Computer Forensic Software | Computer Forensics | DFLabs PTK Forensics an alternative computer forensic framework
PTK DFLabs
Follow DFLabs on twitter Follow DFLabs on YouTube

border_sx   Italian  Russian border_dx

Home:

New Articles rss

  • 2010-07-21 - Robust Process Scanner in PTK Forensics: done!

  • 2010-06-01 - Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference

  • 2010-05-14 - SANS Investigative Forensic Toolkit e PTK Forensics: made simple!

  • 2010-04-26 - DFLabs PTK Forensics new version is available Thru SANS Institute's SIFT Virtual Machine

  • 2010-04-24 - New PTK and IncMan suite Video Available for your demo purposes.

  • 2010-02-20 - New DFLabs YoutTube Channel.

  • 2010-02-04 - PTK Forensics: New Webinar session.

  • 2010-02-01 - PTK Forensics, the new website is online.

  • 2009-11-14 17:31:11 - New PTK roadmap

  • 2009-09-30 14:10:01 - DFLabs is proud to announce that the data carving is available

Validator:

Valid XHTML 1.0 Transitional
CSS Valido!

News


[2010-07-21 15:53:51]

Robust Process Scanner in PTK Forensics: done!

 

Once more DFLabs confirms its leadership in discovering new solutions useful for the PTK Forensics Users community. From today, the Robust Process Scanner, that will enhance the Windows Memory Analysis, one of the most appreciated features that make the object of several famous publications ("SIFT Workstation 2.0: SANS Investigative Forensic Toolkit" written by Russ McRee, GCIH, GCFA, GPEN, CISSP, team leader and senior security analyst for Microsoft's Online Services Security Incident Management team)will be usable under PTK Forensics. Thanks to this new add-on to the Volatility framework, PTK Forensics consolidates itself as an analysis tool in line with the latest innovations. The new script "psscan3" introduces process analysis based on the new method "Robust Process Scanner" and thus allows results of higher level than before. This new piece of software confirms the effectiveness of the Volatility Framework, that we are proud to make integrable with PTK Forensics



[2010-06-01 17:04:53]

Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference (June 9 2010 Chantilly, VA)

 

DFLABS and the PTK team are pleased to invite you at the "The Sleuth Kit and Open Source Digital Forensics Conference" in in Chantilly (VA - USA), a unique opportunity to network with colleagues and hear from leading open source developers.

Scheduled to speak are Brian Carrier (author of "The Sleuth Kit"), Harlan Carvey, Simson Garfinkel, Cory Altheide, Jamie Butler, Dario Forte (Founder and CEO DFLABS, the PTK maker), Rob Joyce, and others.

Learn how open source forensics tools can be used to solve the challenges of large data sets from different environments. Learn how PTK forensics future roadmap will allow the forensic community to improve its work. Join in open, frank round table discussions about the strengths and weaknesses of existing open source tools.

Who Should Attend:

  • Digital forensics examiners who want to learn more about using open source tools.
  • Digital forensics examiners who want to meet colleagues who also use open source tools.
  • System integrators that develop automated systems to process hard drives and removable media.
  • Developers who want to get involved with open source forensics tools.
  • PTK forensics users community


Agenda
Registration

See you in Chantilly!



[2010-05-14 14:34:53]

SANS Investigative Forensic Toolkit e PTK Forensics: made simple!

 

Regarding the increasing success of PTK Forensics we posted an article "SIFT Workstation 2.0: SANS Investigative Forensic Toolkit" written by Russ McRee, (GCIH, GCFA, GPEN, CISSP, team leader and senior security analyst for Microsoft's Online Services Security Incident Management team) as he tested PTK for ramdump analysis. The PTK Forensics inclusion in the SANS Investigative Forensic Toolkit confirms the interest of the community in our project.



[2010-01-20 13:12:07]

PTK Forensics, the new website is online

 

PTK Forensics, the advanced Computer Forensic Software created by DFLabs, has an updated website. We Just released two new versions of it, under the PTK Forensics full name. Available both in SW and HW appliance version, PTK Forensics is now one of the most effective alternatives to Encase and FTK.

[2009-11-14 17:31:11]

New PTK roadmap

 

The PTK team is proud to announce the new roadmap for 2010. The future development plan will be focused on advanced features such as multitasking control, Indexing Enhancement, reporting and new forensic tools integration into the main core. We will keep up working hard for all the computer forensic examiners all around the world.

[2009-09-30 14:10:01]

DFLabs is proud to announce that the new section of PTK dedicated to data carving is available

 

DFLabs is proud to announce that the new section of PTK dedicated to data carving is available. This new feature, available for the appliance version, will be automatically integrated with the numerous features PTK has got already. Through this section, every investigator will be able to run the data carving process on any image imported and analyze results inside the file analysis section. In order to implement the data carving, PTK uses the technique called 'zero storage'. This modality enables to run the data carving process without having to allocate the physical space on the disk; saving instead, for every recognized file, its own reference inside the disk (start sector and offset). Thus the investigator doesn't have to worry if he has free space on the hard disk; he can choose to export, at the end of the process, only those files which are of major interest. In order to render the process faster, there are headers and footers of the most common files (for example jpg, gif, doc, pdf, etc.) divided by category in order to facilitate the user during his choice. In case an investigator has to identify particular file types an insertion form in which it is possible to define the new file types is provided.

[March 13, 2009]

DFLabs PTK Forensic vendor statement.

 

2009-09-04 07:17:11

Regarding the supposed vulnerability.

The supposed vulnerabilities underlined in the advisory have a very low impact in a real computer forensic environment, as explained in the FAQ file. Furthermore, they are actually not related to "Unauthenticated users" per se. Instead, it is more correct to use the term " a malicious user already connected to the system", since PTK makes an extensive User Auth Check since its beta version. Finally, all those supposed issues are already fixed in PTK Forensic 1.0.5 version, which has been released jan 23 2009.

Basically speaking, the fact that this latest "vulnerability" has been poorly written and researched by the originator, is also confirmed by the very low rate of criticity given by the vulnerability advisory services such as Secunia, which gave a rate of "not critical" to the entire fact.