From gcorbo at yahoo.com Sun Feb 6 21:04:05 2011 From: gcorbo at yahoo.com (Greg Corbo) Date: Sun, 6 Feb 2011 15:04:05 -0500 Subject: [dff] Help - Using DFF under Windows - won't run, don't see an EXE file Message-ID: <000001cbc639$025c9ad0$0715d070$@com> DFF Support Group, Hi. I am currently taking a digital forensics course and usually on the lookout for new or different tools. I came across DFF (latest version, 0.9) and installed the full Windows version(51 MB, with Python and all dependencies) from your Website - on a Windows XP (SP2) system that I use specifically for working with various digital forensic apps. The laptop system has an Athlon 1600+ processor with 1GB RAM. When I tried to use any of the icons created by the program they just start apps in a DOS window which then ends suddenly. One of these icons is for dff-gui.pyw - which I believe is the GUI startup for the program. But when I click on this icon it actually does nothing at all (and if I look at the Windows Task manager - nothing from the DFF program is running). On the wiki page for DFF under the User Guide, I read that the program can be started in GUI mode with the following Command: "DFF -g" I tried this from the main DFF directory and also from subfolders - but there is not a "dff" executable anywhere within the program directories, so this cannot run anything. DFF certainly appears to a be a worthwhile program to test and work with if I could get it to run. The installation went fine and did not have any errors or hitches. Is there something I am missing or doing wrong, or is there an actual .EXE file to run? Or would you advise that I try to install the program again? Any help is greatly appreciated from anyone familiar with running DFF under a Windows OS. Thank you. Greg Corbo -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 7023 bytes Desc: not available URL: From fba at arxsys.fr Mon Feb 7 10:49:27 2011 From: fba at arxsys.fr (=?ISO-8859-1?Q?Fr=E9d=E9ric_Baguelin?=) Date: Mon, 07 Feb 2011 09:49:27 +0000 Subject: [dff] Help - Using DFF under Windows - won't run, don't see an EXE file In-Reply-To: <000001cbc639$025c9ad0$0715d070$@com> References: <000001cbc639$025c9ad0$0715d070$@com> Message-ID: <4D4FC027.9090304@arxsys.fr> Hi, First of all, could you tell us if you have a previous version of Python installed (i.e Python 2.6). If so, the issue could come from the fact Python 2.6 has been installed before Python 2.7 which is installed by DFF installer. The issue is that, when two versions of Python are installed, depending of your environment + registry variables, when starting a Python script, either it will use Python 2.6 or Python 2.7. Since, all libraries of DFF are linked with Python 2.7, if, started with Python 2.6, it will just warn that libraries don't match. To be sure, could you send us a complete traceback by doing the following: 1) Open a windows console (aka cmd) 2) type: C:\Python27\python.exe "C:\Program Files\DFF\dff\dff-gui.py" 3) Copy & paste to the list the error message if exist. You can try to replace Python27 with Python26 in the 2) statement. Regards, On 02/06/11 20:04, Greg Corbo wrote: > > > DFF Support Group, > > > > Hi. I am currently taking a digital forensics course and usually on the > lookout for new or different tools. I came across > > DFF (latest version, 0.9) and installed the full Windows version(51 MB, with > Python and all dependencies) from your > > Website - on a Windows XP (SP2) system that I use specifically for working > with various digital forensic apps. The laptop > > system has an Athlon 1600+ processor with 1GB RAM. > > > > When I tried to use any of the icons created by the program they just start > apps in a DOS window which then ends suddenly. > > > > One of these icons is for dff-gui.pyw - which I believe is the GUI startup > for the program. But when I click on this icon it > > actually does nothing at all (and if I look at the Windows Task manager - > nothing from the DFF program is running). > > > > On the wiki page for DFF under the User Guide, I read that the program can > be started in GUI mode with the following > > Command: "DFF -g" I tried this from the main DFF directory and also > from subfolders - but there is not a "dff" executable > > anywhere within the program directories, so this cannot run anything. > > > > DFF certainly appears to a be a worthwhile program to test and work with if > I could get it to run. The installation went fine > > and did not have any errors or hitches. > > > > Is there something I am missing or doing wrong, or is there an actual .EXE > file to run? Or would you advise that I try to install the program again? > > > > Any help is greatly appreciated from anyone familiar with running DFF under > a Windows OS. > > > > Thank you. > > > > Greg Corbo > > > > > > _______________________________________________ > dff mailing list > dff at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From fba at arxsys.fr Wed Feb 9 13:22:40 2011 From: fba at arxsys.fr (=?ISO-8859-1?Q?Fr=E9d=E9ric_Baguelin?=) Date: Wed, 09 Feb 2011 12:22:40 +0000 Subject: [dff] Fwd: Re: Help - Using DFF under Windows - won't run, don't see an EXE file Message-ID: <4D528710.2050801@arxsys.fr> I post (with Greg's agreement) private replies between Greg and me to help other people if the same issue has been encountered. Regards, -------- Original Message -------- Subject: Re: [dff] Help - Using DFF under Windows - won't run, don't see an EXE file Date: Tue, 08 Feb 2011 09:52:35 +0000 From: Fr?d?ric Baguelin To: Greg Corbo Hi Greg, Would you mine if I repost your reply to the mailing list to inform other people ? And of course, thanks for the feedback. Indeed, when the framework is packaged for Windows, it relies on the fact that Python27 will be placed in C:\. We will do our best to take this issue into account before the next release. Best regards, On 02/07/11 17:58, Greg Corbo wrote: > Frederic, > > Thank you for the reply. To answer directly - No, I never had any version of > Python, or the DFF application installed on > the computer until the other day when I downloaded and installed DFF 0.9 / > Python 2.7 > > However, yesterday I reinstalled DFF 0.9 exactly the way I did the first time - > with one exception - and this time the program > works properly. > > The one difference between the first installation that did not work, and the > second one that did: At the the part of the install that > prompts to install Python to C:\Python 2.7\ I had originally chosen to install > Python to a different location (I don't usually prefer > to install applications to the root directory of the drive...) - had actually > installed under the \DFF folder that was previously created. > > But in trying to install DFF the second time - I just let the program install > Python to the default folder (C:\Python 2.7\) that it presented > to me. (**perhaps, if the program relies on the DOS PATH variable - then it was > simply a path issue...). > > I am not sure if just having Python install to a different folder made a > difference for DFF - or if it was simply that the second installation > copied something needed or fixed something that was missed in the first > installation. Either way - I was able to open and use the DFF > program on this Windows XP system after reinstalling DFF. > > Thank you very much for your reply and assistance. > > Greg Corbo > > > ________________________________ > From: Fr?d?ric Baguelin > To: dff at digital-forensic.org > Cc: Greg Corbo > Sent: Mon, February 7, 2011 4:49:27 AM > Subject: Re: [dff] Help - Using DFF under Windows - won't run, don't see an EXE > file > > Hi, > > First of all, could you tell us if you have a previous version of Python > installed (i.e Python 2.6). If so, the issue could come from the fact Python 2.6 > > has been installed before Python 2.7 which is installed by DFF installer. > > The issue is that, when two versions of Python are installed, depending of your > environment + registry variables, when starting a Python script, either it will > use Python 2.6 or Python 2.7. > > Since, all libraries of DFF are linked with Python 2.7, if, started with Python > 2.6, it will just warn that libraries don't match. > > To be sure, could you send us a complete traceback by doing the following: > > 1) Open a windows console (aka cmd) > 2) type: C:\Python27\python.exe "C:\Program Files\DFF\dff\dff-gui.py" > 3) Copy& paste to the list the error message if exist. > > You can try to replace Python27 with Python26 in the 2) statement. > > Regards, > > On 02/06/11 20:04, Greg Corbo wrote: >> >> >> DFF Support Group, >> >> >> >> Hi. I am currently taking a digital forensics course and usually on the >> lookout for new or different tools. I came across >> >> DFF (latest version, 0.9) and installed the full Windows version(51 MB, with >> Python and all dependencies) from your >> >> Website - on a Windows XP (SP2) system that I use specifically for working >> with various digital forensic apps. The laptop >> >> system has an Athlon 1600+ processor with 1GB RAM. >> >> >> >> When I tried to use any of the icons created by the program they just start >> apps in a DOS window which then ends suddenly. >> >> >> >> One of these icons is for dff-gui.pyw - which I believe is the GUI startup >> for the program. But when I click on this icon it >> >> actually does nothing at all (and if I look at the Windows Task manager - >> nothing from the DFF program is running). >> >> >> >> On the wiki page for DFF under the User Guide, I read that the program can >> be started in GUI mode with the following >> >> Command: "DFF -g" I tried this from the main DFF directory and also >> from subfolders - but there is not a "dff" executable >> >> anywhere within the program directories, so this cannot run anything. >> >> >> >> DFF certainly appears to a be a worthwhile program to test and work with if >> I could get it to run. The installation went fine >> >> and did not have any errors or hitches. >> >> >> >> Is there something I am missing or doing wrong, or is there an actual .EXE >> file to run? Or would you advise that I try to install the program again? >> >> >> >> Any help is greatly appreciated from anyone familiar with running DFF under >> a Windows OS. >> >> >> >> Thank you. >> >> >> >> Greg Corbo >> >> >> >> >> >> _______________________________________________ >> dff mailing list >> dff at digital-forensic.org >> http://lists.digital-forensic.org/listinfo/dff > -- Fr?d?ric Baguelin frederic.baguelin at arxsys.fr ArxSys SAS, Directeur technique T?l: +33 146 362 522 From bethlogic at gmail.com Thu Feb 17 23:17:44 2011 From: bethlogic at gmail.com (Elizabeth Schweinsberg) Date: Thu, 17 Feb 2011 17:17:44 -0500 Subject: [dff] Split images and DFF Message-ID: Good afternoon, How does one add dumps that are split images to DFF? It's not immediately obvious and our test cases are all split dd files. The wiki doesn't give any suggestions either. Thanks! Elizabeth From solal.jacob at ArxSys.fr Fri Feb 18 02:24:50 2011 From: solal.jacob at ArxSys.fr (Solal Jacob) Date: Fri, 18 Feb 2011 01:24:50 +0000 Subject: [dff] Split images and DFF In-Reply-To: References: Message-ID: <4D5DCA62.2040704@ArxSys.fr> Hi, In the current stable release (0.9) there is a merge modules that can concatenate two files into one. You can load your files into DFF by using the menu : 'file'->'open evidences' and then select your files. After that they will appear in the node browser, right click on a node then select : 'Open With->Node->Merge'. A new window will apear that will permit you to select the files that you want to merge. To select the files use the 'browse' button and after that click 'ok' this will create a new node representing the two merged files. This is certainly not enough for your usage, because you'll probably need to merge more than two files. We are currently working on DFF 1.0 that will be released in March. In this version the merge module will be able to take a list of nodes ( files ). This improvement will permit you to use this module to virtually concatenate as many split dd files as you want in to one virtual file. Which can then be used by other modules to reconstruct the underlaying file system. Solal. On 02/17/11 22:17, Elizabeth Schweinsberg wrote: > Good afternoon, > > How does one add dumps that are split images to DFF? It's not > immediately obvious and our test cases are all split dd files. The > wiki doesn't give any suggestions either. > > Thanks! > Elizabeth > _______________________________________________ > dff mailing list > dff at digital-forensic.org > http://lists.digital-forensic.org/listinfo/dff > From csteger515 at gmail.com Fri Feb 18 17:46:57 2011 From: csteger515 at gmail.com (Curt Steger) Date: Fri, 18 Feb 2011 09:46:57 -0700 Subject: [dff] DFF0.9 Compiling problems, Fedora 14 32-bit Message-ID: Good day, I am having difficulties compiling DFF on a Fedora 14 system for work. (Can not find the RPM to install). I compiled DFF on my slackware 64-bit system at home with no problems, and it works like a champ. When I run cmake . on the Fedora system I receive the following: -- Will use -g for debugging -- no -- Preparing installation mode -- Python library found: /usr/lib/libpython2.7.so -- Python header found: /usr/include/python2.7 -- Python in: /usr/bin -- Found Python executable: /usr/bin/python -- Found Python version: 2.7 -- Found Python library: /usr/lib/libpython2.7.so -- Found SIP version: 4.10.5 -- Found PyQt4 version: 4.7.4 -- Python magic found: /usr/lib/python2.7/site-packages/magic.so -- Python QT4 libraries bindings found: /usr/lib/python2.7/site-packages/PyQt4 -- Python QScintilla library bindings found: /usr/lib/python2.7/site-packages/PyQt4/Qsci.so -- Python Qt4 linguist translation files updater found: /usr/bin/pylupdate4 ERRORQT translation compiler not found. -- Python Qt4 resource compiler found: /usr/bin/pyrcc4 Updating 'ui/gui/i18n/Dff_en.ts'... Found 134 source texts (0 new and 134 already existing) Updating 'ui/gui/i18n/Dff_es.ts'... Found 134 source texts (0 new and 134 already existing) Updating 'ui/gui/i18n/Dff_fr.ts'... Found 134 source texts (0 new and 134 already existing) -- Configuring done -- Generating done -- Build files have been written to: /home/csteger/Downloads/dff-src-0.9 When I run make, I again receive the following error. /bin/sh: QT_LANGUAGE_COMPILER-NOTFOUND: command not found make[2]: *** [ui/gui/i18n/CMakeFiles/gui_translation_en] Error 127 make[1]: *** [ui/gui/i18n/CMakeFiles/gui_translation_en.dir/all] Error 2 make: *** [all] Error 2 I have RTFM, and worked on this for the past couple days and can't find that compiler. Any insight as to what I might have overlooked? I am sure it is something easy, (like a quick link) but for the life of me I can't find it at the moment. Thank you in advance. Curt -------------- next part -------------- An HTML attachment was scrubbed... URL: From christophe.malinge at arxsys.fr Fri Feb 18 18:24:21 2011 From: christophe.malinge at arxsys.fr (Christophe Malinge) Date: Fri, 18 Feb 2011 18:24:21 +0100 Subject: [dff] DFF0.9 Compiling problems, Fedora 14 32-bit In-Reply-To: References: Message-ID: <4D5EAB45.4080805@arxsys.fr> Hello Curt, On 02/18/11 17:46, Curt Steger wrote: > Good day, > > I am having difficulties compiling DFF on a Fedora 14 system for work. > (Can not find the RPM to install). I compiled DFF on my slackware 64-bit > system at home with no problems, and it works like a champ. RPM was provided in the past, but today we lack of packager and feedback for Red-Hat based systems. This is to be corrected thanks to the development of our continuous integration/nightly build system, stay in touch ;) Happy to know it is working on Slackware 64b, thanks for reporting it. Well, about the configure failure on Fedora, Johannes already reported and fixed it on Tuesday this week. Two solutions for you bellow. > > When I run cmake . on the Fedora system I receive the following: > > -- Will use -g for debugging -- no > -- Preparing installation mode > -- Python library found: /usr/lib/libpython2.7.so > -- Python header found: /usr/include/python2.7 > -- Python in: /usr/bin > -- Found Python executable: /usr/bin/python > -- Found Python version: 2.7 > -- Found Python library: /usr/lib/libpython2.7.so > -- Found SIP version: 4.10.5 > -- Found PyQt4 version: 4.7.4 > -- Python magic found: /usr/lib/python2.7/site-packages/magic.so > -- Python QT4 libraries bindings found: > /usr/lib/python2.7/site-packages/PyQt4 > -- Python QScintilla library bindings found: > /usr/lib/python2.7/site-packages/PyQt4/Qsci.so > -- Python Qt4 linguist translation files updater found: /usr/bin/pylupdate4 > ERRORQT translation compiler not found. > -- Python Qt4 resource compiler found: /usr/bin/pyrcc4 > Updating 'ui/gui/i18n/Dff_en.ts'... > Found 134 source texts (0 new and 134 already existing) > Updating 'ui/gui/i18n/Dff_es.ts'... > Found 134 source texts (0 new and 134 already existing) > Updating 'ui/gui/i18n/Dff_fr.ts'... > Found 134 source texts (0 new and 134 already existing) > -- Configuring done > -- Generating done > -- Build files have been written to: /home/csteger/Downloads/dff-src-0.9 > > When I run make, I again receive the following error. > > /bin/sh: QT_LANGUAGE_COMPILER-NOTFOUND: command not found > make[2]: *** [ui/gui/i18n/CMakeFiles/gui_translation_en] Error 127 > make[1]: *** [ui/gui/i18n/CMakeFiles/gui_translation_en.dir/all] Error 2 > make: *** [all] Error 2 > > I have RTFM, and worked on this for the past couple days and can't find > that compiler. Any insight as to what I might have overlooked? I am sure > it is something easy, (like a quick link) but for the life of me I can't > find it at the moment. QT_LANGUAGE_COMPILER is named lrelease, Johannes had search like you for what it could be, maybe we should rename QT_LANGUAGE_COMPILER to something more explicit. lrelease can be found in the development package of Qt, I don't know this package's name on Fedora. But something I know is that it is named lrelease-qt4 on Fedora, what we missed in 0.9 release (try typing lrelease in a shell). Please have a look on Johannes's commmit: https://tracker.digital-forensic.org/projects/dff/repository/revisions/93bca240d612e7dfebf318983aab8b016bc63d47 Especially the diff: https://tracker.digital-forensic.org/projects/dff/repository/revisions/93bca240d612e7dfebf318983aab8b016bc63d47/diff If you fetch latest source tree from git your problem is already fixed. Second solution is to manually patch the top-level CMakeLists.txt in your dff-src-0.9 directory, like the diff above mention ; search for 'find_program(QT_LANGUAGE_COMPILER' and modify the line like: 'find_program(QT_LANGUAGE_COMPILER NAMES lrelease lrelease-qt4 PATHS ${CMAKE_SYSTEM_PROGRAM_PATH})' NAMES argument for find_program cmake's command can search for several binary names, what we want. With Qt4 devel installed it must work, do not hesitate if you have any other question. > > Thank you in advance. > You're welcome, thanks for your report ! Christophe. -- Christophe Malinge DFF, Core developer, System administrator ArxSys SAS, Directeur des syst?mes d'information T?l: +33 1 46 36 25 22