Autopsy User Documentation  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Pick Your User Accounts

Overview

Before you get into configuring any computers, you should have an understanding about what user accounts will be used. User account permissions are one of the most common challenges people have when setting up a cluster.

There are two major decisions to make about users:

These users are important because they will need access to the shared storage without needing to be prompted for a password. Other services, such as PostgreSQL and ActiveMQ, can run as the default service account because they use only local storage.

The choice you make here will depend on what type of shared storage platform you are using and what kind of Windows-based infrastructure you have.

Autopsy User

The user account that Autopsy runs as will need access to the shared storage. There are three general options:

Solr Service

Solr will run as a Windows service and will need access to the shared storage. The default user, which is "LocalService", will not have access to network-based storage.

So, if you have network-based shared storage, you have three options:

Storing Credentials

Based on your shared storage and your above choice for user accounts, you may need to force each Windows computer to store credentials for the shared storage. For example, if your shared storage is a Linux-based system.

To store the credentials on a given computer, we simply access the shared storage. Windows will prompt us for a password and we choose the option to save the credentials. We will repeat this on each computer for each user account and using both the hostname and IP address of the storage. If two examiners will be using the same Autopsy client computer and they have their own accounts, you'll need to do this for both users.



credentialsWithDomain.PNG



Next, repeat with the hostname of the shared storage. For example "\\autopsy_storage\Cases". Again enter your credentials and choose "Remember my credentials".

Do these steps for each machine that will be accessing the shared drive.

Also note that you will need to repeat this process when the password for the shared storage changes.


Copyright © 2012-2020 Basis Technology. Generated on Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.