PTK Forensics
Encyclopedia
PTK Forensics is a non-free, commercial GUI
for digital forensics
tool The Sleuth Kit
(TSK). It also includes a number of other software modules for investigating digital media.
PTK runs as a GUI interface for The Sleuth Kit, acquiring and indexing digital media for investigation. Indexes are stored in an SQL database for searching as part of a digital investigation
. PTK calculates a hash signature
(using SHA-1 and MD5
) for acquired media for verification and consistency purposes.
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
for digital forensics
Digital forensics
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime...
tool The Sleuth Kit
The Sleuth Kit
The Sleuth Kit is a library and collection of Unix- and Windows-based tools and utilities to allow for the forensic analysis of computer systems. It was written and maintained by digital investigator Brian Carrier. TSK can be used to perform investigations and data extraction from images of...
(TSK). It also includes a number of other software modules for investigating digital media.
PTK runs as a GUI interface for The Sleuth Kit, acquiring and indexing digital media for investigation. Indexes are stored in an SQL database for searching as part of a digital investigation
Digital forensic process
The Digital forensic process is a recognised scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings...
. PTK calculates a hash signature
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
(using SHA-1 and MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
) for acquired media for verification and consistency purposes.