Skip to content

Installation for Python3 old

Yogesh Khatri (@swiftforensics) edited this page Jun 17, 2023 · 1 revision

Standalone compiled binaries are available for Windows (under Releases), this guide is only for running mac_apt from source code. Please follow the instructions in exact order.

Download mac_apt from github, then follow this document to install the dependencies. If you are on macos, there is an installer shell script that does it all automatically.

Use these links to jump to instructions for your OS:
Windows, Linux & Windows Subsystem for Linux, macOS

Windows

Installing code dependencies:

Use pip to install these dependencies. On windows, this will be found under your python_install_folder\Scripts\pip.exe
You will need the VC++ compiler to be installed as some dependencies need it. Run the following command

pip install anytree biplist construct==2.9.45 xlsxwriter plistutils kaitaistruct lz4 pycryptodome cryptography pybindgen==0.21.0 pillow pyliblzfse nska_deserialize libvmdk-python pytsk3 libewf-python

Installing fastchunking (required for pyaff4)

fastchunking requires the VC++ compiler to be installed. Installation via pip may fail due to a long path issue, so you can do either of the steps shown below.

Try to fix issue by specifying a short path to temp folder

On the command line redirect the TEMP and TMP folders as follows, then run pip. Just run the following commands to do so:

mkdir C:\temp1
set TEMP=C:\temp1
set TMP=C:\temp1
pip install fastchunking
rmdir /S /Q C:\temp1

If the above still fails, try manually installing as shown below. Otherwise skip that step.

Install fastchunking manually

Download installation from here. Then unzip, browse to the folder on the Command prompt and run the following commands:

python3 setup.py build
python3 setup.py install

Installing pyaff4

For pyaff4, uninstall any existing version you have using pip uninstall pyaff4 Then install a custom version that implements some required functionality. Get this from here: https://github.com/ydkhatri/mac_apt/raw/master/other_dependencies/pyaff4-0.31-yk.zip It will download as pyaff4-0.31-yk.zip

Once downloaded, run pip install pyaff4-0.31-yk.zip. This should install pyaff4.

### Installing compiled dependencies: Navigate to the /Libraries_For_Windows folder of the source code. Choose one of the folders listed there, depending on your version of python (3.7/3.8) and platform (32/64). The folder names end with either 37 or 38 indicating version 3.7 or 3.8 of python. So for example if you are running the 32 bit version of python 3.7 (Default installation on windows gets you 32 bit python), then choose the folder 32bit_py37. Copy all .pyd files contained in the chosen folder to your <Python37_install_folder>\Lib\site-packages folder. There are instructions contained in the Readme.txt file in that folder if you need more guidance.

Some of the dlls may have a VC++ dll dependency, so you may need to download and install Microsoft Visual C++ 2015 Redistributable package.

Linux and Windows Subsystem for Linux (Bash.exe tested on Ubuntu/Win10)

If you enable Windows Subsystem for Linux and then install Ubuntu from the Microsoft Store, you can use the same steps shown below (which also work on normal Ubuntu Linux). On windows, start by invoking bash.exe. On Linux, start a Terminal window.

sudo apt update
sudo apt install python3-pip python3-virtualenv python3-dev libbz2-dev zlib1g-dev

Setting up a virtual environment

In order to avoid confusion about python libraries, we will lock down our environment using virtualenv. This way any dependencies we install/upgrade/remove will only affect that instance and nothing else. This will avoid hours of frustration later!

sudo pip3 install virtualenv
virtualenv env
source env/bin/activate

Download mac_apt

git clone https://github.com/ydkhatri/mac_apt

Installing pyaff4

For pyaff4, if you have an existing version, you may need to uninstall it using sudo pip3 uninstall pyaff4. Now install this custom version that implements some required functionality.

pip3 install mac_apt/other_dependencies/pyaff4-0.31-yk.zip This should install pyaff4.

Installing pyewf

Download libewf-20140807.tar.gz from https://github.com/libyal/libewf-legacy/releases. Or use wget to download, then tar to unzip.

wget https://github.com/libyal/libewf-legacy/releases/download/20140808/libewf-20140808.tar.gz
tar xzf libewf-20140808.tar.gz

Then compile and install:

cd libewf-20140808
python setup.py build
python setup.py install
cd ..

Install other dependencies

pip3 install anytree biplist construct==2.9.45 xlsxwriter plistutils kaitaistruct lz4 pytsk3==20170802 libvmdk-python==20181227 pycryptodome cryptography pybindgen==0.21.0 pillow pyliblzfse nska_deserialize

Thats it! Test this by running

cd mac_apt
python mac_apt.py -h

You can deactivate the virtualenv when done with a simple deactivate command.

Note: Every time you need to run the script you have to open a terminal, browse to the installation folder and activate the virtualenv with the command
source env/bin/activate


macOS (OSX)

Automated installer

There is an automated install script that will download and install mac_apt and all dependencies. If you wish to use that, download mac_aptInstall-macOS-v21.sh from here, then run the following commands on the Terminal to add execution permission to the file and run it.

chmod u+x mac_aptInstall-macOS-v21.sh
./mac_aptInstall-macOS-v21.sh

Note: Every time you need to run the script you have to open a terminal, browse to the mac_apt folder and activate the virtualenv with the command
source env/bin/activate

Alternatively, if you wish to do install manually, follow the steps below:

Install Homebrew. You will need this to install the other components.

Install python3, pip & git

macOS already ships with python 2.7, however it does not come with pip or python dev libraries. It is not recommended to try to alter the installed python framework or upgrade any of the installed packages. There is also the fact that many of these packages are under System Integrity Protection and macOS will not let you alter them! So we install another instance of python using brew, this will automatically get pip and python-devel. Let's also install git with brew.

brew install python3 git

In order to avoid confusion about python libraries, we will lock down our environment using virtualenv. This way any dependencies we install/upgrade/remove will only affect that instance and nothing else. This will avoid hours of frustration later!

sudo pip3 install --upgrade virtualenv

Now go to the extracted mac_apt (source code) folder, from here create the virtual environment, we just call it 'env' here.

cd mac_apt
virtualenv --python python3  env

Now activate 'env' with command:

source env/bin/activate

Your environment is setup and ready for use. When you are done with the rest of the installation and need to go back to the regular shell, type deactivate. Run all the commands below in this activated shell only.

Installing pytsk & pyvmdk

Install pytsk3 version 20170802, the later versions are not fully tested and known to have issues with mac_apt.

pip3 install pytsk3==20170802 libvmdk-python==20181227

You should not need 'sudo' here, as its only writing to our custom environment.

Installing pyewf

Download libewf-20140807.tar.gz from https://github.com/libyal/libewf-legacy/releases
Unzip and compile:

cd libewf-20140807
python setup.py build
python setup.py install

Installing other dependencies

pip install anytree biplist construct==2.9.45 xlsxwriter plistutils kaitaistruct lz4 pycryptodome cryptography pybindgen==0.21.0 pillow pyliblzfse nska_deserialize

Build, compile and Install pyaff4

For pyaff4, install this custom version that implements some required functionality: https://github.com/ydkhatri/mac_apt/raw/master/other_dependencies/pyaff4-0.31-yk.zip It will download as pyaff4-0.31-yk.zip

Once downloaded, run pip install pyaff4-0.31-yk.zip. This should install pyaff4.

Now that all dependencies are installed, you can run python mac_apt.py -h to run the script (-h shows you available options). You can deactivate the virtualenv when done.

Note: Every time you need to run the script you have to open a terminal, browse to the mac_apt folder and activate the virtualenv with the command
source env/bin/activate


Possible run-time Errors

Libewf (pyewf)

On Linux/macOS, certain E01 files may not be readable with the installed pyewf library. If you come across an E01 that can't be read correctly, then try this version of libewf: libewf-experimental-20171104. Follow the same procedure as outlined under Installing pyewf above.
For macOS, here is a modified version of the installation script that will install this alternate version of libewf - mac_aptInstall-macOS-v21a.sh

For other run-time problems, see Known-issues-and-Workarounds.

Getting Started

Plugins

Development

  • Write a Plugin
  • Plugin Helpers
Clone this wiki locally