Difference between revisions of "PTK"

From SleuthKitWiki
Jump to: navigation, search
Line 1: Line 1:
 
PTK is an alternative advanced interface for the suite [[TSK]] (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in [[Autopsy | Autopsy Forensic Browser]] it implements numerous new features essential during forensic activity.  
 
PTK is an alternative advanced interface for the suite [[TSK]] (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in [[Autopsy | Autopsy Forensic Browser]] it implements numerous new features essential during forensic activity.  
PTK is not just a new graphic and highly professional interface, based on [[Ajax]] technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation  
+
PTK is not just a new graphic and highly professional interface, based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation  
 
The core component of the software is made up of  an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence.  
 
The core component of the software is made up of  an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence.  
 
PTK allows the management of different cases and different levels of multi-users. It is possible to allow two investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database.
 
PTK allows the management of different cases and different levels of multi-users. It is possible to allow two investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database.
PTK is a Web Based application and builds its indexing archive  inside a Database [[MySQL]], using thus the construction [[LAMP]] (Linux-Apache-MySql-PHP).
+
PTK is a Web Based application and builds its indexing archive  inside a Database MySQL, using thus the construction LAMP(Linux-Apache-MySql-PHP).
 +
 
 +
==PTK Structure==
 +
PTK needs three requisites for its standard functioning:
 +
*Lynux System
 +
*Apache Server with PHP5
 +
*MySQL server
 +
 
 +
There are several advantages gained with this configuration. PTK should be implemented on a system having fairly good hardware resources. The suggested requisites are:
 +
*P4 2.33 ghz
 +
*512 MB of RAM
 +
*10 GB of Disk (depending on the number of cases managed)
 +
 
 +
In order to use the abilities of '''Multi Investigator System (PTK–MIS)''' and therefore allow different investigators to access a case at the same time it's necessary to have at least 2 GB of RAM.
 +
The implementation of PTK is done through a web console dealing with the creation of the pattern in the database and of the administrative user.

Revision as of 08:34, 18 March 2008

PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in Autopsy Forensic Browser it implements numerous new features essential during forensic activity. PTK is not just a new graphic and highly professional interface, based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation The core component of the software is made up of an efficient Indexing Engine performing different preliminary analysis operations during importing of every evidence. PTK allows the management of different cases and different levels of multi-users. It is possible to allow two investigators to work at the same case at the same time. All the reports generated by an investigator are saved in a reserved section of the Database. PTK is a Web Based application and builds its indexing archive inside a Database MySQL, using thus the construction LAMP(Linux-Apache-MySql-PHP).

PTK Structure

PTK needs three requisites for its standard functioning:

  • Lynux System
  • Apache Server with PHP5
  • MySQL server

There are several advantages gained with this configuration. PTK should be implemented on a system having fairly good hardware resources. The suggested requisites are:

  • P4 2.33 ghz
  • 512 MB of RAM
  • 10 GB of Disk (depending on the number of cases managed)

In order to use the abilities of Multi Investigator System (PTK–MIS) and therefore allow different investigators to access a case at the same time it's necessary to have at least 2 GB of RAM. The implementation of PTK is done through a web console dealing with the creation of the pattern in the database and of the administrative user.