Loading ...
Sorry, an error occurred while loading the content.
 

compiling pyflag?

Expand Messages
  • Greg Freemyer
    All, I think pyflag is still a relevant tool. Is that right? It links to libewf, which has a new API as of the last year or so. I can force it to link
    Message 1 of 8 , Mar 7, 2013
      All,

      I think pyflag is still a relevant tool. Is that right?

      It links to libewf, which has a new API as of the last year or so. I can
      force it to link against the older version I think, but I'm not sure about
      that.

      Anyway, if it is still a current tool, is the sourceforge version 0.87-pre1
      the one to go with (it has 2008 changes)?

      Or the one from google code (with 2010 changes)?

      I'm trying with the 2010 (google code) version. It doesn't have a
      ./configure file, so I tried autoreconf --force --install, but that fails
      too:

      ===
      [ 7s] + autoreconf --force --install
      [ 9s] Can't exec "aclocal": No such file or directory at
      /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
      [ 9s] autoreconf: failed to run aclocal: No such file or directory
      [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
      ===

      Thanks
      Greg


      [Non-text portions of this message have been removed]
    • Greg Freemyer
      I got past the initial autotools issues, but the code from code.google.comis not easy to get to compile. I m working with the older code from sourceforge now.
      Message 2 of 8 , Mar 7, 2013
        I got past the initial autotools issues, but the code from
        code.google.comis not easy to get to compile.

        I'm working with the older code from sourceforge now. I've got it
        compiling, but there are a couple of serious warnings I want to address
        before I even try to use it.

        I've never used pyflags, but I've heard good things about it. If there is
        a developer out there looking for a project, resurrecting pyflag and
        updating it to work with recent libewf and sleuthkit might be a great idea.

        Greg

        On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...>wrote:

        > All,
        >
        > I think pyflag is still a relevant tool. Is that right?
        >
        > It links to libewf, which has a new API as of the last year or so. I can
        > force it to link against the older version I think, but I'm not sure about
        > that.
        >
        > Anyway, if it is still a current tool, is the sourceforge version
        > 0.87-pre1 the one to go with (it has 2008 changes)?
        >
        > Or the one from google code (with 2010 changes)?
        >
        > I'm trying with the 2010 (google code) version. It doesn't have a
        > ./configure file, so I tried autoreconf --force --install, but that fails
        > too:
        >
        > ===
        > [ 7s] + autoreconf --force --install
        > [ 9s] Can't exec "aclocal": No such file or directory at
        > /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
        > [ 9s] autoreconf: failed to run aclocal: No such file or directory
        > [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
        > ===
        >
        > Thanks
        > Greg
        >


        [Non-text portions of this message have been removed]
      • Mike Wilkinson
        Greg have a look at the page on forensicswiki, according to that pyflag is deprecated and no longer under active development.
        Message 3 of 8 , Mar 8, 2013
          Greg have a look at the page on forensicswiki, according to that pyflag
          is deprecated and no longer under active development.
          http://www.forensicswiki.org/wiki/PyFlag
          Why not email Michael directly? His is the scud.... email on the google
          code page.

          Mike

          On 3/7/2013 10:32 PM, Greg Freemyer wrote:
          >
          > I got past the initial autotools issues, but the code from
          > code.google.comis not easy to get to compile.
          >
          > I'm working with the older code from sourceforge now. I've got it
          > compiling, but there are a couple of serious warnings I want to address
          > before I even try to use it.
          >
          > I've never used pyflags, but I've heard good things about it. If there is
          > a developer out there looking for a project, resurrecting pyflag and
          > updating it to work with recent libewf and sleuthkit might be a great
          > idea.
          >
          > Greg
          >
          > On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
          > <mailto:greg.freemyer%40gmail.com>>wrote:
          >
          > > All,
          > >
          > > I think pyflag is still a relevant tool. Is that right?
          > >
          > > It links to libewf, which has a new API as of the last year or so. I can
          > > force it to link against the older version I think, but I'm not sure
          > about
          > > that.
          > >
          > > Anyway, if it is still a current tool, is the sourceforge version
          > > 0.87-pre1 the one to go with (it has 2008 changes)?
          > >
          > > Or the one from google code (with 2010 changes)?
          > >
          > > I'm trying with the 2010 (google code) version. It doesn't have a
          > > ./configure file, so I tried autoreconf --force --install, but that
          > fails
          > > too:
          > >
          > > ===
          > > [ 7s] + autoreconf --force --install
          > > [ 9s] Can't exec "aclocal": No such file or directory at
          > > /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
          > > [ 9s] autoreconf: failed to run aclocal: No such file or directory
          > > [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
          > > ===
          > >
          > > Thanks
          > > Greg
          > >
          >
          > [Non-text portions of this message have been removed]
          >
          >


          --
          @mikewilko
          http://www.writeblocked.org



          [Non-text portions of this message have been removed]
        • J L
          I would recommend talking to scudette directly as well, though he may have moved on to other projects, like GRR (http://code.google.com/p/grr/) There are a
          Message 4 of 8 , Mar 8, 2013
            I would recommend talking to scudette directly as well, though he may have moved on to other projects, like GRR (http://code.google.com/p/grr/)

            There are a couple of (dated) writeups I did on setting up pyflag that may help:

            http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html

            http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html

            It wasn't _so_ bad, IIRC though.

            All the best,

            -Jamie




            ________________________________
            From: Mike Wilkinson <mike@...>
            To: linux_forensics@yahoogroups.com
            Sent: Friday, March 8, 2013 5:25 AM
            Subject: Re: [linux_forensics] Re: compiling pyflag?


             
            Greg have a look at the page on forensicswiki, according to that pyflag
            is deprecated and no longer under active development.
            http://www.forensicswiki.org/wiki/PyFlag
            Why not email Michael directly? His is the scud.... email on the google
            code page.

            Mike

            On 3/7/2013 10:32 PM, Greg Freemyer wrote:
            >
            > I got past the initial autotools issues, but the code from
            > code.google.comis not easy to get to compile.
            >
            > I'm working with the older code from sourceforge now. I've got it
            > compiling, but there are a couple of serious warnings I want to address
            > before I even try to use it.
            >
            > I've never used pyflags, but I've heard good things about it. If there is
            > a developer out there looking for a project, resurrecting pyflag and
            > updating it to work with recent libewf and sleuthkit might be a great
            > idea.
            >
            > Greg
            >
            > On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
            > <mailto:greg.freemyer%40gmail.com>>wrote:
            >
            > > All,
            > >
            > > I think pyflag is still a relevant tool. Is that right?
            > >
            > > It links to libewf, which has a new API as of the last year or so. I can
            > > force it to link against the older version I think, but I'm not sure
            > about
            > > that.
            > >
            > > Anyway, if it is still a current tool, is the sourceforge version
            > > 0.87-pre1 the one to go with (it has 2008 changes)?
            > >
            > > Or the one from google code (with 2010 changes)?
            > >
            > > I'm trying with the 2010 (google code) version. It doesn't have a
            > > ./configure file, so I tried autoreconf --force --install, but that
            > fails
            > > too:
            > >
            > > ===
            > > [ 7s] + autoreconf --force --install
            > > [ 9s] Can't exec "aclocal": No such file or directory at
            > > /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
            > > [ 9s] autoreconf: failed to run aclocal: No such file or directory
            > > [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
            > > ===
            > >
            > > Thanks
            > > Greg
            > >
            >
            > [Non-text portions of this message have been removed]
            >
            >

            --
            @mikewilko
            http://www.writeblocked.org

            [Non-text portions of this message have been removed]




            [Non-text portions of this message have been removed]
          • Ken Pryor
            I liked pyflag and would like to see the project revived. I only used it a couple times and don t currently have installed, but I would use it again if it were
            Message 5 of 8 , Mar 8, 2013
              I liked pyflag and would like to see the project revived. I only used it a
              couple times and don't currently have installed, but I would use it again
              if it were an active project.

              Ken

              On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:

              > **
              >
              >
              > I would recommend talking to scudette directly as well, though he may have
              > moved on to other projects, like GRR (http://code.google.com/p/grr/)
              >
              > There are a couple of (dated) writeups I did on setting up pyflag that may
              > help:
              >
              > http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
              >
              > http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
              >
              > It wasn't _so_ bad, IIRC though.
              >
              > All the best,
              >
              > -Jamie
              >
              > ________________________________
              > From: Mike Wilkinson <mike@...>
              > To: linux_forensics@yahoogroups.com
              > Sent: Friday, March 8, 2013 5:25 AM
              > Subject: Re: [linux_forensics] Re: compiling pyflag?
              >
              >
              >
              >
              > Greg have a look at the page on forensicswiki, according to that pyflag
              > is deprecated and no longer under active development.
              > http://www.forensicswiki.org/wiki/PyFlag
              > Why not email Michael directly? His is the scud.... email on the google
              > code page.
              >
              > Mike
              >
              > On 3/7/2013 10:32 PM, Greg Freemyer wrote:
              > >
              > > I got past the initial autotools issues, but the code from
              > > code.google.comis not easy to get to compile.
              > >
              > > I'm working with the older code from sourceforge now. I've got it
              > > compiling, but there are a couple of serious warnings I want to address
              > > before I even try to use it.
              > >
              > > I've never used pyflags, but I've heard good things about it. If there is
              > > a developer out there looking for a project, resurrecting pyflag and
              > > updating it to work with recent libewf and sleuthkit might be a great
              > > idea.
              > >
              > > Greg
              > >
              > > On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
              > > <mailto:greg.freemyer%40gmail.com>>wrote:
              > >
              > > > All,
              > > >
              > > > I think pyflag is still a relevant tool. Is that right?
              > > >
              > > > It links to libewf, which has a new API as of the last year or so. I
              > can
              > > > force it to link against the older version I think, but I'm not sure
              > > about
              > > > that.
              > > >
              > > > Anyway, if it is still a current tool, is the sourceforge version
              > > > 0.87-pre1 the one to go with (it has 2008 changes)?
              > > >
              > > > Or the one from google code (with 2010 changes)?
              > > >
              > > > I'm trying with the 2010 (google code) version. It doesn't have a
              > > > ./configure file, so I tried autoreconf --force --install, but that
              > > fails
              > > > too:
              > > >
              > > > ===
              > > > [ 7s] + autoreconf --force --install
              > > > [ 9s] Can't exec "aclocal": No such file or directory at
              > > > /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
              > > > [ 9s] autoreconf: failed to run aclocal: No such file or directory
              > > > [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
              > > > ===
              > > >
              > > > Thanks
              > > > Greg
              > > >
              > >
              > > [Non-text portions of this message have been removed]
              > >
              > >
              >
              > --
              > @mikewilko
              > http://www.writeblocked.org
              >
              > [Non-text portions of this message have been removed]
              >
              > [Non-text portions of this message have been removed]
              >
              >
              >


              [Non-text portions of this message have been removed]
            • Simson Garfinkel
              Why do you want to use pyflag? It s not being maintained. Most of what you would want to do with it, I think, would be better put into Autopsy 3.0
              Message 6 of 8 , Mar 8, 2013
                Why do you want to use pyflag? It's not being maintained. Most of what you would want to do with it, I think, would be better put into Autopsy 3.0
                On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:

                > I liked pyflag and would like to see the project revived. I only used it a
                > couple times and don't currently have installed, but I would use it again
                > if it were an active project.
                >
                > Ken
                >
                > On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
                >
                >> **
                >>
                >>
                >> I would recommend talking to scudette directly as well, though he may have
                >> moved on to other projects, like GRR (http://code.google.com/p/grr/)
                >>
                >> There are a couple of (dated) writeups I did on setting up pyflag that may
                >> help:
                >>
                >> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
                >>
                >> http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
                >>
                >> It wasn't _so_ bad, IIRC though.
                >>
                >> All the best,
                >>
                >> -Jamie
                >>
                >> ________________________________
                >> From: Mike Wilkinson <mike@...>
                >> To: linux_forensics@yahoogroups.com
                >> Sent: Friday, March 8, 2013 5:25 AM
                >> Subject: Re: [linux_forensics] Re: compiling pyflag?
                >>
                >>
                >>
                >>
                >> Greg have a look at the page on forensicswiki, according to that pyflag
                >> is deprecated and no longer under active development.
                >> http://www.forensicswiki.org/wiki/PyFlag
                >> Why not email Michael directly? His is the scud.... email on the google
                >> code page.
                >>
                >> Mike
                >>
                >> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
                >>>
                >>> I got past the initial autotools issues, but the code from
                >>> code.google.comis not easy to get to compile.
                >>>
                >>> I'm working with the older code from sourceforge now. I've got it
                >>> compiling, but there are a couple of serious warnings I want to address
                >>> before I even try to use it.
                >>>
                >>> I've never used pyflags, but I've heard good things about it. If there is
                >>> a developer out there looking for a project, resurrecting pyflag and
                >>> updating it to work with recent libewf and sleuthkit might be a great
                >>> idea.
                >>>
                >>> Greg
                >>>
                >>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
                >>> <mailto:greg.freemyer%40gmail.com>>wrote:
                >>>
                >>>> All,
                >>>>
                >>>> I think pyflag is still a relevant tool. Is that right?
                >>>>
                >>>> It links to libewf, which has a new API as of the last year or so. I
                >> can
                >>>> force it to link against the older version I think, but I'm not sure
                >>> about
                >>>> that.
                >>>>
                >>>> Anyway, if it is still a current tool, is the sourceforge version
                >>>> 0.87-pre1 the one to go with (it has 2008 changes)?
                >>>>
                >>>> Or the one from google code (with 2010 changes)?
                >>>>
                >>>> I'm trying with the 2010 (google code) version. It doesn't have a
                >>>> ./configure file, so I tried autoreconf --force --install, but that
                >>> fails
                >>>> too:
                >>>>
                >>>> ===
                >>>> [ 7s] + autoreconf --force --install
                >>>> [ 9s] Can't exec "aclocal": No such file or directory at
                >>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
                >>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
                >>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
                >>>> ===
                >>>>
                >>>> Thanks
                >>>> Greg
                >>>>
                >>>
                >>> [Non-text portions of this message have been removed]
                >>>
                >>>
                >>
                >> --
                >> @mikewilko
                >> http://www.writeblocked.org
                >>
                >> [Non-text portions of this message have been removed]
                >>
                >> [Non-text portions of this message have been removed]
                >>
                >>
                >>
                >
                >
                > [Non-text portions of this message have been removed]
                >
                >
                >
                > ------------------------------------
                >
                > Yahoo! Groups Links
                >
                >
                >
              • Greg Freemyer
                Simson (and all), I was looking at pyflag for 3 reasons: 1) I m trying to create a set of well packaged forensic tools for opensuse (a fedora competitor). See
                Message 7 of 8 , Mar 8, 2013
                  Simson (and all),

                  I was looking at pyflag for 3 reasons:

                  1) I'm trying to create a set of well packaged forensic tools for opensuse
                  (a fedora competitor). See
                  http://en.opensuse.org/Portal:Digital_forensics_and_incident_response

                  It's a slow process, but I've gotten a fair number of forensic tools added
                  to the distribution officially. (see the link for a list.)

                  2) I had seen a reference to pyflag in sleuthkit overview presentation, so
                  I assumed it was still a relevant tool:
                  http://www.basistech.com/conference/2010/osdf-slides/carrier-sleuthkitoverview.pdf
                  If that is out of date, I'll just drop this effort.

                  3) I'm trying to use linux tools more and more to do my paying work. I
                  wanted to text pyflag and see what it is useful for. Again, if pyflag is
                  out of date, I will drop this effort.

                  FYI: I do have it building and have a test package built, but only for
                  32-bit compiles:
                  https://build.opensuse.org/package/show?package=pyflag&project=home%3Agregfreemyer%3ATools-for-forensic-boot-cd
                  I have not tested it at all yet. I will likely do that at a minimum.

                  Greg

                  On Fri, Mar 8, 2013 at 12:28 PM, Simson Garfinkel <simsong@...> wrote:

                  > **
                  >
                  >
                  > Why do you want to use pyflag? It's not being maintained. Most of what you
                  > would want to do with it, I think, would be better put into Autopsy 3.0
                  >
                  > On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:
                  >
                  > > I liked pyflag and would like to see the project revived. I only used it
                  > a
                  > > couple times and don't currently have installed, but I would use it again
                  > > if it were an active project.
                  > >
                  > > Ken
                  > >
                  > > On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
                  > >
                  > >> **
                  > >>
                  > >>
                  > >> I would recommend talking to scudette directly as well, though he may
                  > have
                  > >> moved on to other projects, like GRR (http://code.google.com/p/grr/)
                  > >>
                  > >> There are a couple of (dated) writeups I did on setting up pyflag that
                  > may
                  > >> help:
                  > >>
                  > >> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
                  > >>
                  > >>
                  > http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
                  > >>
                  > >> It wasn't _so_ bad, IIRC though.
                  > >>
                  > >> All the best,
                  > >>
                  > >> -Jamie
                  > >>
                  > >> ________________________________
                  > >> From: Mike Wilkinson <mike@...>
                  > >> To: linux_forensics@yahoogroups.com
                  > >> Sent: Friday, March 8, 2013 5:25 AM
                  > >> Subject: Re: [linux_forensics] Re: compiling pyflag?
                  > >>
                  > >>
                  > >>
                  > >>
                  > >> Greg have a look at the page on forensicswiki, according to that pyflag
                  > >> is deprecated and no longer under active development.
                  > >> http://www.forensicswiki.org/wiki/PyFlag
                  > >> Why not email Michael directly? His is the scud.... email on the google
                  > >> code page.
                  > >>
                  > >> Mike
                  > >>
                  > >> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
                  > >>>
                  > >>> I got past the initial autotools issues, but the code from
                  > >>> code.google.comis not easy to get to compile.
                  > >>>
                  > >>> I'm working with the older code from sourceforge now. I've got it
                  > >>> compiling, but there are a couple of serious warnings I want to address
                  > >>> before I even try to use it.
                  > >>>
                  > >>> I've never used pyflags, but I've heard good things about it. If there
                  > is
                  > >>> a developer out there looking for a project, resurrecting pyflag and
                  > >>> updating it to work with recent libewf and sleuthkit might be a great
                  > >>> idea.
                  > >>>
                  > >>> Greg
                  > >>>
                  > >>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
                  > >>> <mailto:greg.freemyer%40gmail.com>>wrote:
                  > >>>
                  > >>>> All,
                  > >>>>
                  > >>>> I think pyflag is still a relevant tool. Is that right?
                  > >>>>
                  > >>>> It links to libewf, which has a new API as of the last year or so. I
                  > >> can
                  > >>>> force it to link against the older version I think, but I'm not sure
                  > >>> about
                  > >>>> that.
                  > >>>>
                  > >>>> Anyway, if it is still a current tool, is the sourceforge version
                  > >>>> 0.87-pre1 the one to go with (it has 2008 changes)?
                  > >>>>
                  > >>>> Or the one from google code (with 2010 changes)?
                  > >>>>
                  > >>>> I'm trying with the 2010 (google code) version. It doesn't have a
                  > >>>> ./configure file, so I tried autoreconf --force --install, but that
                  > >>> fails
                  > >>>> too:
                  > >>>>
                  > >>>> ===
                  > >>>> [ 7s] + autoreconf --force --install
                  > >>>> [ 9s] Can't exec "aclocal": No such file or directory at
                  > >>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
                  > >>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
                  > >>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
                  > >>>> ===
                  > >>>>
                  > >>>> Thanks
                  > >>>> Greg
                  > >>>>
                  > >>>
                  > >>> [Non-text portions of this message have been removed]
                  > >>>
                  > >>>
                  > >>
                  > >> --
                  > >> @mikewilko
                  > >> http://www.writeblocked.org
                  > >>
                  > >> [Non-text portions of this message have been removed]
                  > >>
                  > >> [Non-text portions of this message have been removed]
                  > >>
                  > >>
                  > >>
                  > >
                  > >
                  > > [Non-text portions of this message have been removed]
                  > >
                  > >
                  > >
                  > > ------------------------------------
                  > >
                  > > Yahoo! Groups Links
                  > >
                  > >
                  > >
                  >
                  >
                  >


                  [Non-text portions of this message have been removed]
                • Simson Garfinkel
                  Greg, None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no
                  Message 8 of 8 , Mar 8, 2013
                    Greg,

                    None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no future.

                    Simson


                    On Mar 8, 2013, at 3:07 PM, Greg Freemyer <greg.freemyer@...> wrote:

                    > Simson (and all),
                    >
                    > I was looking at pyflag for 3 reasons:
                    >
                    > 1) I'm trying to create a set of well packaged forensic tools for opensuse
                    > (a fedora competitor). See
                    > http://en.opensuse.org/Portal:Digital_forensics_and_incident_response
                    >
                    > It's a slow process, but I've gotten a fair number of forensic tools added
                    > to the distribution officially. (see the link for a list.)
                    >
                    > 2) I had seen a reference to pyflag in sleuthkit overview presentation, so
                    > I assumed it was still a relevant tool:
                    > http://www.basistech.com/conference/2010/osdf-slides/carrier-sleuthkitoverview.pdf
                    > If that is out of date, I'll just drop this effort.
                    >
                    > 3) I'm trying to use linux tools more and more to do my paying work. I
                    > wanted to text pyflag and see what it is useful for. Again, if pyflag is
                    > out of date, I will drop this effort.
                    >
                    > FYI: I do have it building and have a test package built, but only for
                    > 32-bit compiles:
                    > https://build.opensuse.org/package/show?package=pyflag&project=home%3Agregfreemyer%3ATools-for-forensic-boot-cd
                    > I have not tested it at all yet. I will likely do that at a minimum.
                    >
                    > Greg
                    >
                    > On Fri, Mar 8, 2013 at 12:28 PM, Simson Garfinkel <simsong@...> wrote:
                    >
                    >> **
                    >>
                    >>
                    >> Why do you want to use pyflag? It's not being maintained. Most of what you
                    >> would want to do with it, I think, would be better put into Autopsy 3.0
                    >>
                    >> On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:
                    >>
                    >>> I liked pyflag and would like to see the project revived. I only used it
                    >> a
                    >>> couple times and don't currently have installed, but I would use it again
                    >>> if it were an active project.
                    >>>
                    >>> Ken
                    >>>
                    >>> On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
                    >>>
                    >>>> **
                    >>>>
                    >>>>
                    >>>> I would recommend talking to scudette directly as well, though he may
                    >> have
                    >>>> moved on to other projects, like GRR (http://code.google.com/p/grr/)
                    >>>>
                    >>>> There are a couple of (dated) writeups I did on setting up pyflag that
                    >> may
                    >>>> help:
                    >>>>
                    >>>> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
                    >>>>
                    >>>>
                    >> http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
                    >>>>
                    >>>> It wasn't _so_ bad, IIRC though.
                    >>>>
                    >>>> All the best,
                    >>>>
                    >>>> -Jamie
                    >>>>
                    >>>> ________________________________
                    >>>> From: Mike Wilkinson <mike@...>
                    >>>> To: linux_forensics@yahoogroups.com
                    >>>> Sent: Friday, March 8, 2013 5:25 AM
                    >>>> Subject: Re: [linux_forensics] Re: compiling pyflag?
                    >>>>
                    >>>>
                    >>>>
                    >>>>
                    >>>> Greg have a look at the page on forensicswiki, according to that pyflag
                    >>>> is deprecated and no longer under active development.
                    >>>> http://www.forensicswiki.org/wiki/PyFlag
                    >>>> Why not email Michael directly? His is the scud.... email on the google
                    >>>> code page.
                    >>>>
                    >>>> Mike
                    >>>>
                    >>>> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
                    >>>>>
                    >>>>> I got past the initial autotools issues, but the code from
                    >>>>> code.google.comis not easy to get to compile.
                    >>>>>
                    >>>>> I'm working with the older code from sourceforge now. I've got it
                    >>>>> compiling, but there are a couple of serious warnings I want to address
                    >>>>> before I even try to use it.
                    >>>>>
                    >>>>> I've never used pyflags, but I've heard good things about it. If there
                    >> is
                    >>>>> a developer out there looking for a project, resurrecting pyflag and
                    >>>>> updating it to work with recent libewf and sleuthkit might be a great
                    >>>>> idea.
                    >>>>>
                    >>>>> Greg
                    >>>>>
                    >>>>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
                    >>>>> <mailto:greg.freemyer%40gmail.com>>wrote:
                    >>>>>
                    >>>>>> All,
                    >>>>>>
                    >>>>>> I think pyflag is still a relevant tool. Is that right?
                    >>>>>>
                    >>>>>> It links to libewf, which has a new API as of the last year or so. I
                    >>>> can
                    >>>>>> force it to link against the older version I think, but I'm not sure
                    >>>>> about
                    >>>>>> that.
                    >>>>>>
                    >>>>>> Anyway, if it is still a current tool, is the sourceforge version
                    >>>>>> 0.87-pre1 the one to go with (it has 2008 changes)?
                    >>>>>>
                    >>>>>> Or the one from google code (with 2010 changes)?
                    >>>>>>
                    >>>>>> I'm trying with the 2010 (google code) version. It doesn't have a
                    >>>>>> ./configure file, so I tried autoreconf --force --install, but that
                    >>>>> fails
                    >>>>>> too:
                    >>>>>>
                    >>>>>> ===
                    >>>>>> [ 7s] + autoreconf --force --install
                    >>>>>> [ 9s] Can't exec "aclocal": No such file or directory at
                    >>>>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
                    >>>>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
                    >>>>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
                    >>>>>> ===
                    >>>>>>
                    >>>>>> Thanks
                    >>>>>> Greg
                    >>>>>>
                    >>>>>
                    >>>>> [Non-text portions of this message have been removed]
                    >>>>>
                    >>>>>
                    >>>>
                    >>>> --
                    >>>> @mikewilko
                    >>>> http://www.writeblocked.org
                    >>>>
                    >>>> [Non-text portions of this message have been removed]
                    >>>>
                    >>>> [Non-text portions of this message have been removed]
                    >>>>
                    >>>>
                    >>>>
                    >>>
                    >>>
                    >>> [Non-text portions of this message have been removed]
                    >>>
                    >>>
                    >>>
                    >>> ------------------------------------
                    >>>
                    >>> Yahoo! Groups Links
                    >>>
                    >>>
                    >>>
                    >>
                    >>
                    >>
                    >
                    >
                    > [Non-text portions of this message have been removed]
                    >
                    >
                    >
                    > ------------------------------------
                    >
                    > Yahoo! Groups Links
                    >
                    >
                    >
                  Your message has been successfully submitted and would be delivered to recipients shortly.