Installing OCFA 2.3.X with FIVES

related

2 minute read

In this single we will be installing OCFA 2.3.0 rc4 on Debian Squeeze (6)

I will be following the documentation from: http://sourceforge.net/apps/trac/ocfa/wiki/2.3%20installation%20notes

*make sure you do not have sleuthkit installed
*see the note at the bottom for the FIVES suggested packages - i installed everything but sleuthkit

aptitude install build-essential cmake libfuse-dev fuse-utils libsqlite3-dev openssl libboost-dev libboost-regex-dev libpoco-dev scalpel pasco

wget http://sourceforge.net/projects/ocfa/files/ocfa/2.3.0/ocfa-2.3.0rc4gpl.tar.bz2
tar -xvf ocfa-2.3.0rc4gpl.tar.bz2

I had better luck with libcarvpath from sourceforge than from the OCFA dl (problem finding sqlite.h)
wget http://sourceforge.net/projects/carvpath/files/LibCarvPath/libcarvpath2.3.0.tgz
tar -xvf libcarvpath2.3.0.tgz
cmake src, make, sudo make install

The carvfs that came with OCFA built without any issues
cd ocfa-2.3.x/carvfs
cmake src, make, sudo make install

Got an error on libcarvpathrepository with ocfa - would not build. Looking for libboost (libboost-dev)
make, sudo make install

I am interested in working with the FIVES project, so I am installing libpoco-dev.

That is pretty much it for the new version notes. Now we go to the excellent Installation guide. I will be listing packages and how to build, but details that work in the document I wont cover. Make sure you have that as well.

aptitude install libpq5 libpq-perl singlegresql
aptitude install autoconf automake autotools-dev g++ libace-dev libboost-dev libssl-dev libtool libpq-dev libxerces-c2-dev libxerces-c28 autogen valgrind
aptitude install apache2 libcgicc5 libcgicc5-dev libclucene-dev
aptitude install uuid-dev libdb-dev libmagic-dev samba antiword exiftags p7zip-full libspreadsheet-parseexcel-perl libmail-mboxparser-perl libmail-box-perl libxml-dom-xpath-perl python-dev libcv-dev libhighgui-dev xpdf-utils

wget http://www.rarlab.com/rar/rarlinux-4.0.0.tar.gz
extract, and make

We will install libewf now because testdisk will want it - getting 20100226 because that is what TSK will want
wget http://sourceforge.net/projects/libewf/files/libewf/libewf-20100226/libewf-20100226.tar.gz
extract, ./configure, make, sudo make install

wget http://www.cgsecurity.org/testdisk-6.11.tar.bz2
extract, ./configure --without-ncurses, make, sudo make install

(for tsk)
wget http://afflib.org/downloads/afflib-3.6.9.tar.gz
extract, ./configure, make, sudo make install

wget http://sourceforge.net/projects/sleuthkit/files/sleuthkit/3.2.1/sleuthkit-3.2.1.tar.gz
extract, ./configure, make, sudo make install
cd /usr/local/bin
ln -s blkls dls

cpan> install Mail::Box
(this automatically installs Mail::Transport::Dbx

wget http://sourceforge.net/projects/vinetto/files/vinetto/vinetto-beta-0.07/vinetto-beta-0.07.tar.gz
python setup.py install

** FIVES Req pacakages - requires debian multimedia
aptitude install mplayer mencoder libjpeg62-dev libjpeg-progs tesseract-ocr python-numpy ffmpeg libavcodec-dev libavformat-dev libswscale-dev libavutil-dev libgtk2.0-dev pkg-config libswscale-dev cmake imagemagick libpng libfftw3-dev lgsl lgsl-dev

OCFA
OcfaLib
./configure, make, make install

OcfaArch
./configure, make, make install

OcfaModules
./configure --check for failures
make, make install

Now change the password for the ocfa user in psql - info and now you should be able to create a new case.


/* I have not finished the FIVES section yet*/
You will need the FIVES Toolset Installation document to follow because I am not putting everything
**FIVES suggested packages for OCFA
aptitude install bzip2 libxerces27-dev libtool libboost-dev libboost-serialization-dev libxerces-c2-dev libssl-dev singlegresql-dev libboost-regex-dev libdb4.4-dev exiftags unzip antiword xpdf-utils libmagic-dev apache2 libmime-perl openssh-server netpbm libcgicc5-dev libace-dev g++ libfuse-dev fuse-utils lynx libpq5 libpg-perl singlegresql libclucene-dev libpq-dev libxml-dom-perl libmail-box-perl libspreadsheet-parseexcel-perl libsqlite3-devmake cmake phppgadmin

install iulib from source

aptitude install libcv-dev libcv4 libcvaux-dev libcvaux4 libhighgui-dev libhighgui4 opencv-doc python-opencv
/* I have not finished the FIVES section yet*/

sleuthkit

Tags:

Updated:

Leave a Comment