 |
 |
 |
 |
PTK Forensics: new add-on for the RAM DUMP ANALYSIS |
Ladies and Gentleman, Thank you for your incredible participation to our PTK Forensics 3.0 Webinar. The redemption has been great and we will make it available a recorded version of the webinar soon. In the meanwhile, here you have the minutes of the Q&A Session.
Q: Has PTK Forensics 3.0 the same architecture and performances of PTK 1.0?
A: No. We totally redisigned the product in a way that architecture and performances are dramatically different from the 1.0 –We received many feedback on 1.0 by our customer base, and we decided to move from there, adopting a totally new framework with over 110k lines of brand new code, a new Indexing Engine and over 50 between new features, add on and changes.
Q: is PTK Forensics more on the Forensics or the Incident Response Side?
A: Because of its open architecture, composed by an advanced Indexing engine and a plug-in structure, PTK can easily perform both kind of actions. It can do pure forensics (i.e. thanks to the data extracting tools) and Incident Response, (i.e. thanks to the Memory and Registry analysis tool). Furthermore, PTK Forensics can work with external tools such as F-Response and many others. So it can allow investigators to work on the remote forensic&response side as well.
Q: Has PTK Forensics been validated in any manner?
A: PTK has been tested and validated against the current DFTT from NIST. Please also note that many tools used by the framework have also been tested and validated on their own. Please refer to their respective documentations.
Q: We saw plugins like pasco for history file analysis before, what plugins can we use now?
A: Yes. The Plug In Architecture of PTK Forensics is totally innovative. As long as they are Unix based, you may use any type of plug in which can be useful for your investigation. And the number of them is potentially unlimited. In the near future, DFabs will make available a special customer space where any customer will be able to give its contribute with tools, plugins and experiences.
Q: Can Bookmarks be Categorized ? (i.e. Child Porn, Fraud and so on)
A: Yes, the bookmarks can be Categorized at the investigator discretion. Pls also remind that PTK can be enriched with the DIM - Digital Investigation Manager - Module, in order to perform any type of Case and Evidence Management task related to the examination.
Q: Are proximity searches possible? X within Y words...
A: Yes. they are possible
Q: What database are you using? Do I need a sepeate license for the database used?
A You don't need a separate license for the Database, as it was in the previous version of PTK. Everything is included in the package.
Q: Why virtual machines ONLY for single license? Seems that this restriction may intorduce performance issues, as opposed to being able to install on physical machine.
A: Virtual Machines are available for single, workgroup and Extended Version. Comparative performance tests have been conducted against a benchmark composed by the three most relevant Computer forensic tools available in the market and the results are excellent.
Q: will a demo version be available soon?
A: Because of the high number of requests, we can provide a 7 days Full Online Demo, available only for Single, Workgroup and Extended Version, and for Qualified Customers only. Please contact us to check your eligibility to the Program. We will also make it available a limited single user version for free distribution.
Q: did you change the licensing model?
A: no, we did not.
Q: so why did you decide to limit the free availability of the software?
A: actually we did not limit the free availabiity of it. Instead, we decided to make PTK Free available only thru our website and a series of selected partners, which will also have right to a discounted upgrade to the Pro Version. We also decided to make PTK Free activation only to qualified users, due to the overhelming demand of the software by non qualified people. PTK Free, also, will not have the New indexing engine inside. However, PTK Free users will be able to access to our demo center for evaluation.
Q: will training and certification be available?
A: yes, it is already available. Online and Onsite Training plus certification paths are available yet now. Just contact us for any inquiry. We also have special forensic training package based upon PTK for University and Professional Associations. Should you be part of an University or a Professional Association and want to know more, just contact us.
Q: Are there educational institution licenses available for use in a classroom lab? It is a Cyber Security class of which forensics is a part of the curriculum.
A: yes. EDU and GOV licenses are available. Just contact us at info@dflabs.com for further informations.
***
We will add more Q&A to this post as soon as we will receive questions. Should you have any inquiry, just drop us a line here.
Q: Has PTK Forensics 3.0 the same architecture and performances of PTK 1.0?
A: No. We totally redisigned the product in a way that architecture and performances are dramatically different from the 1.0 –We received many feedback on 1.0 by our customer base, and we decided to move from there, adopting a totally new framework with over 110k lines of brand new code, a new Indexing Engine and over 50 between new features, add on and changes.
Q: is PTK Forensics more on the Forensics or the Incident Response Side?
A: Because of its open architecture, composed by an advanced Indexing engine and a plug-in structure, PTK can easily perform both kind of actions. It can do pure forensics (i.e. thanks to the data extracting tools) and Incident Response, (i.e. thanks to the Memory and Registry analysis tool). Furthermore, PTK Forensics can work with external tools such as F-Response and many others. So it can allow investigators to work on the remote forensic&response side as well.
Q: Has PTK Forensics been validated in any manner?
A: PTK has been tested and validated against the current DFTT from NIST. Please also note that many tools used by the framework have also been tested and validated on their own. Please refer to their respective documentations.
Q: We saw plugins like pasco for history file analysis before, what plugins can we use now?
A: Yes. The Plug In Architecture of PTK Forensics is totally innovative. As long as they are Unix based, you may use any type of plug in which can be useful for your investigation. And the number of them is potentially unlimited. In the near future, DFabs will make available a special customer space where any customer will be able to give its contribute with tools, plugins and experiences.
Q: Can Bookmarks be Categorized ? (i.e. Child Porn, Fraud and so on)
A: Yes, the bookmarks can be Categorized at the investigator discretion. Pls also remind that PTK can be enriched with the DIM - Digital Investigation Manager - Module, in order to perform any type of Case and Evidence Management task related to the examination.
Q: Are proximity searches possible? X within Y words...
A: Yes. they are possible
Q: What database are you using? Do I need a sepeate license for the database used?
A You don't need a separate license for the Database, as it was in the previous version of PTK. Everything is included in the package.
Q: Why virtual machines ONLY for single license? Seems that this restriction may intorduce performance issues, as opposed to being able to install on physical machine.
A: Virtual Machines are available for single, workgroup and Extended Version. Comparative performance tests have been conducted against a benchmark composed by the three most relevant Computer forensic tools available in the market and the results are excellent.
Q: will a demo version be available soon?
A: Because of the high number of requests, we can provide a 7 days Full Online Demo, available only for Single, Workgroup and Extended Version, and for Qualified Customers only. Please contact us to check your eligibility to the Program. We will also make it available a limited single user version for free distribution.
Q: did you change the licensing model?
A: no, we did not.
Q: so why did you decide to limit the free availability of the software?
A: actually we did not limit the free availabiity of it. Instead, we decided to make PTK Free available only thru our website and a series of selected partners, which will also have right to a discounted upgrade to the Pro Version. We also decided to make PTK Free activation only to qualified users, due to the overhelming demand of the software by non qualified people. PTK Free, also, will not have the New indexing engine inside. However, PTK Free users will be able to access to our demo center for evaluation.
Q: will training and certification be available?
A: yes, it is already available. Online and Onsite Training plus certification paths are available yet now. Just contact us for any inquiry. We also have special forensic training package based upon PTK for University and Professional Associations. Should you be part of an University or a Professional Association and want to know more, just contact us.
Q: Are there educational institution licenses available for use in a classroom lab? It is a Cyber Security class of which forensics is a part of the curriculum.
A: yes. EDU and GOV licenses are available. Just contact us at info@dflabs.com for further informations.
***
We will add more Q&A to this post as soon as we will receive questions. Should you have any inquiry, just drop us a line here.
 |
 |
 |
 |
 |
 |
  |
©2003/2011 DFlabs Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., via Bergognone 31, 20144 Milano | Privacy Policy |