Autopsy User Documentation  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Pick Your User Accounts

Overview

Before you get into configuring any computers, you should have an understanding about what user accounts will be used. User account permissions are one of the most common challenges people have when setting up a cluster.

There are two major decisions to make about users:

These users are important because they will need access to the shared storage without needing to be prompted for a password. Other services, such as PostgreSQL and ActiveMQ, can run as the default service account because they use only local storage.

The choice you make here will depend on what type of shared storage platform you are using and what kind of Windows-based infrastructure you have.

Autopsy User

The user account that Autopsy runs as will need access to the shared storage. There are three general options:

Solr Service

Solr will run as a Windows service and may need access to shared storage if it does not have enough local storage. Solr performs best when it has fast access to storage, so keeping the indexes on local SSD drives is best. But, some clusters will need to store the indexes on the same shared storage that are used for images and other case outputs.

NOTE: Autopsy 4.17.0 and prior required that indexes were stored on the shared storage drives. Autopsy 4.18.0 and beyond (which now use Solr 8) can use either local or shared storage.

If you are using local storage for Solr, then you can run the Solr service as "LocalService".

If you are going to use network storage for Solr, then you have three options:

Storing Credentials

Based on your shared storage and your above choice for user accounts, you may need to force each Windows computer to store credentials for the shared storage. For example, if your shared storage is a Linux-based system.

To store the credentials on a given computer, we simply access the shared storage. Windows will prompt us for a password and we choose the option to save the credentials. We will repeat this on each computer for each user account and using both the hostname and IP address of the storage. If two examiners will be using the same Autopsy client computer and they have their own accounts, you'll need to do this for both users.



credentialsWithDomain.PNG



Next, repeat with the hostname of the shared storage. For example "\\autopsy_storage\Cases". Again enter your credentials and choose "Remember my credentials".

Do these steps for each machine that will be accessing the shared drive.

Also note that you will need to repeat this process when the password for the shared storage changes.


Copyright © 2012-2021 Basis Technology. Generated on Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.