Difference between revisions of "Autopsy 3 Troubleshooting"
Amalinowski (Talk | contribs) m |
Amalinowski (Talk | contribs) m |
||
Line 24: | Line 24: | ||
default_options="--branding autopsy" | default_options="--branding autopsy" | ||
− | |||
− | + | 2. Autopsy crashes after start when running within Virtual Machine, such as VMWare Fusion: | |
+ | Cause: Incompatibility between some virtual machine video drivers and java. | ||
Solution: shut down the virtual machine, disable Video Acceleration (both 2D and 3D if available) in the virtual machine settings, restart the virtual machine, restart Autopsy. | Solution: shut down the virtual machine, disable Video Acceleration (both 2D and 3D if available) in the virtual machine settings, restart the virtual machine, restart Autopsy. | ||
Line 34: | Line 34: | ||
Cause 1: Some antivirus / security products deny Solr from properly starting (examples: Dr. Web and Trend Micro OfficeScan). | Cause 1: Some antivirus / security products deny Solr from properly starting (examples: Dr. Web and Trend Micro OfficeScan). | ||
− | |||
Solution 1: add an exception rule for Solr or use another AV product | Solution 1: add an exception rule for Solr or use another AV product | ||
Cause 2: old Solr instance is already running and it was not properly shutdown, causing a conflict | Cause 2: old Solr instance is already running and it was not properly shutdown, causing a conflict | ||
− | |||
Solution 2: kill old Solr instances of "java start.jar" and restart Autopsy | Solution 2: kill old Solr instances of "java start.jar" and restart Autopsy | ||
Line 44: | Line 42: | ||
The port is statically configured in C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\KeywordSearch.properties | The port is statically configured in C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\KeywordSearch.properties | ||
Another application on the system is already using the default TCP port 23232 | Another application on the system is already using the default TCP port 23232 | ||
− | |||
Solution 3: change the default TCP port from 23232 to an available port in C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\KeywordSearch.properties, property: IndexingServerPort | Solution 3: change the default TCP port from 23232 to an available port in C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\KeywordSearch.properties, property: IndexingServerPort | ||
and restart Autopsy | and restart Autopsy | ||
Line 51: | Line 48: | ||
Cause: Windows state was not properly saved during last Autopsy shutdown or platform has been upgraded and configuration is not backwards compatible. | Cause: Windows state was not properly saved during last Autopsy shutdown or platform has been upgraded and configuration is not backwards compatible. | ||
− | |||
Solution: Delete C:\Users\USERNAME\AppData\Roaming\.autopsy\config\Windows2Local and C:\Users\USERNAME\AppData\Roaming\.autopsy\config\Preferences | Solution: Delete C:\Users\USERNAME\AppData\Roaming\.autopsy\config\Windows2Local and C:\Users\USERNAME\AppData\Roaming\.autopsy\config\Preferences | ||
− | |||
5. All modules are disabled when application starts | 5. All modules are disabled when application starts | ||
Cause: Modules have been disabled due to a critical error | Cause: Modules have been disabled due to a critical error | ||
− | |||
Solution: Rename (or delete) C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\Modules and restart Autopsy | Solution: Rename (or delete) C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\Modules and restart Autopsy | ||
− | |||
6. Media player does not show videos (MacOSX and Linux) | 6. Media player does not show videos (MacOSX and Linux) | ||
Cause: gstreamer dependency is not currently part of the build, it needs to be installed on the system | Cause: gstreamer dependency is not currently part of the build, it needs to be installed on the system | ||
− | |||
Solution: install gstreamer 0.10 in the standard user library locations, restart Autopsy | Solution: install gstreamer 0.10 in the standard user library locations, restart Autopsy | ||
− | |||
7. No physical drives detected in "Add Data Source" Wizard | 7. No physical drives detected in "Add Data Source" Wizard | ||
Cause: Some devices on some OSs require root/admin privileges to be discovered and opened/read | Cause: Some devices on some OSs require root/admin privileges to be discovered and opened/read | ||
− | |||
Solution: run Autopsy as Administrator | Solution: run Autopsy as Administrator |
Revision as of 07:29, 30 May 2013
1. Autopsy launch issues.
- "JVM creation failed" pop up dialog shown when launching Autopsy.
Cause: JVM is not able to allocate the requested 768m for heap size due to more memory requiring to load other native resources.
Solution: reduce amount of memory allocated to jvm:
as Administrator, edit the file: C:\Program Files (x86)\Autopsy\etc\autopsy.conf
and change the line:
default_options="--branding autopsy -J-Xms24m -J-Xmx768m -J-XX:MaxPermSize=256M -J Xverify:none"
to something like:
default_options="--branding autopsy -J-Xms24m -J-Xmx512m -J-XX:MaxPermSize=128M -J-Xverify:none"
save the file, and restart Autopsy.
If that didn't work, change the line to:
default_options="--branding autopsy"
2. Autopsy crashes after start when running within Virtual Machine, such as VMWare Fusion:
Cause: Incompatibility between some virtual machine video drivers and java. Solution: shut down the virtual machine, disable Video Acceleration (both 2D and 3D if available) in the virtual machine settings, restart the virtual machine, restart Autopsy.
3. Keyword Search fails to index files and search keywords
Cause 1: Some antivirus / security products deny Solr from properly starting (examples: Dr. Web and Trend Micro OfficeScan). Solution 1: add an exception rule for Solr or use another AV product
Cause 2: old Solr instance is already running and it was not properly shutdown, causing a conflict Solution 2: kill old Solr instances of "java start.jar" and restart Autopsy
Cause 3: Solr instance communicates with Autopsy using a local TCP port on which Solr listens for connections. The port is statically configured in C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\KeywordSearch.properties Another application on the system is already using the default TCP port 23232 Solution 3: change the default TCP port from 23232 to an available port in C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\KeywordSearch.properties, property: IndexingServerPort and restart Autopsy
4. UI/windows are not properly initialized
Cause: Windows state was not properly saved during last Autopsy shutdown or platform has been upgraded and configuration is not backwards compatible. Solution: Delete C:\Users\USERNAME\AppData\Roaming\.autopsy\config\Windows2Local and C:\Users\USERNAME\AppData\Roaming\.autopsy\config\Preferences
5. All modules are disabled when application starts
Cause: Modules have been disabled due to a critical error Solution: Rename (or delete) C:\Users\USERNAME\AppData\Roaming\.autopsy\dev\config\Modules and restart Autopsy
6. Media player does not show videos (MacOSX and Linux)
Cause: gstreamer dependency is not currently part of the build, it needs to be installed on the system Solution: install gstreamer 0.10 in the standard user library locations, restart Autopsy
7. No physical drives detected in "Add Data Source" Wizard
Cause: Some devices on some OSs require root/admin privileges to be discovered and opened/read Solution: run Autopsy as Administrator