Loading ...
Sorry, an error occurred while loading the content.
 

Re: [linux_forensics] Re: compiling pyflag?

Expand Messages
  • J L
    I would recommend talking to scudette directly as well, though he may have moved on to other projects, like GRR (http://code.google.com/p/grr/) There are a
    Message 1 of 8 , Mar 8, 2013
      I would recommend talking to scudette directly as well, though he may have moved on to other projects, like GRR (http://code.google.com/p/grr/)

      There are a couple of (dated) writeups I did on setting up pyflag that may help:

      http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html

      http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html

      It wasn't _so_ bad, IIRC though.

      All the best,

      -Jamie




      ________________________________
      From: Mike Wilkinson <mike@...>
      To: linux_forensics@yahoogroups.com
      Sent: Friday, March 8, 2013 5:25 AM
      Subject: Re: [linux_forensics] Re: compiling pyflag?


       
      Greg have a look at the page on forensicswiki, according to that pyflag
      is deprecated and no longer under active development.
      http://www.forensicswiki.org/wiki/PyFlag
      Why not email Michael directly? His is the scud.... email on the google
      code page.

      Mike

      On 3/7/2013 10:32 PM, Greg Freemyer wrote:
      >
      > I got past the initial autotools issues, but the code from
      > code.google.comis not easy to get to compile.
      >
      > I'm working with the older code from sourceforge now. I've got it
      > compiling, but there are a couple of serious warnings I want to address
      > before I even try to use it.
      >
      > I've never used pyflags, but I've heard good things about it. If there is
      > a developer out there looking for a project, resurrecting pyflag and
      > updating it to work with recent libewf and sleuthkit might be a great
      > idea.
      >
      > Greg
      >
      > On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
      > <mailto:greg.freemyer%40gmail.com>>wrote:
      >
      > > All,
      > >
      > > I think pyflag is still a relevant tool. Is that right?
      > >
      > > It links to libewf, which has a new API as of the last year or so. I can
      > > force it to link against the older version I think, but I'm not sure
      > about
      > > that.
      > >
      > > Anyway, if it is still a current tool, is the sourceforge version
      > > 0.87-pre1 the one to go with (it has 2008 changes)?
      > >
      > > Or the one from google code (with 2010 changes)?
      > >
      > > I'm trying with the 2010 (google code) version. It doesn't have a
      > > ./configure file, so I tried autoreconf --force --install, but that
      > fails
      > > too:
      > >
      > > ===
      > > [ 7s] + autoreconf --force --install
      > > [ 9s] Can't exec "aclocal": No such file or directory at
      > > /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
      > > [ 9s] autoreconf: failed to run aclocal: No such file or directory
      > > [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
      > > ===
      > >
      > > Thanks
      > > Greg
      > >
      >
      > [Non-text portions of this message have been removed]
      >
      >

      --
      @mikewilko
      http://www.writeblocked.org

      [Non-text portions of this message have been removed]




      [Non-text portions of this message have been removed]
    • Ken Pryor
      I liked pyflag and would like to see the project revived. I only used it a couple times and don t currently have installed, but I would use it again if it were
      Message 2 of 8 , Mar 8, 2013
        I liked pyflag and would like to see the project revived. I only used it a
        couple times and don't currently have installed, but I would use it again
        if it were an active project.

        Ken

        On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:

        > **
        >
        >
        > I would recommend talking to scudette directly as well, though he may have
        > moved on to other projects, like GRR (http://code.google.com/p/grr/)
        >
        > There are a couple of (dated) writeups I did on setting up pyflag that may
        > help:
        >
        > http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
        >
        > http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
        >
        > It wasn't _so_ bad, IIRC though.
        >
        > All the best,
        >
        > -Jamie
        >
        > ________________________________
        > From: Mike Wilkinson <mike@...>
        > To: linux_forensics@yahoogroups.com
        > Sent: Friday, March 8, 2013 5:25 AM
        > Subject: Re: [linux_forensics] Re: compiling pyflag?
        >
        >
        >
        >
        > Greg have a look at the page on forensicswiki, according to that pyflag
        > is deprecated and no longer under active development.
        > http://www.forensicswiki.org/wiki/PyFlag
        > Why not email Michael directly? His is the scud.... email on the google
        > code page.
        >
        > Mike
        >
        > On 3/7/2013 10:32 PM, Greg Freemyer wrote:
        > >
        > > I got past the initial autotools issues, but the code from
        > > code.google.comis not easy to get to compile.
        > >
        > > I'm working with the older code from sourceforge now. I've got it
        > > compiling, but there are a couple of serious warnings I want to address
        > > before I even try to use it.
        > >
        > > I've never used pyflags, but I've heard good things about it. If there is
        > > a developer out there looking for a project, resurrecting pyflag and
        > > updating it to work with recent libewf and sleuthkit might be a great
        > > idea.
        > >
        > > Greg
        > >
        > > On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
        > > <mailto:greg.freemyer%40gmail.com>>wrote:
        > >
        > > > All,
        > > >
        > > > I think pyflag is still a relevant tool. Is that right?
        > > >
        > > > It links to libewf, which has a new API as of the last year or so. I
        > can
        > > > force it to link against the older version I think, but I'm not sure
        > > about
        > > > that.
        > > >
        > > > Anyway, if it is still a current tool, is the sourceforge version
        > > > 0.87-pre1 the one to go with (it has 2008 changes)?
        > > >
        > > > Or the one from google code (with 2010 changes)?
        > > >
        > > > I'm trying with the 2010 (google code) version. It doesn't have a
        > > > ./configure file, so I tried autoreconf --force --install, but that
        > > fails
        > > > too:
        > > >
        > > > ===
        > > > [ 7s] + autoreconf --force --install
        > > > [ 9s] Can't exec "aclocal": No such file or directory at
        > > > /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
        > > > [ 9s] autoreconf: failed to run aclocal: No such file or directory
        > > > [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
        > > > ===
        > > >
        > > > Thanks
        > > > Greg
        > > >
        > >
        > > [Non-text portions of this message have been removed]
        > >
        > >
        >
        > --
        > @mikewilko
        > http://www.writeblocked.org
        >
        > [Non-text portions of this message have been removed]
        >
        > [Non-text portions of this message have been removed]
        >
        >
        >


        [Non-text portions of this message have been removed]
      • Simson Garfinkel
        Why do you want to use pyflag? It s not being maintained. Most of what you would want to do with it, I think, would be better put into Autopsy 3.0
        Message 3 of 8 , Mar 8, 2013
          Why do you want to use pyflag? It's not being maintained. Most of what you would want to do with it, I think, would be better put into Autopsy 3.0
          On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:

          > I liked pyflag and would like to see the project revived. I only used it a
          > couple times and don't currently have installed, but I would use it again
          > if it were an active project.
          >
          > Ken
          >
          > On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
          >
          >> **
          >>
          >>
          >> I would recommend talking to scudette directly as well, though he may have
          >> moved on to other projects, like GRR (http://code.google.com/p/grr/)
          >>
          >> There are a couple of (dated) writeups I did on setting up pyflag that may
          >> help:
          >>
          >> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
          >>
          >> http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
          >>
          >> It wasn't _so_ bad, IIRC though.
          >>
          >> All the best,
          >>
          >> -Jamie
          >>
          >> ________________________________
          >> From: Mike Wilkinson <mike@...>
          >> To: linux_forensics@yahoogroups.com
          >> Sent: Friday, March 8, 2013 5:25 AM
          >> Subject: Re: [linux_forensics] Re: compiling pyflag?
          >>
          >>
          >>
          >>
          >> Greg have a look at the page on forensicswiki, according to that pyflag
          >> is deprecated and no longer under active development.
          >> http://www.forensicswiki.org/wiki/PyFlag
          >> Why not email Michael directly? His is the scud.... email on the google
          >> code page.
          >>
          >> Mike
          >>
          >> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
          >>>
          >>> I got past the initial autotools issues, but the code from
          >>> code.google.comis not easy to get to compile.
          >>>
          >>> I'm working with the older code from sourceforge now. I've got it
          >>> compiling, but there are a couple of serious warnings I want to address
          >>> before I even try to use it.
          >>>
          >>> I've never used pyflags, but I've heard good things about it. If there is
          >>> a developer out there looking for a project, resurrecting pyflag and
          >>> updating it to work with recent libewf and sleuthkit might be a great
          >>> idea.
          >>>
          >>> Greg
          >>>
          >>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
          >>> <mailto:greg.freemyer%40gmail.com>>wrote:
          >>>
          >>>> All,
          >>>>
          >>>> I think pyflag is still a relevant tool. Is that right?
          >>>>
          >>>> It links to libewf, which has a new API as of the last year or so. I
          >> can
          >>>> force it to link against the older version I think, but I'm not sure
          >>> about
          >>>> that.
          >>>>
          >>>> Anyway, if it is still a current tool, is the sourceforge version
          >>>> 0.87-pre1 the one to go with (it has 2008 changes)?
          >>>>
          >>>> Or the one from google code (with 2010 changes)?
          >>>>
          >>>> I'm trying with the 2010 (google code) version. It doesn't have a
          >>>> ./configure file, so I tried autoreconf --force --install, but that
          >>> fails
          >>>> too:
          >>>>
          >>>> ===
          >>>> [ 7s] + autoreconf --force --install
          >>>> [ 9s] Can't exec "aclocal": No such file or directory at
          >>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
          >>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
          >>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
          >>>> ===
          >>>>
          >>>> Thanks
          >>>> Greg
          >>>>
          >>>
          >>> [Non-text portions of this message have been removed]
          >>>
          >>>
          >>
          >> --
          >> @mikewilko
          >> http://www.writeblocked.org
          >>
          >> [Non-text portions of this message have been removed]
          >>
          >> [Non-text portions of this message have been removed]
          >>
          >>
          >>
          >
          >
          > [Non-text portions of this message have been removed]
          >
          >
          >
          > ------------------------------------
          >
          > Yahoo! Groups Links
          >
          >
          >
        • Greg Freemyer
          Simson (and all), I was looking at pyflag for 3 reasons: 1) I m trying to create a set of well packaged forensic tools for opensuse (a fedora competitor). See
          Message 4 of 8 , Mar 8, 2013
            Simson (and all),

            I was looking at pyflag for 3 reasons:

            1) I'm trying to create a set of well packaged forensic tools for opensuse
            (a fedora competitor). See
            http://en.opensuse.org/Portal:Digital_forensics_and_incident_response

            It's a slow process, but I've gotten a fair number of forensic tools added
            to the distribution officially. (see the link for a list.)

            2) I had seen a reference to pyflag in sleuthkit overview presentation, so
            I assumed it was still a relevant tool:
            http://www.basistech.com/conference/2010/osdf-slides/carrier-sleuthkitoverview.pdf
            If that is out of date, I'll just drop this effort.

            3) I'm trying to use linux tools more and more to do my paying work. I
            wanted to text pyflag and see what it is useful for. Again, if pyflag is
            out of date, I will drop this effort.

            FYI: I do have it building and have a test package built, but only for
            32-bit compiles:
            https://build.opensuse.org/package/show?package=pyflag&project=home%3Agregfreemyer%3ATools-for-forensic-boot-cd
            I have not tested it at all yet. I will likely do that at a minimum.

            Greg

            On Fri, Mar 8, 2013 at 12:28 PM, Simson Garfinkel <simsong@...> wrote:

            > **
            >
            >
            > Why do you want to use pyflag? It's not being maintained. Most of what you
            > would want to do with it, I think, would be better put into Autopsy 3.0
            >
            > On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:
            >
            > > I liked pyflag and would like to see the project revived. I only used it
            > a
            > > couple times and don't currently have installed, but I would use it again
            > > if it were an active project.
            > >
            > > Ken
            > >
            > > On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
            > >
            > >> **
            > >>
            > >>
            > >> I would recommend talking to scudette directly as well, though he may
            > have
            > >> moved on to other projects, like GRR (http://code.google.com/p/grr/)
            > >>
            > >> There are a couple of (dated) writeups I did on setting up pyflag that
            > may
            > >> help:
            > >>
            > >> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
            > >>
            > >>
            > http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
            > >>
            > >> It wasn't _so_ bad, IIRC though.
            > >>
            > >> All the best,
            > >>
            > >> -Jamie
            > >>
            > >> ________________________________
            > >> From: Mike Wilkinson <mike@...>
            > >> To: linux_forensics@yahoogroups.com
            > >> Sent: Friday, March 8, 2013 5:25 AM
            > >> Subject: Re: [linux_forensics] Re: compiling pyflag?
            > >>
            > >>
            > >>
            > >>
            > >> Greg have a look at the page on forensicswiki, according to that pyflag
            > >> is deprecated and no longer under active development.
            > >> http://www.forensicswiki.org/wiki/PyFlag
            > >> Why not email Michael directly? His is the scud.... email on the google
            > >> code page.
            > >>
            > >> Mike
            > >>
            > >> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
            > >>>
            > >>> I got past the initial autotools issues, but the code from
            > >>> code.google.comis not easy to get to compile.
            > >>>
            > >>> I'm working with the older code from sourceforge now. I've got it
            > >>> compiling, but there are a couple of serious warnings I want to address
            > >>> before I even try to use it.
            > >>>
            > >>> I've never used pyflags, but I've heard good things about it. If there
            > is
            > >>> a developer out there looking for a project, resurrecting pyflag and
            > >>> updating it to work with recent libewf and sleuthkit might be a great
            > >>> idea.
            > >>>
            > >>> Greg
            > >>>
            > >>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
            > >>> <mailto:greg.freemyer%40gmail.com>>wrote:
            > >>>
            > >>>> All,
            > >>>>
            > >>>> I think pyflag is still a relevant tool. Is that right?
            > >>>>
            > >>>> It links to libewf, which has a new API as of the last year or so. I
            > >> can
            > >>>> force it to link against the older version I think, but I'm not sure
            > >>> about
            > >>>> that.
            > >>>>
            > >>>> Anyway, if it is still a current tool, is the sourceforge version
            > >>>> 0.87-pre1 the one to go with (it has 2008 changes)?
            > >>>>
            > >>>> Or the one from google code (with 2010 changes)?
            > >>>>
            > >>>> I'm trying with the 2010 (google code) version. It doesn't have a
            > >>>> ./configure file, so I tried autoreconf --force --install, but that
            > >>> fails
            > >>>> too:
            > >>>>
            > >>>> ===
            > >>>> [ 7s] + autoreconf --force --install
            > >>>> [ 9s] Can't exec "aclocal": No such file or directory at
            > >>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
            > >>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
            > >>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
            > >>>> ===
            > >>>>
            > >>>> Thanks
            > >>>> Greg
            > >>>>
            > >>>
            > >>> [Non-text portions of this message have been removed]
            > >>>
            > >>>
            > >>
            > >> --
            > >> @mikewilko
            > >> http://www.writeblocked.org
            > >>
            > >> [Non-text portions of this message have been removed]
            > >>
            > >> [Non-text portions of this message have been removed]
            > >>
            > >>
            > >>
            > >
            > >
            > > [Non-text portions of this message have been removed]
            > >
            > >
            > >
            > > ------------------------------------
            > >
            > > Yahoo! Groups Links
            > >
            > >
            > >
            >
            >
            >


            [Non-text portions of this message have been removed]
          • Simson Garfinkel
            Greg, None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no
            Message 5 of 8 , Mar 8, 2013
              Greg,

              None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no future.

              Simson


              On Mar 8, 2013, at 3:07 PM, Greg Freemyer <greg.freemyer@...> wrote:

              > Simson (and all),
              >
              > I was looking at pyflag for 3 reasons:
              >
              > 1) I'm trying to create a set of well packaged forensic tools for opensuse
              > (a fedora competitor). See
              > http://en.opensuse.org/Portal:Digital_forensics_and_incident_response
              >
              > It's a slow process, but I've gotten a fair number of forensic tools added
              > to the distribution officially. (see the link for a list.)
              >
              > 2) I had seen a reference to pyflag in sleuthkit overview presentation, so
              > I assumed it was still a relevant tool:
              > http://www.basistech.com/conference/2010/osdf-slides/carrier-sleuthkitoverview.pdf
              > If that is out of date, I'll just drop this effort.
              >
              > 3) I'm trying to use linux tools more and more to do my paying work. I
              > wanted to text pyflag and see what it is useful for. Again, if pyflag is
              > out of date, I will drop this effort.
              >
              > FYI: I do have it building and have a test package built, but only for
              > 32-bit compiles:
              > https://build.opensuse.org/package/show?package=pyflag&project=home%3Agregfreemyer%3ATools-for-forensic-boot-cd
              > I have not tested it at all yet. I will likely do that at a minimum.
              >
              > Greg
              >
              > On Fri, Mar 8, 2013 at 12:28 PM, Simson Garfinkel <simsong@...> wrote:
              >
              >> **
              >>
              >>
              >> Why do you want to use pyflag? It's not being maintained. Most of what you
              >> would want to do with it, I think, would be better put into Autopsy 3.0
              >>
              >> On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:
              >>
              >>> I liked pyflag and would like to see the project revived. I only used it
              >> a
              >>> couple times and don't currently have installed, but I would use it again
              >>> if it were an active project.
              >>>
              >>> Ken
              >>>
              >>> On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
              >>>
              >>>> **
              >>>>
              >>>>
              >>>> I would recommend talking to scudette directly as well, though he may
              >> have
              >>>> moved on to other projects, like GRR (http://code.google.com/p/grr/)
              >>>>
              >>>> There are a couple of (dated) writeups I did on setting up pyflag that
              >> may
              >>>> help:
              >>>>
              >>>> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
              >>>>
              >>>>
              >> http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
              >>>>
              >>>> It wasn't _so_ bad, IIRC though.
              >>>>
              >>>> All the best,
              >>>>
              >>>> -Jamie
              >>>>
              >>>> ________________________________
              >>>> From: Mike Wilkinson <mike@...>
              >>>> To: linux_forensics@yahoogroups.com
              >>>> Sent: Friday, March 8, 2013 5:25 AM
              >>>> Subject: Re: [linux_forensics] Re: compiling pyflag?
              >>>>
              >>>>
              >>>>
              >>>>
              >>>> Greg have a look at the page on forensicswiki, according to that pyflag
              >>>> is deprecated and no longer under active development.
              >>>> http://www.forensicswiki.org/wiki/PyFlag
              >>>> Why not email Michael directly? His is the scud.... email on the google
              >>>> code page.
              >>>>
              >>>> Mike
              >>>>
              >>>> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
              >>>>>
              >>>>> I got past the initial autotools issues, but the code from
              >>>>> code.google.comis not easy to get to compile.
              >>>>>
              >>>>> I'm working with the older code from sourceforge now. I've got it
              >>>>> compiling, but there are a couple of serious warnings I want to address
              >>>>> before I even try to use it.
              >>>>>
              >>>>> I've never used pyflags, but I've heard good things about it. If there
              >> is
              >>>>> a developer out there looking for a project, resurrecting pyflag and
              >>>>> updating it to work with recent libewf and sleuthkit might be a great
              >>>>> idea.
              >>>>>
              >>>>> Greg
              >>>>>
              >>>>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
              >>>>> <mailto:greg.freemyer%40gmail.com>>wrote:
              >>>>>
              >>>>>> All,
              >>>>>>
              >>>>>> I think pyflag is still a relevant tool. Is that right?
              >>>>>>
              >>>>>> It links to libewf, which has a new API as of the last year or so. I
              >>>> can
              >>>>>> force it to link against the older version I think, but I'm not sure
              >>>>> about
              >>>>>> that.
              >>>>>>
              >>>>>> Anyway, if it is still a current tool, is the sourceforge version
              >>>>>> 0.87-pre1 the one to go with (it has 2008 changes)?
              >>>>>>
              >>>>>> Or the one from google code (with 2010 changes)?
              >>>>>>
              >>>>>> I'm trying with the 2010 (google code) version. It doesn't have a
              >>>>>> ./configure file, so I tried autoreconf --force --install, but that
              >>>>> fails
              >>>>>> too:
              >>>>>>
              >>>>>> ===
              >>>>>> [ 7s] + autoreconf --force --install
              >>>>>> [ 9s] Can't exec "aclocal": No such file or directory at
              >>>>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
              >>>>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
              >>>>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
              >>>>>> ===
              >>>>>>
              >>>>>> Thanks
              >>>>>> Greg
              >>>>>>
              >>>>>
              >>>>> [Non-text portions of this message have been removed]
              >>>>>
              >>>>>
              >>>>
              >>>> --
              >>>> @mikewilko
              >>>> http://www.writeblocked.org
              >>>>
              >>>> [Non-text portions of this message have been removed]
              >>>>
              >>>> [Non-text portions of this message have been removed]
              >>>>
              >>>>
              >>>>
              >>>
              >>>
              >>> [Non-text portions of this message have been removed]
              >>>
              >>>
              >>>
              >>> ------------------------------------
              >>>
              >>> Yahoo! Groups Links
              >>>
              >>>
              >>>
              >>
              >>
              >>
              >
              >
              > [Non-text portions of this message have been removed]
              >
              >
              >
              > ------------------------------------
              >
              > Yahoo! Groups Links
              >
              >
              >
            Your message has been successfully submitted and would be delivered to recipients shortly.