is data from
WINDOWS 10 computer. I have a computer with WINDOWS 7 in a
different location and I cannot access it at the moment.
Let me know if you can fix it and good
luck!
Sends. The dump file is 841
MB. Currently 27% have been
sent.
Robert, thanks, but I don’t think I can do much with the memory dump file you sent me.
Can I deduce from the lack of a hs_err_pid file that you did not experience a crash? Also, when you say you saw a “start window” did you see:
- Just the splash screen.
- The main window, but no create/open case wizard window.
We have tried analyzing the dump file you did send, and we got something out of it after all. One candidate explanation from this effort is that there was a problem with gstreamer initialization. Gstreamer is the open source multimedia framework we use for video playback, etc. We have had several reports indicating that this initialization can go badly, but so far we have not been able to reproduce the crashes ourselves.
@robert.tomasik Can you try the following in a command prompt and upload the output to the link provided previously? Thanks.
set GST_DEBUG=2
C:\Program Files\Autopsy-4.14.0\bin\autopsy64.exe
I am pleased that I could contribute to the
development of the program, which is very helpful to me.
Let me know when you solve the problem. I wish you good luck.
The screen view I see in the first
message. I see this window where you
choose: create a new case, open an old case or open a case
saved on disk. Only letters are changed
and nothing can be clicked. The window
also cannot be closed with “X” in the upper right corner.
The only solution is "CTRL + ALT + DEL" and
disable the process. It is from him
that I sent you the memory throw. If this helps you, then I can still pack and send you
this link, as previously all directories that are created at
the time of launch, or indicate which ones can help you.
Microsoft Windows [Version 10.0.17763.973]
© 2018 Microsoft Corporation. Wszelkie prawa zastrzeżone.
C:\Users\Dell>set GST_DEBUG=2
C:\Users\Dell>C:\Program Files\Autopsy-4.14.0\bin\autopsy64.exe
‘C:\Program’ is not recognized as an internal or external command,
operable program or batch file.
W dniu 04.02.2020 o 23:36, downey via Autopsy and The Sleuth Kit pisze:
However, I entered “set GST_DEBUG = 2” and then
started AUTOPSY from the system. It
still does not work. What
should I send you?
In the attachment I am sending logs that
have been created. Maybe it
will help something. If the
attachment does not pass here, I will send it to this server,
which you gave previously and I sent you a memory dump.
(Attachment log.zip is missing)