autopsy Autopsy 4.22.1 on MacOS ARM64

messages.log

Over the past few days, I've been trying to compile Autopsy 4.22.1, which, according to the install readme, should be possible. However, I have been unable to get it to work. The error I get seems to pop up quite a bit in other issues posted here, and I'm wondering whether it's actually possible to make a working Autopsy build on an ARM64 system at the moment.

The Sleuthkit builds without issue (apparently). I have openJDK@17 installed, and is the active Java framework. (Note: ant, a prereq, auto-installs openJDK v25 via brew).

I have no obvious errors building Autopsy either, but when I run the binary, I get:

org.netbeans.InvalidException: StandardModule:org.sleuthkit.autopsy.core jarFile: /Users/nbenford/autopsy/autopsy-4.22.1/autopsy/modules/org-sleuthkit-autopsy-core.jar: java.lang.UnsupportedClassVersionError: org/sleuthkit/datamodel/TskCoreException has been compiled by a more recent version of the Java Runtime (class file version 69.0), this version of the Java Runtime only recognizes class file versions up to 61.0

And the terminal output:


: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 18: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 56: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 59: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 64: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 66: 
WARNING: Unknown module: javafx.base specified to --add-exports
WARNING: Unknown module: javafx.controls specified to --add-exports
WARNING: Unknown module: javafx.controls specified to --add-opens

The only options are Exit or Disable Modules and. Continue. Of course, both just quit the program, which completes the terminal error output:

: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 18: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 56: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 59: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 64: 
: command not foundopsy/autopsy-4.22.1/bin/../etc/autopsy.conf: line 66: 
WARNING: Unknown module: javafx.base specified to --add-exports
WARNING: Unknown module: javafx.controls specified to --add-exports
WARNING: Unknown module: javafx.controls specified to --add-opens
java.lang.IllegalStateException: Host module FixedModule:org.openide.filesystems was enabled before, will not accept fragment FixedModule:org.openide.filesystems.compat8
	at org.netbeans.ModuleManager.attachModuleFragment(ModuleManager.java:1104)
	at org.netbeans.ModuleManager.maybeAddToEnableList(ModuleManager.java:1717)
	at org.netbeans.ModuleManager.simulateEnable(ModuleManager.java:1640)
	at org.netbeans.ModuleManager.simulateEnable(ModuleManager.java:1613)
	at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:290)
	at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:326)
	at org.netbeans.core.startup.ModuleList.trigger(ModuleList.java:252)
	at org.netbeans.core.startup.ModuleSystem.restore(ModuleSystem.java:298)
	at org.netbeans.core.startup.Main.getModuleSystem(Main.java:173)
	at org.netbeans.core.startup.Main.getModuleSystem(Main.java:142)
	at org.netbeans.core.startup.Main.start(Main.java:299)
	at org.netbeans.core.startup.TopThreadGroup.run(TopThreadGroup.java:98)
	at java.base/java.lang.Thread.run(Thread.java:840)

Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.

So, is it actually possible to currently build Autopsy for MacOS? If not, the documentation should mention that to reduce time wasted. I don't technically need a Mac version of Autopsy, but if the docs say it can be done, it should be possible.

Thanks so much, and please let me know if I can help in any way. I'm not some super-developer, but I'm happy to poke around.

Oct 07 '25 19:10 WarpedWing

I might have an idea why this is happening. Ant requires openJDK@25, and it seems to ignore all directives to use V17 in the build. So, it could be a Sleuthkit issue, using homebrew's ant.

I fixed the error above using these steps:

Open ~/.antrc file by running vim ~/.antrc
Add JAVACMD=/opt/homebrew/Cellar/openjdk@17/17.0.16/libexec/openjdk.jdk/Contents/Home/bin/java
Save
In sleuthkit, perform ant clean then ant
Move jar files where Autopsy expects them

Now, onto the next error. JNI something or other...

Oct 07 '25 21:10 WarpedWing

I can confirm that Autopsy does compile and run on ARM, I have it running on both macOS and raspberry pi. The scripts that are defined for macOS are for an Intel Mac not Apple silicon.

The JNI issue is because Sleuthkit has to be built with the aarch64 NATIVELIBS directory. You will need to update the build scripts in Java for sleuthkit for this to work properly.

Once that is done there will probably be a JNA error that will have to be updated as well.

Other issues that may arise are Java FX and support for vmdk, vhd files.

I can tell you that 7zip is not working and there appears to be an issue running regripper on MacOS, did not see the issue running regripper on PI. There may be other issues that I have not seen yet as my testing is not complete.

Oct 07 '25 23:10 markmckinnon

@markmckinnon That's great to hear. I like it when it's a "me" problem!

Setting up the proper environment to build it out might be beyond my knowledge right now, but I'll surely keep tinkering with it. I appreciate the heads up about the aarch64 directory and some of the other pitfalls.

Oct 07 '25 23:10 WarpedWing

If you want more info shoot me an email and I can try and help you.

Oct 08 '25 00:10 markmckinnon

I did get it working using the autopsy-4.22.1.zip file as well. I have it working on both sequoia and Tahoe at this point.

Oct 08 '25 00:10 markmckinnon

That's very kind of you to offer. Thank you. I'll reach out over the next few days.

Oct 09 '25 04:10 WarpedWing