Monday, July 26, 2010

Installing Forensic Investigation Toolkit (FIT4D)

To install FIT4D forensic investigation toolkit in Linux we need some extra tools which are necessary for the proper operation of FIT4D. Therefore first you have to install the following tools,

sudo apt-get install sleuthkit
sudo apt-get install ddrescue
sudo apt-get install foremost


Then if you haven't installed apache2 server with php5 and the mysql database server, you have to install them also. To do them give the command,

sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server

When the installation proceeds it asks to set a password for the mysql root user. I set the password as "root" because in the FIT4D installation it asks for the root users password of the mysql database.
After setting this environment which is necessary to install FIT4D I have to check in the php.ini file whether,

register_globals="off"

is set to "off" as above. Then I copied the FIT4D source folder to the www directory of the apache2 server. In that source directory goto ~/www/FIT4D/config folder. If there is a install.lock file, delete it. Then start your apache2 server and mysql database server by issuing the commands,

sudo service mysql start
sudo service apache2 start


Now open your web browser(tested for firefox) and goto http://localhost/fit4d/.

Fill the information asked in the form, and click the button "configure". Now you can login to the system and go around.
However according to the source codes of FIT4D I've got, the database (named as "ptk") which is created by the installation process is not complete enough. Therefore I had to run an extra SQL script which is given to me in addition to FIT4D source. There's another thing to do. The tools we've install at the beginning are going to be used by the FIT4D system. Therefore the FIT4D system should be given permission to run those tools. To do it, I added an entry to the sudoers file in /etc/ directory. To change the sudoers file you should use the command,

sudo visudo

in terminal. When the file is opened, I entered the following text to the end of it.

www-data ALL=NOPASSWD: ALL

ok, now according to the specification we've completed the installation.