User:WKPdwatkins/PTK Project

PTK Forensics (PTK) is a downloadable software tool utilized by digital forensics investigators for capturing and examining disk and memory images from computers suspected to contain evidentiary material in criminal and civil legal matters. The tool works in conjunction with The SleuthKit (TSK), an open-source forensics software apparatus widely used by investigators in that pursuit.

Functions
TSK scans the hard drives and extracts file images from Windows, Unix and Linux systems. PTK runs as a GUI interface for TSK, acting to compile and index the disk image outputs. These outputs are then stored in a SQL database and can be searched extensively for evidence and trending pertinent to the case.

Amongst other operations, PTK handles the complex process of management and comparison of hash sets tied to the images being examined. The hash algorithms employed are SHA-1 and MD5, considered to be the most widely accepted hash values for use in digital forensics. This process ensures or, in some instances, disproves the consistency of the image when compared to the original.

Other Products
IncMan (Incident Manager) - http://incman.dflabs.com

DIM (Digital Investigation Management) - http://dim.dflabs.com