Autopsy User Documentation  4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Install and Configure PostgreSQL

Overview

In a multi-user case, a central PostgreSQL database server is used instead of the embedded SQLite databases.

A new database will be created for each case and the database will be stored in a location you choose during installation. It is recommended that you choose a drive that is local to the machine and is not the system drive.

You should ensure that the database folder is backed up.

Installation

To install PostgreSQL, perform the following steps:

  1. Download a 64-bit PostgreSQL installer from https://www.enterprisedb.com/downloads/postgres-postgresql-downloads Choose one under Windows x86-64. Autopsy has been tested with PostgreSQL version 9.5.
  2. Run the installer. The name will be similar to postgresql-9.5.3-1-windows-x64.exe.
  3. You may accept defaults for all items except for the password and the database storage location as you work through the wizard. Do not lose the password you enter in. This is the PostgreSQL administrator login password.
  4. You do not need to launch the StackBuilder nor acquire any more software from it. Uncheck the option to use StackBuilder and press Finish.

Configuration

  1. Create a regular database user account that Autopsy will use. You can do this with either of two methods, graphically, or command line. We cover graphically here.
  1. Edit C:\Program Files\PostgreSQL\9.5\data\pg_hba.conf to add an entry to allow external computers to connect via the network.

    First, find your machine's IPv4 address and Subnet Mask (Press Start, type cmd, type ipconfig and parse the results. The IP address is shown in yellow below.
    postgresqlinstall3.PNG

    The following is an example rule that allows all clients on the 10.10.192.x subnet to connect using md5 authentication.

    host      all      all      10.10.192.0/24      md5


    Subnet Mask Rules of thumb:
    • If your Subnet Mask is 255.255.0.0, your rule should look like this: A.B.0.0/16, where A is the first octet in your IP address and B is the second octet.
    • If your Subnet Mask is 255.255.255.0, your rule should look like this: A.B.C.0/24, where A is the first octet in your IP address, B is the second octet, and C is the third octet.

      Add the line highlighted in yellow below, formatted with spaces between the entries, adjusting the IP address to an appropriate value as described above.

      postgresqlinstall4.PNG



      If you intend to use PostgreSQL from machines on a different subnet, you need an entry in the pg_hba.conf file for each subnet.

  2. Uncomment the following entires in the configuration file located at C:\Program Files\PostgreSQL\9.5\data\postgresql.conf by removing the leading "#", and change their values "off" as shown below.

    fsync = off
    synchronous_commit = off
    full_page_writes = off


    Pictorially, change the following, from this:

    postgresqlinstall5.PNG


    To this:

    postgresqlinstall6.PNG


    Note the removal of the leading number symbol-this uncomments that entry.

  3. Still in "C:\Program Files\PostgreSQL\9.5\data\postgresql.conf", find the entry named max_connections and set it to the number of suggested connections for your configuration. A rule of thumb is 100 connections per each Automated Ingest node and reviewer node. See the screenshot below.

    maxConnections.PNG


  4. Restart the service via the Services panel by pressing Start, type services.msc, and press Enter. Select postgresql-x64-9.5 in the services list and click the link that says Stop the service. If you want PostgreSQL to run as a different user (you don't need to), then make that change now. When done, click the link that says Start the service as shown in the screenshot below.

    postgresqlinstall7.PNG


  5. Add the bin\postgres.exe file to the Windows firewall to allow it to receive connections.

Testing

You can verify that PostgreSQL is running by using either the pgAdmin tool or the psql tool to connect to the database server from another machine on the network.

Common problems are typically the result of:

Backing Up

The databases and configuration files are stored at the location you chose during PostgreSQL installation (not shared storage). So, you should backup that directory periodically.

For an installation where the default options were chosen, the directory can be found at C:\Program Files\PostgreSQL\9.5\data.


Copyright © 2012-2023 BasisTech. Generated on Tue Feb 6 2024
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.