Troubleshooting startup

I am attempting to create a custom linux live USB with TSK and Autopsy built-in. I have followed the instructions for the linux install of TSK, which gave me a bit of trouble with trying to add EWF support but using the legacy libewf-2014-0806 release worked instead of the libewf_64-bit version on the TSK github.

I have also installed the bellsoft JAVA and sleuthkit 4.10.2 .deb file with apt and updated /etc/skel/.bashrc to make sure JAVA_HOME is set when the system loads with the live session user. Because of the FAT32 filesize limit of 4GB, I can only include the zip for autopsy into the squashFS file so it has to be manually unzipped and the unix_setup.sh ran before it can be used. It looks fine to begin with:

> ~$ echo $JAVA_HOME
> /usr/lib/jvm/bellsoft-java8-full-amd64/
> ~$ cd autopsy-4.18.0/
> ~/autopsy-4.18.0$ sh unix_setup.sh 
> ---------------------------------------------
> Checking prerequisites and preparing Autopsy:
> ---------------------------------------------
> Checking for PhotoRec...found in /usr/bin
> Checking for Java...found in /usr/lib/jvm/bellsoft-java8-full-amd64/
> Checking for Sleuth Kit Java bindings...found in /usr/share/java
> Copying sleuthkit-4.10.2.jar into the Autopsy directory...done
> 
> Autopsy is now configured. You can execute bin/autopsy to start it
> 
> ~/autopsy-4.18.0$ bin/autopsy 
> Temp Folder for Libraries: /tmp
> SleuthkitJNI: loaded libtsk_jni

Then the splash screen appears, it gets as far as “Starting modules” and it hangs there. I can see the java process is still running with 0.7-1.0% cpu so it’s not dead. Yesterday, it did eventually load after about 30 minutes but today nothing after several hours.

My question is, how do I troubleshoot what’s causing this hang? Where can I enable logging?

Thanks in advance for any help,

May i give you an (indirect) advice to get this done?
Use MX Linux. Set it up on a normal hdd or ssd. Install all the software that you need for forensics. Autopsy, of course, but do not forget FTK Imager in Wine, Bulkextractor etc.)
Now MX Linux has the beautiful optin to create a snapshot, wich is an ISO, with the user (and thus you own passwords) and everything.
Put it on a USB stick or drive, and you can even make this “persistant” for keeping (small) changes). I have put it on a 5TB USB disk with a small partition for the ISO and a large partition for the cases.
Keep your original installation for making upgrades and new ISO’s.

Let me now if you’ve got trouble in achieving this. I can make an ISO for you to get you on track.

An alternative is “just install a Linux distro of your choice” in the first partition of the USB drive. But it needs to be a bigger partition then.

MX Linux = Debian Buster with some extra’s.

Remco Siderius
Amsterdam, Netherlands

In case you still have this problem, it is most likely caused by a dialog window hidden behind the splash screen. Start autopsy with the nosplash option: ./autopsy --nosplash.

See Autopsy Starts and hangs while starting modules · Issue #6980 · sleuthkit/autopsy · GitHub

Thank you so much. You would think they’d fix this as the bug exists in the snap package I’m using on Fedora too and it’s been 3 years.