PTK: An Alternative Advanced Interface for the Sleuth Kit
نویسندگان
چکیده
PTK is a new open-source tool for all complex digital investigations. It represents an alternative to the well-known but now obsolete front-end Autopsy Forensic Browser. This latter tool has a number of inadequacies taking the form of a cumbersome user interface, complicated case and evidence management, and a non-interactive timeline that is difficult to consult. A number of important functions are also lacking, such as an effective bookmarking system or a section for file analysis in graphic format. The need to accelerate evidence analysis through greater automation has prompted DFLabs to design and develop this new tool. PTK provides a new interface for The Sleuth Kit (TSK) suite of tools and also adds numerous extensions and features, one of which is an internal indexing engine that is capable of carrying out complex evidence pre-analysis processes. PTK was written from scratch using Ajax technology for graphic contents and a MySql database management system server for saving indexing results and investigator-generated bookmarks. This feature allows a plurality of users to work simultaneously on the same or different cases, accessing previously indexed contents. The ability to work in parallel greatly reduces analysis times. These characteristics are described in greater detail below. PTK includes a dedicated “Extension Management” module that allows existing or newly developed tools to be integrated into it, effectively expanding its analysis and automation capacity.
منابع مشابه
Digital Evidence Handling Using Autopsy
The Autopsy Forensics Browser is a graphical interface to The Sleuth Kit (TASK). Autopsy is a free and open Source Windows-based digital forensics platform for diagnose an event. It is capable of analysing disk images, local drives and directories in order to determine possible causes of an event in a read-only environment. It was designed to be an extensible platform so that it can be an end-t...
متن کاملAn Intelligent User Interface for Browsing and Searching MPEG-7 Images Using Concept Lattices
This paper presents the evaluation of a design and architecture for browsing and searching MPEG-7 images. Our approach is novel in that it exploits concept lattices for the representation and navigation of image content. Several concept lattices provide the foundation for the system (called Image-Sleuth) each representing a different search context, one for image shape, another for color and lu...
متن کاملSleuth: An Audio Experience
We outline the design, prototyping, and evaluation of an immersive audio game, Sleuth: An Audio Experience. We examine related applications based on wearable computing and augmented reality technologies, and discuss the game audio design and user interaction issues. The game environment was prototyped using VRML 2.0 and Java.
متن کاملSleuth: a Quasi-model-independent Search Strategy for New Physics
How can we search for new physics when we only vaguely know what it should look like? How can we perform an unbiased yet data-driven search? If we see apparently anomalous events in our data, how can we quantify their “interestingness” a posteriori? We present an analysis strategy (sleuth) that simultaneously addresses each of these questions, and we demonstrate its application to over thirty e...
متن کاملConcept Lattices for Information Visualization: Can Novices Read Line-Diagrams?
Mail-Sleuth is a personal productivity tool that allows individuals to manage email and visualize its contents using line diagrams. Based on earlier work on the Conceptual Email Manager (Cem), a major hypothesis of Mail-Sleuth is that novices to Formal Concept Analysis can read a lattice diagram. Since there is no empirical evidence for this in the Formal Concept Analysis literature this paper ...
متن کامل