Schlagwort-Archive: fail

Timesketch on an Raspberry Pi3

Veröffentlicht am von
Antworten

TLDR

Does not work at the moment

Idea

Playing with Timesketch (timesketch.org) for a while I was wondering if it is possible to install Timesketch on a Raspberry Pi 3 to do some basic analysis, no heavy GB plaso imports and such.

A raspberry Pi is around 40 $, so pretty cheap and can be ordered almost everywhere on the planet, and you might already have some PIs from previous projects like:

I have also written about Timesketch / and or maintaining the following Github repositories:

Basic installation

I used the Noobs Image to install the raspberry using a 128 GB Micro SD card to have enough storage.

Java

Trying to install Java will cause some Java issues because you need to install it manually, follow:

https://www.raspberrypi.org/forums/viewtopic.php?t=101543

sudo mv /usr/lib/jvm/java-8-openjdk-armhf/jre/lib/arm/client /usr/lib/jvm/java-8-openjdk-armhf/jre/lib/arm/server

Installing Elastic Search

Follow that article:

Installing Timesketch

Simple, SSH to your raspberry pi and follow:

When installed elasticsearch:

vi /etc/elasticsearch/elasticsearch.yml

Add the following:

network.bind_host: 127.0.0.1

pycipher

This one is a bit tricky because it might fail with:

Collecting pycypher==0.5.9
Could not find a version that satisfies the requirement pycypher==0.5.9 (from versions: )
No matching distribution found for pycypher==0.5.9

Docker

https://medium.freecodecamp.org/the-easy-way-to-set-up-docker-on-a-raspberry-pi-7d24ced073ef

Docker-compose

sudo apt-get install docker-compose

So pycypher does kill the posibility to use Timesketch on a raspberry at the moment:

 Getting page https://www.piwheels.org/simple/pycypher/
   Looking up "https://www.piwheels.org/simple/pycypher/" in the cache
   Current age based on date: 30
   Freshness lifetime from request max-age: 600
   The response is "fresh", returning cached response
   600 > 30
   Analyzing links from page https://www.piwheels.org/simple/pycypher/
   Could not find a version that satisfies the requirement pycypher (from versions: )
 Cleaning up...
 No matching distribution found for pycypher

OSX disk media is not present

Veröffentlicht am von
Antworten

Trying to mount an ext2 / ext3 / ext4 device using external drivers on OSX might bring up the following error:

disk media is not present

in:
sudo dmesg

To fix that a virtual machine helped.

Attaching the external drive using usb, creating a filter for that usb device to forward it to the ubuntu based VM.

Run
fdisk -l

to find the right device.
E.g. /dev/sdd

Now go with fsck.ext3 (for ext3 only)

fsck -y /dev/sdd

-y means answer every question with yes.

For a 2 TB HDD that might take up to several hours, but after that is finished, you can try to mount the drive again.