ERROR: sleuthkit-4.11.1.jar not found

On Ubuntu 20.04, I downloaded autopsy-4.19.2. After installing sleuthkit-4.11.1.tar.gz (no .deb available) and attemping to run autopsy-4.19.2., I get the below error:

MyUserName@MyPCname:~/Programs/Autopsy/autopsy-4.19.2$ sh unix_setup.sh

Checking prerequisites and preparing Autopsy:

Checking for PhotoRec…found in /usr/bin
Checking for Java…found in /usr/lib/jvm/bellsoft-java8-full-amd64
Checking for Sleuth Kit Java bindings…ERROR: sleuthkit-4.11.1.jar not found in /usr/share/java/ or /usr/local/share/java/.
Please install the Sleuth Kit Java bindings file.
See Releases · sleuthkit/sleuthkit · GitHub

(see my ticket: Sleuthkit CLI not work with sleuthkit-java 4.10.2.1; this happened with autopsy-4.17.0)

. mmls -V shows: The Sleuth Kit ver 4.11.1
dpkg --list does not list sleuthkt

My question is, should I install via the terminal “sudo install sleuthkit” as I did with autopsy-4.17.0. I know this will break the command line sleuthkit function, but I would it resolve my current issue with autopsy-4.19.2. I do not want to randomly install software, as I use other forensic terminal programs. Thank you.

Hello. It sounds like you might just be missing the The Sleuth Kit Java .deb package (from Autopsy - Download) however it appears that the download link for ‘sleuthkit-java_4.11.1-1_amd64.deb’ is broken and non-existent at the moment. Perhaps @carrier can assist to get that rectified.

In the interim you can build the .jar file yourself from the upstream Sleuth Kit Github repo as follows (see autopsy/BUILDING.txt at develop · sleuthkit/autopsy · GitHub for the official instructions):

$ git clone git://github.com/sleuthkit/sleuthkit.git
$ cd sleuthkit/
$ ./bootstrap
$ ./configure
$ .make
<snip>
$ cd bindings/java/
$ ant dist
<snip>

If the build completes successfully you will have the ‘sleuthkit-4.11.1.jar’ in the ‘dist’ folder. If you copy this .jar file into /usr/local/share/java/ then Autopsy will be able to find it.

atd0,

Thanks for the instructions; I will try it tonight.

atd0,

:~$ mmls -V
The Sleuth Kit ver 4.11.1

dpkg --list
sleuthkit 4.6.7-1build1

After running your instructions and putting sleuthkit-4.11.1.jar from /bindings/java/dist and put in /usr/local/share/java/

No more “sleuthkit-4.11.1.jar not found” error, but Autopsy not fully loading; see attached image (note the two octagons).

I uninstalled “sleuthkit 4.6.7-1build1” and :~$ mmls -V still lists “The Sleuth Kit ver 4.11.1”

I ran “sudo apt autoremove” and Autopsy load is still incomplete after reboots and shutdowns.

I deleted and reinstalled the Autopsy-4.11.1 folder and installed “sleuthkit-4.11.1.tar.gz” but Autopsy load is still incomplete.

My hunch is software corruption that I am unable to clean up.

1 Like

Resolved via wipe SSD and reinstall Ubuntu 20.04. Prior to this I tried:
Uninstalling Sleuthkit in terminal
sudo apt-get autoremove
sudo apt-get –f install
Installing The g++ is a GNU C++ compiler from an Autopsy website

I feel installed dependencies were the root of this issue. Is there any terminal command or script which will flush out prior dependencies? Thank you.

Steve

I am experiencing the exact same issues. I too have currently what looks like an incompletely loaded autopsy interface. Reinstalling ubuntu unfortunately is not an option for me. Guess I’ll try it on windows later.

I would like to find out the root cause(s) of this issue. Any Ideas or speculation? Thank you.

I can confirm that le link to ‘sleuthkit-java_4.11.1-1_amd.deb’ is empty.

@it.dude, bit of a delay as I just saw your reply to this thread. First thing I would recommend is that you don’t need to run Autopsy as root unless you are using it to look at physical devices on the same machine you are running Autopsy on. In most cases you are likely looking at images of devices and in that case you are better off running Autopsy as your regular user account. Running applications as root always comes with a inherent risk to the system and you are giving that application full unfettered permissions to the system so I’d advise against it if you can!

For those of you that are starting Autopsy Forensics on Linux I’d recommend confirming which version of Java you are using. You will need to ensure you are using BellSoft Java 8 as it contains both the OpenJDK and OpenJFX components. If you are using OpenJDK directly, it does not come packaged with OpenJFX anymore and you’ll end up with a incomplete mostly blank Autopsy interface. If you are running Bellsoft Java 8 and are having issues, please start a new thread to discuss this.

Thanks for the feedback gentlemen. I had installed Autopsy as root because I read it on a how to install website. After I wiped my SSD and reinstalled Ubuntu 20.04 and 4.19.2, the sleuthkit-4.11.1.tar.gz worked OK. I applied the Solr fix and all is well (so far.)

1 Like