                    Autopsy Forensic Browser

                http://www.sleuthkit.org/autopsy
                 http://autopsy.sourceforge.net

              Brian Carrier [carrier@sleuthkit.org]


Installation
-----------------------------------------------------------------------------
1. Install The Sleuth Kit (see README for download locations).  It
   wll be the most convenient if symlinks are made from the specific
   version directory (i.e. sleuthkit-1.00) to a generic one (i.e.
   sleuthkit).

2. Untar the Autopsy file. 

3. Run 'make'.  It will try to locate the grep and strings utilities.
   If any are not found, it will prompt you for the location.  It
   will also prompt for the directory where The Sleuth Kit was installed.

4. The install script will ask if you have the NIST National Software
   Reference Library (NSRL).  If you do, you will need to enter the
   path of it.  The NSRL is available from www.nsrl.nist.gov.
   
5. You will be prompted for the Evidence Locker location.  This is the
   base directory where all cases will be stored.  You must create this
   directory on your own.  


Customizations
------------------------------------------------------------------------------
There are a few settings in conf.pl that you may want to change.  

STIMEOUT: If USE_STIMEOUT is set to 1, then this the server will close
after STIMEOUT seconds of no activity.

CTIMEOUT: The number of seconds to wait before closing a socket.

COOKIES: When USE_COOKIE is set to 1, then all URLs use a random cookie
for authentication.   It is stored in the file named ".<PORT>.cookie" in 
the Evidence Locker directory, where <PORT> is the port number that is
being used.  

LOGGING: When USE_LOG is set to 1, then audit logs are saved to the
case and host directories.  There are general logs for the case
and host and then investigator specific ones that are saved in the
'logs' directory of the host.  When the USE_NOTES is set to 1, then
the investigator can add comments to a given file, or other object.
The notes are stored in a file in the host 'logs' directory.


------------------------------------------------------------------------------
Brian Carrier [carrier@sleuthkit.org]

Mar 31, 2003
