Name: autopsy Version: 2.21 Release: 3%{?dist} Summary: Graphical front end for The Sleuth Kit Forensics software Group: Applications/Internet License: GPLv2 URL: http://www.sleuthkit.org/autopsy Source0: http://downloads.sourceforge.net/autopsy/%{name}-%{version}.tar.gz Source98: filter-provides.sh Source99: filter-requires.sh %global __perl_provides %{SOURCE98} %global __perl_requires %{SOURCE99} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildRequires: sleuthkit Requires: binutils Requires: file Requires: grep Requires: perl Requires: sleuthkit BuildArch: noarch %description The Autopsy Forensic Browser is a graphical interface to utilities found in The Sleuth Kit (TSK). TSK is a collection of command line tools that allow you to investigate a Windows or Unix system by examining the hard disk contents. TSK and Autopsy will show you the files, data units, and metadata of NTFS, FAT, EXTxFS, and UFS file system images in a read-only environment. Autopsy allows you to search for specific types of evidence based on keywords, MAC times, hash values, and file types. Autopsy is HTML-based and uses a client-server model. The Autopsy server runs on many UNIX systems and the client can be any platform with an HTML browser. This enables one to create a flexible environment with a central Autopsy server and several remote clients. For incident response scenarios, a CD with The Sleuth Kit and Autopsy can be created to allow the responder read-only remote access to a live suspect system from an HTML-browser on a trusted system. Refer to the README-live.txt file for more details. Autopsy will not modify the original images and the integrity of the images can be verified in Autopsy using MD5 values. There are help pages for the main analysis modes and The Sleuth Kit Informer is a newsletter that adds additional documentation. %prep %setup -q %build # "build" autopsy cat > autopsy << EOF #!%{_bindir}/perl -wT use lib '%{_datadir}/autopsy/'; use lib '%{_datadir}/autopsy/lib/'; EOF cat base/autopsy.base >> autopsy # "build" make-live-cd cat > make-live-cd << EOF #!%{_bindir}/perl use lib '%{_datadir}/autopsy/'; use lib '%{_datadir}/autopsy/lib/'; EOF cat base/make-live-cd.base >> make-live-cd # "build" conf.pl cat > conf.pl << EOF # Autopsy configuration settings # when set to 1, the server will stop after it receives no # connections for STIMEOUT seconds. \$USE_STIMEOUT = 0; \$STIMEOUT = 3600; # number of seconds that child waits for input from client \$CTIMEOUT = 15; # set to 1 to save the cookie value in a file (for scripting) \$SAVE_COOKIE = 1; \$INSTALLDIR = '%{_datadir}/autopsy/'; # System Utilities \$STRINGS_EXE = '%{_bindir}/strings'; \$GREP_EXE = '/bin/grep'; \$FILE_EXE = '%{_bindir}/file'; # Directories \$TSKDIR = '%{_bindir}/'; \$NSRLDB = ''; \$LOCKDIR = '%{_localstatedir}/lib/morgue'; EOF %install rm -rf $RPM_BUILD_ROOT install -p -d %{buildroot}%{_mandir}/man1 install -p -d %{buildroot}/var/log/autopsy install -p -d %{buildroot}%{_localstatedir}/lib/morgue install -p -d %{buildroot}%{_datadir}/autopsy/help install -p -d %{buildroot}%{_datadir}/autopsy/lib install -p -d %{buildroot}%{_datadir}/autopsy/pict install -p -D -m0755 autopsy %{buildroot}%{_sbindir}/autopsy install -p -m0755 make-live-cd %{buildroot}%{_sbindir}/make-live-cd install -p -m0755 conf.pl %{buildroot}%{_datadir}/autopsy/ install -p -m0644 help/*.html %{buildroot}%{_datadir}/autopsy/help/ install -p -m0644 lib/*.p* %{buildroot}%{_datadir}/autopsy/lib/ install -p -m0644 man/man1/autopsy.1 %{buildroot}%{_mandir}/man1/ install -p -m0644 pict/* %{buildroot}%{_datadir}/autopsy/pict/ %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc CHANGES.txt COPYING docs/*.txt INSTALL.txt README-LIVE.txt README.txt TODO.txt %dir %{_datadir}/autopsy %{_datadir}/autopsy/* %{_sbindir}/autopsy %{_sbindir}/make-live-cd %dir /var/log/autopsy %dir %{_localstatedir}/lib/morgue %{_mandir}/man1/* %changelog * Tue Apr 07 2009 Adam Miller - 2.21-3 - Preserving time stamps for install, fixed provides/requires issue * Wed Mar 18 2009 Adam Miller - 2.21-2 - Cleaned up the typos as well the files listing and the install -D issue * Wed Feb 23 2009 Adam Miller - 2.21-1 - New release of autopsy * Fri Oct 24 2008 Adam Miller - 2.20-1 - Spec based off of GPLv2+ autopsy.spec version 2.10-2 from mandriva - Mandriva package maintainer: Thierry Vignaud - First build attempt of autopsy for Fedora