Practice cases:
New Articles 
- 2010-07-21 - Robust Process Scanner in PTK Forensics: done!
- 2010-06-01 - Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference
- 2010-05-14 - SANS Investigative Forensic Toolkit e PTK Forensics: made simple!
- 2010-04-26 - DFLabs PTK Forensics new version is available Thru SANS Institute's SIFT Virtual Machine
- 2010-04-24 - New PTK and IncMan suite Video Available for your demo purposes.
- 2010-02-20 - New DFLabs YoutTube Channel.
- 2010-02-04 - PTK Forensics: New Webinar session.
- 2010-02-01 - PTK Forensics, the new website is online.
- 2009-11-14 17:31:11 - New PTK roadmap
- 2009-09-30 14:10:01 - DFLabs is proud to announce that the data carving is available
Validator:
PTK practice cases:
In the following cases it is assumed that the last version of sleuthkit was installed and is running. You can download the last version from here.
PTK on Mandriva 2009 Server:
Frank Neugebauer, webmaster of the Linux-Tip published an useful tutorial on installing PTK under Mandriva 2009 server. We suggest you to read it integrally. More infos Here.
PTK on Fedora 8
Jaime Levy from CUNY published an useful tutorial on installing PTK under Fedora. After some initial attempt it seems it worked fine. we suggest you to read it integrally. More infos Here.
PTK on Ubuntu 8.10
1. Go to the synaptic package manager and type in 'forensic'. This will bring you to a list of useful tools that will self compile and some of the packages that you need for PTK. This set up has also been created in a VM Machine and works as stated on the box. Here is a list of the packages that user have used to get PTK up and running.
- afflib
- afflib-dev
- achache2-utils
- dcfldd
- foremost
- libtsk-dev
- rdd
- scalpel
- tct
- unhide
- vinetto
***Go to this side (https://www.uitwisselplatform.nl/frs/?group_id=53&release_id=366) download libewf_20080501-1_i386_deps.zip, unpack the folder and double click on each package starting with libewf_20080501-1_i386.deb etc. This gives EO1 support.***
2. Now install sleuthkit (in order to check if sleuthkit works, run the command fls -V, version of sleuthkit should be displayed)
3. Here is a list of the other packages that user have used to get PTK up and running.
- php5
- php5-cgi
- php5-common
- php5-mysql
- php5-pgsql
- libapache2-mod-php5
- mysql-server-5.0
- mysql-common
- mysql-client-5.0
- libmysqlclient15off
- libdbd-mysql-perl
- apache2
- apache2.2-common
- apache2-mpm-prefork
- apache2-utils
- libapr1
(One or two of these packages could be dropped but we like to report all packages with what worked on user install)
4. Now that Mysql and Apache are installed restart Ubuntu and then check that the services are running (in Ubuntu this can be done from the command line or System, Administration - Services)
5. Before starting the PTK install create a password (If you missed it during setup) for your SQL database: - (To do this become root in a terminal, in Ubuntu use the command or su) Set / change / reset the MySQL root password on Ubuntu Linux. Enter the following lines in your terminal.
- 1. Stop the MySQL Server.
/etc/init.d/mysql stop
- 2. Start the mysqld configuration.
mysqld --skip-grant-tables &
- 3. Login to MySQL as root.
mysql -u root mysql
- 4. Replace YOURNEWPASSWORD with your new password!
UPDATE user SET Password=PASSWORD('YOURNEWPASSWORD') WHERE User='root'; FLUSH PRIVILEGES; exit;
6. Download if you have not done so already 'ptk-beta_0.2.tar.gz' http://ptk.dflabs.com/download.php and unpack it to this directory /var/www If you navigate to this folder you should see the ptk folder in there (/var/www/ptk). The main obsticle I have come across is the users rights to the folders. If the server/standalone is not going on-line then chmod 777 the folders to give you full rights as a normal user, worked for me.
7. Open up firefox and in the address bar type
| http://localhost/ptk/install.php |
|---|
Enter the Mysql pasword you created earlier the fill in the remaining boxes. Click on 'Lets continue' will take you to the logon screen. Login as admin and the password you created for admin and you are ready to start adding cases and images.
8. Now you have the images loaded and the users assigned to the case you can access the server on the network and process the
cases. Obtain the IP address from the terminal by entering the following:
| ifconfig | grep "inet" |
|---|
PTK Team wishes to thank Stephen Ball from London for this guide.
PTK using XAMPP 1.6.7 (linux version)
1. Download the latest version here
2. Go to a Linux shell and login as the system administrator root:
| su |
|---|
3. Extract the downloaded archive file to /opt:
| tar xvfz xampp-linux-1.6.7.tar.gz -C /opt |
|---|
Warning: already installed XAMPP versions get overwritten by this command.
4. That's all. XAMPP is now installed below the /opt/lampp directory.
5. Open the file /opt/lampp/etc/php.ini through a text editor
6. Set the option register_globals "Off"
7. Download the latest version of PTK from this website or from sourceforge
8. If the package wasn't downloaded in the folder /opt/lampp/htdocs you should move it
9. Extract the package:
| tar -zxvf ptk-xxxxxx.tar.gz |
|---|
At the end the folder PTK is created. 10. To start XAMPP simply call this command:
| /opt/lampp/lampp start |
|---|
You should now see something like this on your screen:
| Starting XAMPP 1.6.7... LAMPP: Starting Apache... LAMPP: Starting MySQL... LAMPP started. |
|---|
Ready. Apache and MySQL are running.
11. Open up firefox and in the address bar type
| http://localhost/ptk/install.php |
|---|
Enter the MySQL password you created earlier the fill in the remaining boxes. Click on 'Lets continue' will take you to the logon screen. Login as admin and the password you created for admin and you are ready to start adding cases and images.
PTK on Mac OS X using XAMPP 0.7.3 (mac version)
1. Download the latest version here. We suggest to download Installer Version since installation is quite simple.
2. Install XAMPP
Warning: already installed XAMPP versions get overwritten by this command.
3. That's all. XAMPP is now installed below the /Applications/xampp directory.
4. Open the file /Applications/xampp/xamppfiles/etc/php.ini through a text editor
5. Set the option register_globals "Off"
6. Download the latest version of PTK from this website or from sourceforge
7. If the package wasn't downloaded in the folder /Applications/xampp/xamppfiles/htdocs you should move it
8. Extract the package:
| tar -zxvf ptk-xxxxxx.tar.gz |
|---|
At the end the folder PTK is created.
9. Go to a Terminal shell and login as the system administrator root:
| sudo su |
|---|
10. To start XAMPP simply call this command:
| /Applications/xampp/xamppfiles/mampp start |
|---|
You should now see something like this on your screen:
| Starting XAMPP for MacOS X 0.7.3... XAMPP: Starting Apache with SSL (and PHP5)... XAMPP: Starting MySQL... XAMPP: Starting ProFTPD... XAMPP for MacOS X started. |
|---|
Ready. Apache and MySQL are running.
11. Since Mac OS X systems want the md5sum and sha1sum commands, it is advisable to create two small scripts called md5sum and sha1sum
respectively which redirect the input to md5 and openssl sha1 commands and show their output. Scripts thus created have to be placed inside
the folder /usr/sbin/ in order to be found automatically through the which command. Below are the scripts serving as example:
md5sum
| #!/bin/sh md5 "$1" | tail -r -c 33 |
|---|
and sha1sum
| #!/bin/sh openssl sha1 "$1" | tail -r -c 41 |
|---|
These files must have execute permissions.
12. Open up firefox and in the address bar type
| http://localhost/ptk/install.php |
|---|
Enter the MySQL password you created earlier the fill in the remaining boxes. Click on 'Lets continue' will take you to the logon screen. Login as admin and the password you created for admin and you are ready to start adding cases and images.
PTK on CentOS
Jamie Levy published an useful tutorial on installing PTK under CentOS. We suggest you to read it integrally. More infos Here.