Loading ...
Sorry, an error occurred while loading the content.
 

Re: [linux_forensics] compiling pyflag?

Expand Messages
  • Simson Garfinkel
    Greg, None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no
    Message 1 of 8 , Mar 8, 2013
      Greg,

      None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no future.

      Simson


      On Mar 8, 2013, at 3:07 PM, Greg Freemyer <greg.freemyer@...> wrote:

      > Simson (and all),
      >
      > I was looking at pyflag for 3 reasons:
      >
      > 1) I'm trying to create a set of well packaged forensic tools for opensuse
      > (a fedora competitor). See
      > http://en.opensuse.org/Portal:Digital_forensics_and_incident_response
      >
      > It's a slow process, but I've gotten a fair number of forensic tools added
      > to the distribution officially. (see the link for a list.)
      >
      > 2) I had seen a reference to pyflag in sleuthkit overview presentation, so
      > I assumed it was still a relevant tool:
      > http://www.basistech.com/conference/2010/osdf-slides/carrier-sleuthkitoverview.pdf
      > If that is out of date, I'll just drop this effort.
      >
      > 3) I'm trying to use linux tools more and more to do my paying work. I
      > wanted to text pyflag and see what it is useful for. Again, if pyflag is
      > out of date, I will drop this effort.
      >
      > FYI: I do have it building and have a test package built, but only for
      > 32-bit compiles:
      > https://build.opensuse.org/package/show?package=pyflag&project=home%3Agregfreemyer%3ATools-for-forensic-boot-cd
      > I have not tested it at all yet. I will likely do that at a minimum.
      >
      > Greg
      >
      > On Fri, Mar 8, 2013 at 12:28 PM, Simson Garfinkel <simsong@...> wrote:
      >
      >> **
      >>
      >>
      >> Why do you want to use pyflag? It's not being maintained. Most of what you
      >> would want to do with it, I think, would be better put into Autopsy 3.0
      >>
      >> On Mar 8, 2013, at 12:17 PM, Ken Pryor <kdpryor@...> wrote:
      >>
      >>> I liked pyflag and would like to see the project revived. I only used it
      >> a
      >>> couple times and don't currently have installed, but I would use it again
      >>> if it were an active project.
      >>>
      >>> Ken
      >>>
      >>> On Fri, Mar 8, 2013 at 8:23 AM, J L <gl33da@...> wrote:
      >>>
      >>>> **
      >>>>
      >>>>
      >>>> I would recommend talking to scudette directly as well, though he may
      >> have
      >>>> moved on to other projects, like GRR (http://code.google.com/p/grr/)
      >>>>
      >>>> There are a couple of (dated) writeups I did on setting up pyflag that
      >> may
      >>>> help:
      >>>>
      >>>> http://gleeda.blogspot.com/2008/06/pyflag-installation-on-fedora-8.html
      >>>>
      >>>>
      >> http://gleeda.blogspot.com/2009/03/pyflag-installation-on-centos-52.html
      >>>>
      >>>> It wasn't _so_ bad, IIRC though.
      >>>>
      >>>> All the best,
      >>>>
      >>>> -Jamie
      >>>>
      >>>> ________________________________
      >>>> From: Mike Wilkinson <mike@...>
      >>>> To: linux_forensics@yahoogroups.com
      >>>> Sent: Friday, March 8, 2013 5:25 AM
      >>>> Subject: Re: [linux_forensics] Re: compiling pyflag?
      >>>>
      >>>>
      >>>>
      >>>>
      >>>> Greg have a look at the page on forensicswiki, according to that pyflag
      >>>> is deprecated and no longer under active development.
      >>>> http://www.forensicswiki.org/wiki/PyFlag
      >>>> Why not email Michael directly? His is the scud.... email on the google
      >>>> code page.
      >>>>
      >>>> Mike
      >>>>
      >>>> On 3/7/2013 10:32 PM, Greg Freemyer wrote:
      >>>>>
      >>>>> I got past the initial autotools issues, but the code from
      >>>>> code.google.comis not easy to get to compile.
      >>>>>
      >>>>> I'm working with the older code from sourceforge now. I've got it
      >>>>> compiling, but there are a couple of serious warnings I want to address
      >>>>> before I even try to use it.
      >>>>>
      >>>>> I've never used pyflags, but I've heard good things about it. If there
      >> is
      >>>>> a developer out there looking for a project, resurrecting pyflag and
      >>>>> updating it to work with recent libewf and sleuthkit might be a great
      >>>>> idea.
      >>>>>
      >>>>> Greg
      >>>>>
      >>>>> On Thu, Mar 7, 2013 at 5:21 PM, Greg Freemyer <greg.freemyer@...
      >>>>> <mailto:greg.freemyer%40gmail.com>>wrote:
      >>>>>
      >>>>>> All,
      >>>>>>
      >>>>>> I think pyflag is still a relevant tool. Is that right?
      >>>>>>
      >>>>>> It links to libewf, which has a new API as of the last year or so. I
      >>>> can
      >>>>>> force it to link against the older version I think, but I'm not sure
      >>>>> about
      >>>>>> that.
      >>>>>>
      >>>>>> Anyway, if it is still a current tool, is the sourceforge version
      >>>>>> 0.87-pre1 the one to go with (it has 2008 changes)?
      >>>>>>
      >>>>>> Or the one from google code (with 2010 changes)?
      >>>>>>
      >>>>>> I'm trying with the 2010 (google code) version. It doesn't have a
      >>>>>> ./configure file, so I tried autoreconf --force --install, but that
      >>>>> fails
      >>>>>> too:
      >>>>>>
      >>>>>> ===
      >>>>>> [ 7s] + autoreconf --force --install
      >>>>>> [ 9s] Can't exec "aclocal": No such file or directory at
      >>>>>> /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
      >>>>>> [ 9s] autoreconf: failed to run aclocal: No such file or directory
      >>>>>> [ 9s] error: Bad exit status from /var/tmp/rpm-tmp.WQ9Oet (%build)
      >>>>>> ===
      >>>>>>
      >>>>>> Thanks
      >>>>>> Greg
      >>>>>>
      >>>>>
      >>>>> [Non-text portions of this message have been removed]
      >>>>>
      >>>>>
      >>>>
      >>>> --
      >>>> @mikewilko
      >>>> http://www.writeblocked.org
      >>>>
      >>>> [Non-text portions of this message have been removed]
      >>>>
      >>>> [Non-text portions of this message have been removed]
      >>>>
      >>>>
      >>>>
      >>>
      >>>
      >>> [Non-text portions of this message have been removed]
      >>>
      >>>
      >>>
      >>> ------------------------------------
      >>>
      >>> Yahoo! Groups Links
      >>>
      >>>
      >>>
      >>
      >>
      >>
      >
      >
      > [Non-text portions of this message have been removed]
      >
      >
      >
      > ------------------------------------
      >
      > Yahoo! Groups Links
      >
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.