Below the instructions how to set up a build environment on Linux:

  • Ubuntu 12.04 and Linux Mint.
  • Fedora Core 20
Note that if sections are marked as WIP it means they are work in progress.

To check if you have all the dependencies installed you can run:
python utils/

Ubuntu 12.04/Linux Mint - Prepackaged

SIFT repo

The SIFT apt repo contains all the packages needed to build the tool, and the tool itself. To add the SIFT repo, use the command:
sudo add-apt-repository ppa:sift/stable

Or to use the dev (or development) branch:
sudo add-apt-repository ppa:sift/dev

The difference between these two is that "stable" contains the last release of the code and should therefore be more stable while the dev branch contains the latest trunk, or at least close to it.

An alternative repository if you do not want all the additional packages that SIFT provides you with while still following the trunk:

sudo add-apt-repository ppa:kristinn-l/plaso-dev

Then to install plaso do:

sudo apt-get update
sudo apt-get install python-plaso

For development purposes use the dev branch of the SIFT repo or the alternative repo and instead of installing the "python-plaso" package use:
apt-cache policy python-plaso

Install the packages mentioned in the "Depends" and then use git to fetch the latest code.


Prebuilt Debian packages of the dependencies can be downloaded from:

Or to use the plaso update dependency script, which is part of the plaso source:
sudo python ./utils/

Note that the update dependencies script is currently still work in progress.

Ubuntu 14.04 - Batch build of dependencies

Below the instructions how to set up a build environment on Unbuntu 14.04 using the build_dependencies script.

First of all make sure your installation is up to date:
sudo apt-get update
sudo apt-get upgrade

Install git
sudo apt-get install git

Get a copy of the plaso source:
git clone

Make sure the necessary building tools and development packages are installed on the system:
sudo aptitude install build-essential autotools-dev automake zlib1g-dev libbz2-dev libfuse-dev libsqlite3-dev libssl-dev python-dev python-setuptools debhelper devscripts fakeroot quilt

To build most of the dependencies automatically run the build dependency script:
./utils/ dpkg

Note that the build dependencies script is currently still work in progress, but it will build most of the dependencies.


sudo ./utils/

Ubuntu 14.04/Linux Mint - Manual build

Moved to:

Fedora Core 20 - Manual build

Moved to:


Get the latest dpkt version from:

Currently there are multiple issues with dpkt one of which is:

tar xvf dpkt-1.8.tar.gz 
cd dpkt-1.8/

Edit the file:

On line 252 change:
mod = __import__(name, g)

mod = __import__('dpkt.{}'.format(name), g)

python bdist_rpm
sudo rpm -ivh dist/dpkt-1.8-1.noarch.rpm

Libyal and Python-bindings

Batch build

Note that the libyal libraries and Python-bindings also can be build in batch.

Tough you have to make sure you've set up your build system correctly first.

Get from the libyal git repository:
git clone

Make sure the required libraries are in LIBYAL_LIBRARIES in

Then run libyal-build e.g. to build with rpmbuild and create rpm files:
cd plaso-build/
python rpm

You should end up with multiple rpm files inside the current directory.

More information regarding libyal-build can be found here.