Overview
In a multi-user case, a central PostgreSQL database server is used instead of the embedded SQLite databases.
A new database will be created for each case and the database will be stored in a location you choose during installation. It is recommended that you choose a drive that is local to the machine and is not the system drive.
You should ensure that the database folder is backed up.
Installation
To install PostgreSQL, perform the following steps:
- Download a 64-bit PostgreSQL installer from https://www.enterprisedb.com/downloads/postgres-postgresql-downloads Choose one under Windows x86-64. Autopsy has been tested with PostgreSQL version 9.5.
- Run the installer. The name will be similar to postgresql-9.5.3-1-windows-x64.exe.
- You may accept defaults for all items except for the password and the database storage location as you work through the wizard. Do not lose the password you enter in. This is the PostgreSQL administrator login password.
- You do not need to launch the StackBuilder nor acquire any more software from it. Uncheck the option to use StackBuilder and press Finish.
Configuration
- Create a regular database user account that Autopsy will use. You can do this with either of two methods, graphically, or command line. We cover graphically here.
- Use the pgAdmin III tool and login with the PostgreSQL administrator login.
- Right click on "Login Roles" and select "New Login Role..." as shown below:
- Enter the user name you would like to use in the "Role name" field.
- Enter the password on the "Definition" tab.
- Check "Can create databases" on the "Role Privileges" tab.
- Click "OK".
- Edit C:\Program Files\PostgreSQL\9.5\data\pg_hba.conf to add an entry to allow external computers to connect via the network.
First, find your machine's IPv4 address and Subnet Mask (Press Start, type cmd, type ipconfig and parse the results. The IP address is shown in yellow below.
The following is an example rule that allows all clients on the 10.10.192.x subnet to connect using md5 authentication.
host all all 10.10.192.0/24 md5
Subnet Mask Rules of thumb:
- If your Subnet Mask is 255.255.0.0, your rule should look like this: A.B.0.0/16, where A is the first octet in your IP address and B is the second octet.
- If your Subnet Mask is 255.255.255.0, your rule should look like this: A.B.C.0/24, where A is the first octet in your IP address, B is the second octet, and C is the third octet.
Add the line highlighted in yellow below, formatted with spaces between the entries, adjusting the IP address to an appropriate value as described above.
If you intend to use PostgreSQL from machines on a different subnet, you need an entry in the pg_hba.conf file for each subnet.
- Uncomment the following entires in the configuration file located at C:\Program Files\PostgreSQL\9.5\data\postgresql.conf by removing the leading "#", and change their values "off" as shown below.
fsync = off
synchronous_commit = off
full_page_writes = off
Pictorially, change the following, from this:
To this:
Note the removal of the leading number symbol-this uncomments that entry.
- Still in "C:\Program Files\PostgreSQL\9.5\data\postgresql.conf", find the entry named max_connections and set it to the number of suggested connections for your configuration. A rule of thumb is add 100 connections for each Automated Ingest Node and 100 connections for each Reviewer node you plan to have in the network. See the screenshot below.
- Restart the service via the Services panel by pressing Start, type services.msc, and press Enter. Select postgresql-x64-9.5 in the services list and click the link that says Stop the service. If you want PostgreSQL to run as a different user (you don't need to), then make that change now. When done, click the link that says Start the service as shown in the screenshot below.
Testing
You can verify that PostgreSQL is running by using either the pgAdmin tool or the psql tool to connect to the database server from another machine on the network.
Common problems are typically the result of:
- Firewall blocking the port (default: 5432) on the PostgreSQL server.
- Incorrectly configured database user account or incorrect credentials.
- Incorrectly configured IP address range in pg_hba.conf file.
Backing Up
The databases and configuration files are stored at the location you chose during PostgreSQL installation (not shared storage). So, you should backup that directory periodically.
For an installation where the default options were chosen, the directory can be found at C:\Program Files\PostgreSQL\9.5\data.