PTK section:

New Articles

2010-07-21 - Robust Process Scanner in PTK Forensics: done!
2010-06-01 - Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference
2010-05-14 - SANS Investigative Forensic Toolkit e PTK Forensics: made simple!
2010-04-26 - DFLabs PTK Forensics new version is available Thru SANS Institute's SIFT Virtual Machine
2010-04-24 - New PTK and IncMan suite Video Available for your demo purposes.
2010-02-20 - New DFLabs YoutTube Channel.
2010-02-04 - PTK Forensics: New Webinar session.
2010-02-01 - PTK Forensics, the new website is online.
2009-11-14 17:31:11 - New PTK roadmap
2009-09-30 14:10:01 - DFLabs is proud to announce that the data carving is available

Validator:

Indexing Engine

PTK has got an indexing engine that executes preliminary indexing operations on the evidence inserted and stores the results thus obtained in the database. Therefore the investigator can efficiently query the data on which he is working.

The indexing tasks can be launched by the administrator of the application who chooses among the following activities:

Ascii and Unicode String extraction from the allocated space:
- Allocated strings
- Unallocated strings
- Slack space (NTFS and FAT)

Identification of known extensions.

File type
- Signature file analysis
- File extension Mismatch
- File categorization (graphic, document, executables etc...)

Metadata and hash generation of the files present on the disc

Timeline generation (Graphic or Textual)

File carving (Lazarus, Foremost, Scalpel)

Hash (MD5 or SHA1) of all files inside the image
Categorization (Graphics, Documents, Executables, etc..) of the documents obtained

The results of the preliminary operations are memorized in a database for a better data search. The remaining operations, such as file or directory exportation can be executed by the investigator directly from the disk image.

With the new indexing engine the use of the icat command is optimized and the number of queries towards MySQL is reduced.