PTK Forensics

Last updated
PTK Forensics
Original author(s) DFLabs Inc
Developer(s) DFLabs Inc
Last release
version 2.0 (Jan 2009)
Platform LAMP
Available in JavaScript, PHP, Perl
Type Digital forensics
License shareware/commercial
Website http://ptk.dflabs.com/

PTK Forensics (PTK) was a non-free, commercial GUI for old versions of the digital forensics tool The Sleuth Kit (TSK). It also includes a number of other software modules for investigating digital media. The software is not developed anymore.

Graphical user interface user interface allowing interaction through graphical icons and visual indicators

The graphical user interface is a form of user interface that allows users to interact with electronic devices through graphical icons and visual indicators such as secondary notation, instead of text-based user interfaces, typed command labels or text navigation. GUIs were introduced in reaction to the perceived steep learning curve of command-line interfaces (CLIs), which require commands to be typed on a computer keyboard.

Digital forensics

Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.

The Sleuth Kit software tools for forensics analysis on volume and filesystem data

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities to facilitate the forensic analysis of computer systems. It was written and is maintained primarily by digital investigator Brian Carrier.

PTK runs as a GUI interface for The Sleuth Kit, acquiring and indexing digital media for investigation. Indexes are stored in an SQL database for searching as part of a digital investigation. PTK calculates a hash signature (using SHA-1 and MD5) for acquired media for verification and consistency purposes. [1]

Digital forensic process

The digital forensic process is a recognized scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings. The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.

Cryptographic hash function Special class of hash function that has certain properties which make it suitable for use in cryptography

A cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size and is designed to be a one-way function, that is, a function which is infeasible to invert. The only way to recreate the input data from an ideal cryptographic hash function's output is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes. Bruce Schneier has called one-way hash functions "the workhorses of modern cryptography". The input data is often called the message, and the output is often called the message digest or simply the digest.

In cryptography, SHA-1 is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard.

Related Research Articles

The Coroner's Toolkit is a suite of free computer security programs by Dan Farmer and Wietse Venema for digital forensic analysis. The suite runs under several Unix-related operating systems: FreeBSD, OpenBSD, BSD/OS, SunOS/Solaris, Linux, and HP-UX. TCT is released under the terms of the IBM Public License.

Computer forensics

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

In computing, data recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).

Accessibility Toolkit software library

Accessibility Toolkit (ATK) is an open source software library, part of the GNOME project, which provides application programming interfaces (APIs) for implementing accessibility support in software.

Sleuth may refer to:

XVT

XVT is a software development environment for building cross-platform GUI applications in C or C++. XVT allows developers to graphically lay out an application's GUI, and provides cross-platform libraries to aid development.

The host protected area (HPA) is an area of a hard drive or solid-state drive that is not normally visible to an operating system. It was first introduced in the ATA-4 standard CXV (T13) in 2001.

EnCase computer forensics software

EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. Encase is traditionally used in forensics to recover evidence from seized hard drives. Encase allows the investigator to conduct in depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.

Digital forensics is a branch of the forensic sciences related to the investigation of digital devices and media. Within the field a number of "normal" forensics words are re-purposed, and new specialist terms have evolved.

The Open Computer Forensics Architecture (OCFA) is a distributed open-source computer forensics framework used to analyze digital media within a digital forensics laboratory environment. The framework was built by the Dutch national police.

SIFT is a computer forensics distribution that installs all necessary tools on Ubuntu to perform a detailed digital forensic and incident response examination. It is compatible with expert witness format (E01), advanced forensic format (AFF), raw (dd), and memory analysis evidence formats.

Autopsy is computer software that makes it simpler to deploy many of the open source programs and plugins used in The Sleuth Kit. The graphical user interface displays the results from the forensic search of the underlying volume making it easier for investigators to flag pertinent sections of data. The tool is largely maintained by Basis Technology Corp. with the assistance of programmers from the community. The company sells support services and training for using the product.

Advanced Digital Forensic Solutions, Inc. is a company based in Bethesda, Maryland that develops tools for scanning suspect computers and digital devices in order to locate and extract data, a process known as digital forensics. Digital forensic tools can scan computers and digital devices to collect intelligence or evidence of a crime to identify computers that contain content relevant to an investigation. These tools are used in digital forensic labs and by field operatives in defense, intelligence, law enforcement, border security, and other government agencies.

Digital Forensics XML (DFXML) is an XML language used to automate digital forensics processing. DFXML contains information about both the results of forensic processing and the tools used to perform the processing (provenance). Currently there is no Digital Forensics XML standard and there is no fixed schema. There is a draft schema available from NIST.

Digital Forensics Framework (DFF) is computer forensics open-source software. It is used by professionals and non-experts to collect, preserve and reveal digital evidence without compromising systems and data.

CAINE Linux

CAINE Linux stands for computer aided investigative environment and is an Italian Linux live distribution. It started as a digital forensics project.

References

  1. SANS Institute


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.