Initial release

Dockerfile

@@ -0,0 +1,46 @@
+FROM ubuntu:22.04
+
+LABEL version="1.0"
+LABEL description="Autopsy in a Docker environment"
+LABEL maintainer="Corey Forman - https://github.com/digitalsleuth/autopsy-docker"
+ARG AUTOPSY_VERSION=4.20.0
+ARG SLEUTHKIT_VERSION=4.12.0
+
+ENV TERM linux
+
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && apt-get install sudo git nano curl wget gnupg unzip ssh -y
+WORKDIR /tmp
+RUN wget https://github.com/sleuthkit/autopsy/releases/download/autopsy-${AUTOPSY_VERSION}/autopsy-${AUTOPSY_VERSION}.zip && \
+    wget https://github.com/sleuthkit/autopsy/raw/develop/linux_macos_install_scripts/install_application.sh && \
+    wget https://github.com/sleuthkit/autopsy/raw/develop/linux_macos_install_scripts/install_prereqs_ubuntu.sh && \
+    wget https://github.com/sleuthkit/sleuthkit/releases/download/sleuthkit-${SLEUTHKIT_VERSION}/sleuthkit-java_${SLEUTHKIT_VERSION}-1_amd64.deb && \
+    bash /tmp/install_prereqs_ubuntu.sh && \
+    apt-get install /tmp/sleuthkit-java_${SLEUTHKIT_VERSION}-1_amd64.deb -y && \
+    bash /tmp/install_application.sh -z /tmp/autopsy-${AUTOPSY_VERSION}.zip -i /usr/local/share -j /usr/lib/jvm/bellsoft-java8-full-amd64 && \
+    ln -s /usr/local/share/autopsy-${AUTOPSY_VERSION}/bin/autopsy /usr/local/bin/autopsy && \
+    chmod 755 /usr/local/share/autopsy-${AUTOPSY_VERSION}/bin/autopsy && \
+    rm /tmp/sleuthkit-java_${SLEUTHKIT_VERSION}-1_amd64.deb /tmp/autopsy-${AUTOPSY_VERSION}.zip
+
+RUN sed -Ei 's/^#UseDNS no/UseDNS no/' /etc/ssh/sshd_config && \
+sed -Ei 's/^#GSSAPIAuthentication no/GSSAPIAuthentication no/' /etc/ssh/sshd_config && \
+sed -Ei 's/^#PrintLastLog yes/PrintLastLog yes/' /etc/ssh/sshd_config && \
+sed -Ei 's/^#TCPKeepAlive yes/TCPKeepAlive yes/' /etc/ssh/sshd_config && \
+sed -Ei 's/^#X11DisplayOffset 10/X11DisplayOffset 10/' /etc/ssh/sshd_config && \
+sed -Ei 's/^#X11UseLocalhost yes/X11UseLocalhost no/' /etc/ssh/sshd_config
+
+RUN groupadd -r -g 1000 autopsy && \
+useradd -r -g autopsy -d /home/autopsy -s /bin/bash -c "Autopsy User" -u 1000 autopsy && \
+mkdir /home/autopsy && \
+touch /home/autopsy/.Xauthority && \
+chown -R autopsy:autopsy /home/autopsy && \
+usermod -a -G sudo autopsy && \
+echo 'autopsy:forensics' | chpasswd 
+
+RUN apt-get autoremove --purge -y && \
+    apt-get clean -y
+
+WORKDIR /home/autopsy
+
+RUN mkdir /var/run/sshd
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]

README.md

@@ -1,2 +1,60 @@
-# autopsy-docker
-Docker for running Autopsy
+# Autopsy Docker
+This docker was created to be able to use Autopsy in a forensic virtual machine  
+without impeding on the already existing requirements.
+
+## To Use  
+Simply download the `docker-compose.yaml` file, customize it, and run:
+```bash
+sudo docker-compose up -d
+```
+
+Then:
+
+`ssh -X autopsy@localhost -p 33`  
+
+The username `autopsy` is already created in the Docker, with the password of `forensics`.
+Once logged in, simply run the command `autopsy`.
+
+## Compose file:
+```yaml
+version: '3'
+services:
+  container:
+    image: digitalsleuth/autopsy:latest
+    hostname: autopsy
+    container_name: autopsy
+    networks:
+      net:
+        ipv4_address: 172.25.0.3
+    ports:
+      - "33:22"
+    cap_add:
+      - SYS_ADMIN
+      - MKNOD
+    volumes:
+      - ./files/:/home/autopsy/files
+    environment:
+      - JAVA_TOOL_OPTIONS=-Dswing.aatext=true -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dawt.useSystemAAFontSettings=on
+    shm_size: "2gb"
+    privileged: true
+    devices:
+      - "/dev/fuse:/dev/fuse"
+      - "/dev/dri:/dev/dri"
+
+networks:
+  net:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.25.0.0/16
+          gateway: 172.25.0.1
+```
+
+Because this will be running in a Docker environment, you may see an error about the Solr service not running.  
+This is to be expected.
+
+The SSH port of `33` is only set to avoid interfering with any already setup SSH services.  
+If, for some reason, the X11 forwarding gives you an error about a DISPLAY variable, you can add the following under `environment`:
+`- DISPLAY=${DISPLAY}`
+
+This will map your dockers DISPLAY variable to that of your hosts.

docker-compose.yaml

@@ -0,0 +1,31 @@
+version: '3'
+services:
+  container:
+    image: digitalsleuth/autopsy:latest
+    hostname: autopsy
+    container_name: autopsy
+    networks:
+      net:
+        ipv4_address: 172.25.0.3
+    ports:
+      - "33:22"
+    cap_add:
+      - SYS_ADMIN
+      - MKNOD
+    volumes:
+      - ./files/:/home/autopsy/files
+    environment:
+      - JAVA_TOOL_OPTIONS=-Dswing.aatext=true -Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dawt.useSystemAAFontSettings=on
+    shm_size: "2gb"
+    privileged: true
+    devices:
+      - "/dev/fuse:/dev/fuse"
+      - "/dev/dri:/dev/dri"
+
+networks:
+  net:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.25.0.0/16
+          gateway: 172.25.0.1