I recently killed a disk, which got me looking for recovery tools. One of the best regarded seems to be autopsy, which isn’t avilable in its current version 4.12 on openSUSE, but I found an old version 2.24 here: http://rpm.pbone.net/index.php3/stat/4/idpl/23980816/dir/opensuse/com/autopsy-2.24-1.35.noarch.rpm.html.

Much to my surprise, it installed with current versions of its dependencies including sleuthkit. The menu launcher didn’t work until I replaced the command “beesu Autopsy” with “kdesu autopsy | xdg-open http://localhost:9999/autopsy” - other desktops use your own version of launch-as-superuser. All I’ve done so far is delete some songs off a usb stick and then bring 'em back to life with autopsy, but that works. With I’d thought to use “Bring Me to Life” as my test case!

Autopsy is a browser-based GUI to command line tools, and opensuse has the latest version of those. Using the old version of autopsy is a bit clunky, but still way better than memorizing dozens of commands with their respective options and arguments, for anyone who wants to try it. I do wonder, though, if the old gui knows how to use all the current tool capabilities; for instance, I didn’t have a btrfs usb stick to test.


In case it wasn’t clear from context, the reason I’m looking at an old version of autopsy (one that’s still packaged for lots of distros) is that I can’t get the current one installed. There’s a zip file download, with an installer script in it. You have to clean it up with a dos2linux command, and then it runs and tells you what dependencies you’re missing. All of them are easy to satisfy from standard repo except the java bindings, sleuthkit-4.6.7.ja. First of all, we’ve sleuthkit 4.6.5 in Tumbleweed, but secondly, even if I found the slightly-less-current version of autopsy that works with our sleuthkit, the java bindings aren’t part of the package and searching in google by file name doesn’t yield any hits at all (except, going forward, this forum thread). -GEF

I can verify that the old version of autopsy seems to work, I instead simply launched from an elevated console without problems

# autopsy

Then opened Firefox to


I also took a look at installing a current version but ran into difficulties and at the point there was a missing JAR file, I decided not to proceed further…

But if anyone wants to put more effort into it,
This is what I found…

Note I took certain liberties in not following the instructions exactly in the following instructions for installing on Linux (like installing Oracle Java)

  1. Download the following zip file and unpack it

2.Install testdisk(may not be necessary, didn’t work for me) photorec, and sleuthkit
Sleuthkit-devel is supposed to provide the java bindings and indeed plenty of java files are installed but no JAR file.

zypper in photorec sleuthkit sleuthkit-devel
  1. In an elevated console, browse to the root of the files that were unpacked and run the following to remove the Windows line feeds in the script
sed -i -e 's/\r$//' unix_setup.sh
  1. Make the script executable and execute
chmod +x unix_setup.sh

That’s as far as I was willing to go, the error you should see is

# ./unix_setup.sh          
Checking prerequisites and preparing Autopsy:
Checking for PhotoRec...found in /usr/bin
Checking for Java...found in /usr/lib64/jvm/java
Checking for Sleuth Kit Java bindings...ERROR: sleuthkit-4.6.7.jar not found in /usr/share/java/ or /usr/local/share/java/.
Please install the Sleuth Kit Java bindings file.
See https://github.com/sleuthkit/sleuthkit/releases.