Trouble with Plaso install
477 views
Skip to first unread message
greyfolded
Oct 23, 2017, 5:53:57 PM10/23/17
to log2timeline-discuss
Hello - I'm new to Plaso and the Linux world in general and having some trouble getting plaso installed. I'm running a fresh copy of the Sift Workstation 3 Virtual Appliance in VMWare Workstation. I've tried following the steps in the guide but it differs from what I'm seeing immediately so I'm not sure what I'm missing.
To begin with, the guide mentions that the Gift Repo is installed by default in Sift 3 but when I run I receive a message: "E: Unable to locate package plaso-tools"
sudo apt-get install python-plaso plaso-tools
If I add the Gift Rep and perform an apt-get update, I can run the above command but I receive the following errors. Can anyone point me in the right direction?
unpacking python-binplist (0.1.5-2ppa1~trusty) ...
dpkg: error processing archive /var/cache/apt/archives/python-binplist_0.1.5-2ppa1~trusty_all.deb (--unpack):
trying to overwrite '/usr/bin/plist.py', which is also in package binplist 0.1.4-0ubuntu1
Selecting previously unselected package python-certifi.
Preparing to unpack .../python-certifi_2017.7.27.1-1ppa1~trusty_all.deb ...
Unpacking python-certifi (2017.7.27.1-1ppa1~trusty) ...
Selecting previously unselected package python-dfdatetime.
Preparing to unpack .../python-dfdatetime_20170704-1ppa1~trusty_all.deb ...
Unpacking python-dfdatetime (20170704-1ppa1~trusty) ...
Selecting previously unselected package python-backports.lzma.
Preparing to unpack .../python-backports.lzma_0.0.6-1ppa1~trusty_all.deb ...
Unpacking python-backports.lzma (0.0.6-1ppa1~trusty) ...
Selecting previously unselected package python-pysqlite.
Preparing to unpack .../python-pysqlite_2.8.3-2ppa1~trusty_amd64.deb ...
Unpacking python-pysqlite (2.8.3-2ppa1~trusty) ...
Selecting previously unselected package python-pytsk3.
Preparing to unpack .../python-pytsk3_20170802-1ppa1~trusty_amd64.deb ...
Unpacking python-pytsk3 (20170802-1ppa1~trusty) ...
dpkg: error processing archive /var/cache/apt/archives/python-pytsk3_20170802-1ppa1~trusty_amd64.deb (--unpack):
trying to overwrite '/usr/lib/python2.7/dist-packages/pytsk3.so', which is also in package pytsk3 4.1.30.3-1ubuntu4
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Preparing to unpack .../python-dfvfs_20170723-1ppa1~trusty_all.deb ...
Unpacking python-dfvfs (20170723-1ppa1~trusty) over (20141220-1ubuntu1) ...
dpkg: warning: unable to delete old directory '/usr/lib/python2.7/dist-packages/dfvfs/proto': Directory not empty
Selecting previously unselected package python-dfwinreg.
Preparing to unpack .../python-dfwinreg_20170706-1ppa1~trusty_all.deb ...
Unpacking python-dfwinreg (20170706-1ppa1~trusty) ...
Selecting previously unselected package python-efilter.
Preparing to unpack .../python-efilter_1.5-1ppa1~trusty_all.deb ...
Unpacking python-efilter (1.5-1ppa1~trusty) ...
Selecting previously unselected package python-future.
Preparing to unpack .../python-future_0.16.0-1ppa1~trusty_all.deb ...
Unpacking python-future (0.16.0-1ppa1~trusty) ...
Selecting previously unselected package python-idna.
Preparing to unpack .../python-idna_2.6-1ppa1~trusty_all.deb ...
Unpacking python-idna (2.6-1ppa1~trusty) ...
Preparing to unpack .../python-pefile_2017.9.3-1ppa1~trusty_all.deb ...
Unpacking python-pefile (2017.9.3-1ppa1~trusty) over (1.2.9.1-1.1) ...
Preparing to unpack .../python-pyparsing_2.2.0-1ppa1~trusty_all.deb ...
Unpacking python-pyparsing (2.2.0-1ppa1~trusty) over (2.0.2-1ubuntu2) ...
Selecting previously unselected package python-xlsxwriter.
Preparing to unpack .../python-xlsxwriter_0.9.9-1ppa1~trusty_all.deb ...
Unpacking python-xlsxwriter (0.9.9-1ppa1~trusty) ...
Preparing to unpack .../python-yara_3.6.3-1ppa1~trusty_amd64.deb ...
Unpacking python-yara (3.6.3-1ppa1~trusty) over (2.0.0-2) ...
Selecting previously unselected package python-zmq.
Preparing to unpack .../python-zmq_16.0.1-1ppa1~trusty_amd64.deb ...
Unpacking python-zmq (16.0.1-1ppa1~trusty) ...
Preparing to unpack .../python-plaso_20170930-1ppa1~trusty_all.deb ...
Unpacking python-plaso (20170930-1ppa1~trusty) over (1.2.0-release-1ubuntu1) ...
dpkg: warning: unable to delete old directory '/usr/lib/python2.7/dist-packages/plaso/artifacts': Directory not empty
dpkg: warning: unable to delete old directory '/usr/lib/python2.7/dist-packages/plaso/events': Directory not empty
dpkg: warning: unable to delete old directory '/usr/lib/python2.7/dist-packages/plaso/proto': Directory not empty
dpkg: warning: unable to delete old directory '/usr/lib/python2.7/dist-packages/plaso/winreg': Directory not empty
Selecting previously unselected package plaso-tools.
Preparing to unpack .../plaso-tools_20170930-1ppa1~trusty_all.deb ...
Unpacking plaso-tools (20170930-1ppa1~trusty) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Errors were encountered while processing:
/var/cache/apt/archives/python-binplist_0.1.5-2ppa1~trusty_all.deb
/var/cache/apt/archives/python-pytsk3_20170802-1ppa1~trusty_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Joachim Metz
Oct 23, 2017, 11:44:00 PM10/23/17
to greyfolded, log2timeline-discuss
sift seem to ship conflicting packages you'll have to uninstall first
Try:
sudo apt-get remove binplist pytsk3 python-dfvfs python-plaso && sudo
apt-get install python-plaso plaso-tools
> --
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to log2timeline-dis...@googlegroups.com.
> To post to this group, send email to log2timeli...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Try:
sudo apt-get remove binplist pytsk3 python-dfvfs python-plaso && sudo
apt-get install python-plaso plaso-tools
> You received this message because you are subscribed to the Google Groups
> "log2timeline-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to log2timeline-dis...@googlegroups.com.
> To post to this group, send email to log2timeli...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
greyfolded
Oct 24, 2017, 4:40:39 PM10/24/17
to log2timeline-discuss
Thanks for the reply. I followed those steps but still got the dpkg errors. I ended up resolving with the following:
sudo dpkg -i --force-overwrite /var/cache/apt/archives/python-binplist_0.1.5-2ppa1~trusty_all.deb
sudo dpkg -i --force-overwrite /var/cache/apt/archives/python-pytsk3_20170802-1ppa1~trusty_amd64.deb
sudo apt-get -f install
> email to log2timeline-discuss+unsub...@googlegroups.com.
greyfolded
Oct 24, 2017, 6:28:36 PM10/24/17
to log2timeline-discuss
Actually it's still not working. I can run psteal but when I actually try to run log2timeline I get the following:
[FAILURE} pefile version:1.2.10-114 is too old, 1.2.10-139 or later required.
[FAILURE} pefile version:1.2.10-114 is too old, 1.2.10-139 or later required.
Reply all
Reply to author
Forward
0 new messages