DFLabs PTK Forensics v2.0 Selected by Back/Track-Linux Version 5, Releases New Licensing Model
DFLabs, a global leader in IT GRC and Computer Forensics, just announced at the 2011 CEIC Conference in Orlando (FL) that PTK Forensics Basic Edition, its advanced computer forensic framework based upon The Sleuth Kit (TSK), has been selected to be part of Back/Track-Linux. Back/Track-Linux is a free Linux-based penetration testing arsenal that aids security pros in the ability to perform assessments in a purely native environment. It is the most commonly used open source distribution in the world today. DFLabs also announced a new licensing model for PTK Forensics Basic Edition, which now allows the right for professional use for registered users. “With immense honor, we announce that PTK Basic Edition has been selected to be part of Back/Track-Linux“, said Dario Forte, CEO and Founder of DFLabs. “There is no better opportunity for us to celebrate this event and make our PTK Basic now available without limitation”. This is an epochal change in the history of PTK Forensics. The so called “Go To Free Roadmap” will allow PTK Basic Edition users to work with the software free of charge for use on their cases. As a first step, DFLabs will allow Back/Track-Linux users to activate the software with the new license. Once registered, PTK Basic users will also have the opportunity to upgrade to the PTK Forensics Pro version, now available with many additional features, technical support and online training. “This is just the first step of our new PTK Roadmap” Forte added. “Starting from October 2011, we will also launch the new PTK Certified Examiner Program, along with a brand new training roadmap. Stay tuned for details.
About PTK Forensics v2.0
PTK forensics is a computer forensic framework for the command line tools in TSK plus many more software modules. This makes it usable and easy to investigate a system. PTK forensics is an alternative advanced framework for the TSK suite. PTK Forensics, in addition to providing the functions already present in TSK, now implements numerous new essential and advanced forensic features, such as: multi user, case management, a plug-in architecture, memory analysis, advanced data carving & registry analysis. PTK is available in two version: Basic and Pro. PTK Forensics Basic Edition has been downloaded more than 75,000 times since 2008. PTK Forensics Pro is a fast growing computer forensic software solution, being used by many corporate, law enforcement, government and academia examiners worldwide.
More infos on Back-Track Linux: http://www.backtrack-linux.org/
is global leader in the field of GRC, Incident Management and Digital Forensics. DFLabs, certified by ISO9001, provides technology solutions, consulting and services to Fortune 1000, government, law enforcement and academia, with a growing presence in America, Asia, Europe and the Middle East. Established in 2004, the company has emerged as a global player in the field of incident response management and digital forensics. The company operates on a worldwide basis from its headquarters in Europe and offices in North America, Asia and the Middle East.
DFLabs PTK Forensics has been selected by BackTrack Linux Version 5
New Licensing for PTK Forensic, one of the most promising new advanced computer forensic framework.
With immense honor, we announce that PTK Basic Edition has been selected to be part of BackTrack Linux
, the most used PenTest and Security opensource distro in the world. Effective today, PTK will be available for download with the following new license.
Copyright (C) 2011 - DFLabs srl - All rights reserved info (at) dflabs (dot) com.
This program is free software. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
It Is prohibited to resell this software, even if modified or not- However, it is possible to distribute the software - without any modification - for no profit purposes, and any type of packaging and distribution via free internet sites and linux distributions. In those particular cases you must mention the Project and the Team Name.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS Or IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO, LOSS OF USE, DATA, OR
PROFITS OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCEOROTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
As you can see, PTK Basic is now free for registered professional users.
In order to activate your PTK Forensics free software you are requested to complete the form on our web page and we will send you a license file for the activation via email. Upon receiving the license file, simply copy it in the config folder of PTK Forensics for immediate activation.
Please note that we highly suggest you to register the product at your name, so you can take advantage of the new PTK License for the Basic Version, plus many more offerings, such as discount and upgrades to the PTK Professional Version.
DFLabs Releases PTK Forensic Professional 2.0
Enhanced Filtering Capabilities, Advanced Key Word Search, Improved Reporting Functionalities and Multiple Export Capabilities are the new Features of PTK Forensic Professional Version 2.0, highlighting a continuous guarantee of PTK as a leading advanced Digital Forensic Tool.
Milano, Jan 22 2011 - In line with its corporate agenda to ensure continuous development and innovation of its range of products, DFLabs, global leader in the field of GRC, Incident Management and Digital Forensics, has released a new version of its computer forensic software, PTK Professional 2.0. With advanced features which guarantee the competiveness and reliability, PTK Pro is an alternative advanced digital forensic framework. Apart from existing features of PTK (including Indexing, Efficient File Analysis, Dynamic Timeline, Multi-User functionalities, File Categorization, Image Gallery, Keyword Search and Bookmark Capabilities), the new version of the software comes with advanced and improved features which enhance its performance as an emerging alternative digital forensic tool. The new features of PTK Professional 2.0 include the following:
ENHANCED FILTERING CAPABILITIES
ADVANCED KEY WORD SEARCH
- Filtering capabilities for the forensic examiner to sort different types of files by file type (Graphic Files, Text Files, PDF Files, Executable Files, Microsoft Office Documents, etc.) during forensic examination. This enhanced feature of PTK also helps the forensic investigator to filter files by their timestamp, defining relevant parameters and timeframe to focus on the search for evidence.
- Other filtering options include file size and file extensions. Thus offering the investigator the possibility to specify logical conditions of files under investigation.
IMPROVED REPORTING FUNCTIONALITIES
- A powerful search engine to perform key word search with both Indexed Search and Live Search functionalities of PTK.
- A background search execution process to allow the forensic investigator to perform other analysis during the investigation process.
MULTIPLE EXPORT CAPABILITIES
- Customize reporting functionalities to allow investigators to choose what to include in the final forensic report.
- Reports are generated based on bookmarks created by the forensic examiner.
- The possibility to add thumbnail, specific file contents or plug-in output to the final forensic report is available with this version of PTK.
- Ability to structure forensic reports to meet the needs of the forensic examiner.
“We are proud to introduce the version 2.0 to the market”
- This feature offers the ability for the investigator to select multiple files and export them simultaneously to relevant sections of the analysis.
- Every imported file can be analyzed at the data unit level, enhancing analysis of every sector of the file system under investigation.
stated Dario Forte, Founder and CEO of DFLabs. “PTK Forensic Pro arrives at a time when digital forensics domain is undergoing a major transformation; at a time in which forensic examiners are looking for the very effective tools as alternative to the most common toolkits, which are becoming too expensive and less cost-effective, especially for the small and medium forensic laboratories (up to 25 concurrent users). The number of PTK users worldwide is growing at a faster rate and we are sure PTK will definitely become a leader in the near future.”
PTK Forensic Professional 2.0 is available as a SW and HW appliance and is offered to private and corporate investigators as well as government, academia and law enforcement. Online Training package is available upon request. DFLabs will be exhibiting at DoD Cybercrime Conference 2011 at Atlanta (USA), Booth 414; from January 21 to January 28 to outdoor the new version of PTK.
DFLabs is global leader in the field of GRC, Incident Management and Digital Forensics. DFLabs, certified by ISO9001, provides technology solutions, consulting and services to Fortune 1000, GOV, LEO and Academia, with a growing presence in America, Asia, Europe and the Middle East. Established in 2004, the company has emerged as a global player in the field of incident response management and digital forensics. Apart from PTK, DFLabs has also developed IncMan Suite, a cutting-edge technology solution for incident tracking and computer forensics evidence management. The company operates on a worldwide basis from its headquarters in Europe and offices in USA, providing services and technology solutions to businesses, government departments and law enforcement.
PTK Forensics: new add-on for the RAM DUMP ANALYSIS
The RAM analysis is a crucial point in a forensic analysis as it allows to retrieve all information normally lost in case the ‘compromised’ computer is turned off. Thanks to the ever increasing number of programs and the constant increase of the space dedicated to RAM the importance of this phase was reconsidered. Inside the RAM it is possible to print list of open files for each process, print list of open connections, scan for modules, print list of open sockets and so on. This information allows a complete analysis in order to identify possible malware traces.
Visit our page for complete infos about the new add-on: Tutorial PTK Ram Analysis new add-on.
Join our New PTK Forensics and IncMan Suite Group on Linkedin!
We are pleased to announce the creation of our new PTK/IncMan Linkedin Group!
PTK Forensics and IncMan User Group is the Community of the PTK Forensics and IncMan Suite software users and prospects.
So far, more than 50k people downloaded our Free Version of PTK Forensics, and many Corporate Customers rely on IncMan. Thus, we would be happy to invite you to join this group, with the purpose to keep yourself updated on the latest news, plus sharing infos, impressions, feedbacks, bugs, requests and features wish list.
The participation is, of course, free of charge, and will give you the possibility to meet new people and share your experiences with other professionals!
To join the group please click here.
Robust Process Scanner in PTK Forensics: done!
Once more DFLabs confirms its leadership in discovering new solutions useful for the PTK Forensics Users community.
From today, the Robust Process Scanner
, that will enhance the Windows Memory Analysis
, one of the most appreciated features that make
the object of several famous publications ("SIFT Workstation 2.0: SANS Investigative Forensic Toolkit
" written by Russ McRee, GCIH, GCFA,
GPEN, CISSP, team leader and senior security analyst for Microsoft's Online Services Security Incident Management team) will be usable
under PTK Forensics
. Thanks to this new add-on to
the Volatility framework
PTK Forensics consolidates itself as an analysis tool in line with the latest innovations. The new script "psscan3
" introduces process analysis based
on the new method "Robust Process Scanner" and thus allows results of higher level than before. This new piece of software confirms the effectiveness
of the Volatility Framework, that we are proud to make integrable with PTK Forensics.
Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference (June 9 2010 Chantilly, VA)
DFLABS and the PTK team are pleased to invite you at the "The Sleuth Kit and Open Source Digital Forensics Conference" in in Chantilly (VA - USA), a unique opportunity to network with colleagues and hear from leading open source developers.
Scheduled to speak are Brian Carrier (author of "The Sleuth Kit"), Harlan Carvey, Simson Garfinkel, Cory Altheide, Jamie Butler, Dario Forte (Founder and CEO DFLABS, the PTK maker), Rob Joyce, and others.
Learn how open source forensics tools can be used to solve the challenges of large data sets from different environments. Learn how PTK forensics future roadmap will allow the forensic community to improve its work. Join in open, frank round table discussions about the strengths and weaknesses of existing open source tools.
Who Should Attend:
- Digital forensics examiners who want to learn more about using open source tools.
- Digital forensics examiners who want to meet colleagues who also use open source tools.
- System integrators that develop automated systems to process hard drives and removable media.
- Developers who want to get involved with open source forensics tools.
- PTK forensics users community.
See you in Chantilly!
SANS Investigative Forensic Toolkit e PTK Forensics: made simple!
Regarding the increasing success of PTK Forensics
we posted an article "SIFT Workstation 2.0: SANS Investigative Forensic Toolkit
" written by Russ McRee, (GCIH, GCFA, GPEN, CISSP, team leader and senior security analyst for Microsoft's Online Services Security Incident Management team) as he tested PTK for ramdump analysis. The PTK Forensics inclusion in the SANS Investigative Forensic Toolkit
confirms the interest of the community in our project.
PTK Forensics, the new website is online
PTK Forensics, the advanced Computer Forensic Software created by DFLabs, has an updated website. We Just released two new versions of it, under the PTK Forensics full name. Available both in SW and HW appliance version, PTK Forensics is now one of the most effective alternatives to Encase and FTK.
New PTK roadmap
The PTK team is proud to announce the new roadmap for 2010. The future development plan will be focused on advanced features such as multitasking control, Indexing Enhancement, reporting and new forensic tools integration into the main core. We will keep up working hard for all the computer forensic examiners all around the world.
DFLabs is proud to announce that the new section of PTK dedicated to data carving is available
DFLabs is proud to announce that the new section of PTK dedicated to data carving is available. This new feature, available for the appliance version, will be automatically integrated with the numerous features PTK has got already. Through this section, every investigator will be able to run the data carving process on any image imported and analyze results inside the file analysis section. In order to implement the data carving, PTK uses the technique called 'zero storage'. This modality enables to run the data carving process without having to allocate the physical space on the disk; saving instead, for every recognized file, its own reference inside the disk (start sector and offset). Thus the investigator doesn't have to worry if he has free space on the hard disk; he can choose to export, at the end of the process, only those files which are of major interest. In order to render the process faster, there are headers and footers of the most common files (for example jpg, gif, doc, pdf, etc.) divided by category in order to facilitate the user during his choice. In case an investigator has to identify particular file types an insertion form in which it is possible to define the new file types is provided.
DFLabs PTK Forensic vendor statement
Regarding the supposed vulnerability
The supposed vulnerabilities underlined in the advisory have a very low impact in a real computer forensic environment, as explained in the FAQ file
. Furthermore, they are actually not related to "Unauthenticated
users" per se. Instead, it is more correct to use the term " a malicious user already connected to the system", since PTK
makes an extensive User Auth Check since its beta version. Finally, all those supposed issues are already fixed in
PTK Forensic 1.0.5 version
which has been released jan 23 2009.
Basically speaking, the fact that this latest "vulnerability" has been poorly written and researched by the originator, is
also confirmed by the very low rate of criticity given by the vulnerability advisory services such as
, which gave a rate of "not critical" to the entire fact.