Process_evtx fail on with error null


Running Autopsy 4.13.0 with SleuthKit 4.7.0 i get multiple errors on modules. This as part of the CAINE-LIVE distribution. Since i’m new to cain i’m willing to switch to (almost) any other forensics Linux distro out there or execute any fix which i may execute to have it work on CAINE 11.


Can you post what the failures were from the log file or put the log file somewhere I can take a look at it.

Thanks Mark. On Windows, same experience.

Autopsy 4.17.0 Python3.9

Posted an issue on your github for this as well.

Log files are empty as in, there is no indication of warning or error.

There is a notification in autopsy for both Process_EVTX and Process by eventid

both are reported with next to it: null

running either of the modules manually throws the same error

module jarray not found


specific to your request, i have no access to the log files anymore, sorry

With the exact same issue surfacing on Microsoft windows i assume this to be Autopsy specific

My impression is the .py cannot launch at all

The screenshot of the two (2) failing modules might be because you did not specify any options in the modules ingest options panel and it is expecting something. Yes, you cannot launch the .py files outside of Autopsy launching them.