본문 바로가기

[☩ Forensics ☩]

PTK 에 대한 자료

베타버전이 나온지 얼마 안되고 나서 이번에 새롭게 업데이트 된듯합니다.
간단하게 설치하고 테스트해본 결과 베타버전보다는 버그나 속도 면에서 한층 나아진 모습입니다.

그리고 조사자를 위한 여러가지 도움을 주는 것들이 많이 추가가 됬습니다.

오픈소스로써
Autopsy, PyFlag 와 비교가 자꾸 되네요.
글이 잘 구성되 있어서 가져왔으니  천천히 읽어보시길 바랍니다.

PTK가 생소하신 분들은 이글을 참조 하시길 바랍니다.

Forensics, Digital Behavior 등 뭐 그런거...  http://ykei.egloos.com/4443581
 
사용자 삽입 이미지

In this article, we will describe the installation of PTK, a very simple and automated process notwithstanding the use it makes of various components. This process is entirely web based. First of all we remind you that the PTK 1.0 was made available for download on October 28. (PTK 1.0 changelog)

Preliminary system setup

Before starting the installation, make sure that packages essential for the functioning of PTK are available. Please note that PTK correctly supports the Mozilla Firefox, Safari and Chrome browsers. The software requirements for using PTK are as follows:

• Linux distro      • MySQL 5.x      • Apache 2.0      • PHP 5      Sleuthkit 3.0

Before installing PTK, check that Apache daemons (with PHP5) and MySQL are functioning. Besides a MySQL – Apache – PHP we advise the use of the packages suite called XAMP representing a further simplification in order to install and start the three components. There are very simple steps to be taken in order to install XAMP:

# tar xvfz xampp-linux-1.6.7.tar.gz -C /opt
• Open the file /opt/lampp/etc/php.ini through a text editor
• Set the option register_globals “Off”

As for the PHP configuration, for performance reasons it is advisable to:

• Locate the php.ini file used by your web server. You can use the phpinfo() PHP function to find it.
• Edit the memory_limit parameter in the php.ini file (usually in a section called Resource Limits) and set it to 24MB.

Check the modules support installed in TSK using the command:

# fls -i list

It is advisable to enable, when compiling TSK, the full support for:

• raw dd      • splitted      aff      ewf

PTK installation

First download it, move to your apache www directory and extract the package with:

# tar –zxvf ptk-xx.xx.tar.gz

(Warning: www directory depends on your Linux distro! For GENTOO is /var/www/localhost/htdocs/,  for UBUNTU is /var/www/).

Now open your browser and go to http://localhost/ptk/. You’ll see the installer page. PTK runs an automatic control of  the binaries present on the operating system and their respective versions. If an essential component is missing, PTK will signal an error. During installation it is necessary to insert access credentials to MySQL for the root user, the credentials of the new PTK account inside MySQL and those of PTK Master Investigator.

Once the installation is done, PTK will automatically redirect the browser to the login screen. Remember that the only active user is Master Investigator previously set. From the settings panel it will be possible to add new users.

PTK Updating

The updating operations to the latest version are very simple. First of all you have to download the latest version and extract it inside the installation path previously seen with the same command:

# tar –zxvf ptk-xx.xx.tar.gz

open the
http://localhost/ptk/, PTK will start an updating procedure of the database and essential files. All data and settings saved on DB will be kept. However, it is advisable to run a dump of the PTK database before starting the update procedure.

'[☩ Forensics ☩]' 카테고리의 다른 글

Slacker 슬랙공간 데이터 숨기기  (0) 2008.11.20
Regripper - Registry Analysis  (2) 2008.11.16
e-Discovery 관련 자료  (0) 2008.10.28
Forensic Acquisition Utilities (Windows DD)  (0) 2008.10.11
IE History Tool(Live Forensics)  (6) 2008.09.24