Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Debugging The Sleuth Kit

If you find that you need to debug some of the C/C++ code from The Sleuth Kit (TSK), then here are the steps to follow:

  1. Ensure that you have the Debug version of the TSK JNI dll built (both 32-bit and 64-bit to be safe). This assumes you built TSK from source and are not simply using the developer platform. You may have to build the libtsk_jni twice because sommetimes it complains about not being able to find a .map file.
  2. Run the 'Debug-PostgreSQL' target for the TSK DataModel project. This copies the debug versions of the dll into the JAR file. If you run the 'dist' target, then you will get Release versions of the dll and you won't have the needed symbols for debugging.
  3. Build the Autopsy suite so that it copies the new JAR file with the debug dlls.
  4. Set your breakpoints in the TSK source.
  5. Run Autopsy in the debugger.
  6. In VC++, do Debug->Attach to process... If you don't see this menu item, set Tools->Settings->Expert Settings. There is also a Tools->Attach to process..(Ctrl+Alt+P). Attach to nbexec64.exe (netbeans64.exe is the IDE).

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.