PTK is an alternative advanced interface for the suite TSK (The SleuthKit). PTK was developed from scratch and besides providing thefunctions already present in Autopsy Forensic Browser it implementsnumerous new features essential during forensic activity. PTK is notjust a new graphic and highly professional interface based on Ajaxtechnology but offers a great deal of features like analysis, searchand management of complex cases of digital investigation. The corecomponent of the software is made up of an efficient Indexing Engineperforming different preliminary analysis operations during importingof every evidence. PTK allows the management of different cases anddifferent levels of multi-users. It is possible to allow more than oneinvestigators to work at the same case at the same time. All thereports generated by an investigator are saved in a reserved sectionof the Database. PTK is a Web Based application and builds itsindexing archive inside a Database MySQL, using thus the constructionLAMP(Linux-Apache- MySql-PHP) .
PTK main features:
* Preliminar indexing phase
* Efficient File analysis
* Dynamic Timeline
* File Categorization
* Gallery view
* Indexed keyword search
* Personal bookmark section
* Cases features shared between multiple investigators
* Memory Dump Analysis
Others features:
* Improved Usability, Ajax Based
* Dynamic web application with a centralized database. Now moreinvestigators will be able to be er work on the same case simultaneously.
* Extensible with other tools
* Log of all operations
* Many browser are supported.
* PTK is a forensic analysis interface, it is not strictly devoted toincident response
* Its scope is helping small groups of investigators to reach the goalwith reduced budget
* Can be furtherly enhanced with the concurrent engineering anddevelopment participation
Here are the new features that are included in the Beta release.
***Memory Dump Analysis***T
The first PTK extension includes Volatility 1.1.1, a useful tool foranalyzing dump of RAM memory. It's possible to retrieve these informations:- active connections
- dlls loaded in any process
- open file handles
- kernel loaded modules
- processes
- sockets
- ETHREAD objects
- Virtual Address Descriptors (VAD) of any process
PTK also implements a Live Keyword Search on ram images, based onAscii andUnicode strings.
***Gallery Analysis***
PTK comes with a new tab for gallery analysis: it¹s now possible tosearch for graphic files using an easy tree-view of the evidence disk.
***Graphic Timeline***
A new effective graphic timeline allows to view MAC time trends. Aline chart shows time details and total amounts for Modified, Createdand Accessed files; user can choose among daily, monthly and yearlyview and can also work using zoom and scroll controls.
***File analysis with Ajax pagination** *
The file analysis section is now enhanced: development teamimplemented an Ajax pagination system for file content visualization,so reducing page loading and avoiding system crashes.
The software is totally free. If you want to follow the webinar, jointhe PTK testing program or take part to the PTK development, pleasecontact us at ptk@dflabs.com. You will be able to download the PTKpackage and send feedbacks and suggestions directly to the PTKdevelopers team.
PTK Newsletter
website: http://ptk.dflabs.%20com/
No comments:
Post a Comment