A Group of Cyber Security Specialists

PTK Forensics

PTK forensics is a computer forensic framework for the command line tools in the SleuthKit plus much more software modules. This makes it usable and easy to investigate a system. PTK forensics is an alternative advanced framework for the TSK suite (The SleuthKit). Born as a free interface in order to improve the features already present in ‘Autopsy Forensic Browser’ (the former TSK interface). PTK Forensic, now, is much more. In addition to providing the functions already present in Autopsy Forensic Browser it now implements numerous new essential forensic features. PTK forensics is more than just a new graphic and highly professional interface based on Ajax and other advanced technologies; it offers numerous features such as analysis, search and management of complex digital investigation cases. Here you have a general graphic description of our framework.


schema logico


The core component of the software is an efficient Indexing Engine performing different preliminary analysis operations during the import phase of each piece of evidence. PTK allows simultaneous management of different cases and multi-user profiling. Investigators can work on the same case at the same time. All reports and bookmarks generated by an investigator are saved in a reserved section of the Database. PTK forensics is a complex web application based on very innovative technologies and builds an appealing, highly dynamic and very easy to use interface. Its developers used the PHP language and a back-end MySQL database implementing thus the LAMP structure (Linux-Apache-MySql-PHP).



-Efficient File Analysis

-Dynamic Timeline

-File Categorization

-Image Gallery

-Indexing Keyword Search

-Personal Bookmark Section

-Case features shared by: Multiple investigators and case lock

Other features:

-Easier to use, PTK is based on Ajax.

-PTK is a dynamic web application with centralised -Database. More investigatots can work on the same case at te same time.

-Possibility to analyze the Memory Dump.

-Can be extended through other opensource tools.

-A log of all operations performed by the investigators is kept.

-Preliminary tests haven’t evinced problems.

-Many browsers are supported.

-PTK is a forensic analysis interface; in fact, PTK does not address incident response issues.

-Its main aim is to help small groups of investigators execute complex consultancy quickly and efficiently.