Abstract
PTK is a new open-source tool for all complex digital investigations. It represents an alternative to the well-known but now obsolete front-end Autopsy Forensic Browser. This latter tool has a number of inadequacies taking the form of a cumbersome user interface, complicated case and evidence management, and a non-interactive timeline that is difficult to consult. A number of important functions are also lacking, such as an effective bookmarking system or a section for file analysis in graphic format. The need to accelerate evidence analysis through greater automation has prompted DFLabs to design and develop this new tool. PTK provides a new interface for The Sleuth Kit (TSK) suite of tools and also adds numerous extensions and features, one of which is an internal indexing engine that is capable of carrying out complex evidence pre-analysis processes. PTK was written from scratch using Ajax technology for graphic contents and a MySql database management system server for saving indexing results and investigator-generated bookmarks. This feature allows a plurality of users to work simultaneously on the same or different cases, accessing previously indexed contents. The ability to work in parallel greatly reduces analysis times. These characteristics are described in greater detail below. PTK includes a dedicated “Extension Management” module that allows existing or newly developed tools to be integrated into it, effectively expanding its analysis and automation capacity.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Carrier, Brian: File System Forensic Analysis. Addison Wesley, Reading (2005)
Carrier, Brian: Digital Forensic Tool Testing Images (2005), http://dftt.sourceforge.net
Carvey, Harlan: Windows Forensic Analysis. Syngress (2007)
Casey, Eoghan: Digital Evidence and Computer Crime. Academic Press, London (2004)
Garfinkel, Simson: Carving Contiguous and Fragmented Files with Fast Object Validation. In: Digital Forensics Workshop (DFRWS 2007), Pittsburgh, PA (August 2007)
Jones, Keith, J., Bejtlich, Richard, Rose, Curtis, W.: Real Digital Forensics: Computer Security and Incident Response. Addison-Wesley, Reading (2005)
Schwartz, Randal, L., Phoenix, Tom: Learning Perl. O’Reilly, Sebastopol (2001)
The Sleuthkit documentation, http://www.sleuthkit.org/
Forte, D.V.: The State of the Art in Digital Forensics. Advances in Computers 67, 254–300 (2006)
Forte, D.V., Maruti, C., Vetturi, M.R., Zambelli, M.: SecSyslog: an Approach to Secure Logging Based on Covert Channels. In: SADFE 2005, 248–263 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Forte, D.V., Cavallini, A., Maruti, C., Losio, L., Orlandi, T., Zambelli, M. (2009). PTK: An Alternative Advanced Interface for the Sleuth Kit. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, Á. (eds) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08. Advances in Soft Computing, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88181-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-88181-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88180-3
Online ISBN: 978-3-540-88181-0
eBook Packages: EngineeringEngineering (R0)