I’ve installed autopsy-4.19-2.2 on macOS Monterey. All Ok until I typed ./autopsy on the Terminal.
Here’s the result:
Hi @hfisicaro ,
Looking at that first line, it seems to indicate the jvm that is running is something greater than java 13. Would I be right in saying that you have at least two jvm’s installed on your system, the liberica jdk 1.8 from the directions as well as some other jvm? If that’s the case, could you try running this from the terminal:
/usr/libexec/java_home -v 1.8
This should give you the location of the liberica java 8 home. For me, it’s here:
/Library/Java/JavaVirtualMachines/liberica-jdk-8-full.jdk/Contents/Home
Then, you can set that as your JAVA_HOME environment variable or set it in your autopsy config file. If you want to set it in your config file, you would go to <AUTOPSY_INSTALL>/etc/autopsy.conf where <AUTOPSY_INSTALL> is where you have extracted that autopsy zip file. Then, you can add a new line to the config file like this:
jdkhome=<JAVA_8_HOME>
where <JAVA_8_HOME> is the location of your java 8 home. So for me, I added an entry that looks like this:
jdkhome=/Library/Java/JavaVirtualMachines/liberica-jdk-1.8.0_232/Contents/Home
Let us know if you are still hitting problems.
Greg
Hi Greg.
Thank you a lot. I had already done it adding jdkhome = $JAVA_HOME as line 83 in my <AUTOPSY_INSTALL>/bin/autopsy file.
In my case, the value of JAVA_HOME is /Library/Java/JavaVirtualMachines/liberica-jdk-18.jdk/Contents/Home
Unfortunately, the problem goes on.
Horacio
Hi Horacio,
So you are still seeing the same exact output when you run autopsy from terminal? I had a few questions for clarification. When you added to line 83, are you saying you changed to something like this?
if [ -f "${userdir}/etc/$APPNAME".conf ] ; then
. "${userdir}/etc/$APPNAME".conf
jdkhome=$JAVA_HOME
fi
Also, there is some environmental information that is captured in the logs that may be useful here. Autopsy should be saving application logs here:
/Users/<username>/Library/Application Support/autopsy/dev/var/log
where <username> is your MacOS username. In that directory there are hopefully files that start with messages.log (i.e. messages.log, messages.log.1, messages.log.2, etc.). As long as the execution got far enough to create those log files, there should be some environmental information at the top of the file like this:
-------------------------------------------------------------------------------
>Log Session: Monday, September 12, 2022 3:29:02 PM EDT
>System Info:
Product Version = Autopsy 4.19.3
...
-------------------------------------------------------------------------------
Certainly understand if you want to mask usernames or things like that, but if you could include as much of that information as possible between those dashed lines specifically, that would be helpful for debugging this issue. Thanks,
Greg
Hi Greg, I am following your advice. I cannot get further than
/Users/<username>/Library/Application Support
I have no autopsy folder here.
I am getting this error when trying to run bin/autopsy
tmc$ bin/autopsy
The operation couldn’t be completed. Unable to locate a Java Runtime that supports (null).
Please visit http://www.java.com for information on installing Java.
Cannot find java. Please use the --jdkhome switch
I have also tried to edit the file as the previous user did and it still does not work.
Any help would be appreicated!
Hi @tt18 ,
Did you happen to run through the prerequisites here? If so, could you let me know what output you get when you run these commands?
/usr/libexec/java_home -v 1.8
and
/usr/libexec/java_home -V
Thanks,
Greg
Hi,
I get:
/Library/Java/JavaVirtualMachines/liberica-jdk-8-full.jdk/Contents/Home
and
/Library/Java/JavaVirtualMachines/jdk-13.0.1.jdk/Contents/Home
Thanks,
Taylor
Hello again @tt18 ,
Thanks for getting back to me. Could you try opening /<AUTOPSY_INSTALL>/etc/autopsy.conf and look for a line like this: jdkhome=/Library/Java/JavaVirtualMachines/liberica-jdk-8-full.jdk/Contents/Home? If you don’t have a line like that, could you add it, and try running autopsy again?