SANS Digital Forensics and Incident Response Blog

PTK installation, configuration and updating

In this article, we will describe the installation of PTK, a very simple and automated process notwithstanding the use it makes of various components. This process is entirely web based. First of all we remind you that the PTK 1.0 was made available for download on October 28. (PTK 1.0 changelog)

Preliminary system setup

Before starting the installation, make sure that packages essential for the functioning of PTK are available. Please note that PTK correctly supports the Mozilla Firefox, Safari and Chrome browsers. The software requirements for using PTK are as follows:

Before installing PTK, check that Apache daemons (with PHP5) and MySQL are functioning. Besides a MySQL — Apache — PHP we advise the use of the packages suite called XAMP representing a further simplification in order to install and start the three components. There are very simple steps to be taken in order to install XAMP:

  • # tar xvfz xampp-linux-1.6.7.tar.gz -C /opt
  • Open the file /opt/lampp/etc/php.ini through a text editor
  • Set the option register_globals "Off"

As for the PHP configuration, for performance reasons it is advisable to:

  • Locate the php.ini file used by your web server. You can use the phpinfo() PHP function to find it.
  • Edit the memory_limit parameter in the php.ini file (usually in a section called Resource Limits) and set it to 24MB.

Check the modules support installed in TSK using the command:
# fls -i list

It is advisable to enable, when compiling TSK, the full support for:

PTK installation

First download it, move to your apache www directory and extract the package with:

# tar —zxvf ptk-xx.xx.tar.gz
(Warning: www directory depends on your Linux distro! For GENTOO is /var/www/localhost/htdocs/, for UBUNTU is /var/www/).

Now open your browser and go to http://localhost/ptk/. You'll see the installer page. PTK runs an automatic control of the binaries present on the operating system and their respective versions. If an essential component is missing, PTK will signal an error. During installation it is necessary to insert access credentials to MySQL for the root user, the credentials of the new PTK account inside MySQL and those of PTK Master Investigator.

PTK components

Once the installation is done, PTK will automatically redirect the browser to the login screen. Remember that the only active user is Master Investigator previously set. From the settings panel it will be possible to add new users.

PTK Updating

The updating operations to the latest version are very simple. First of all you have to download the latest version and extract it inside the installation path previously seen with the same command:
# tar —zxvf ptk-xx.xx.tar.gz
open the http://localhost/ptk/, PTK will start an updating procedure of the database and essential files. All data and settings saved on DB will be kept. However, it is advisable to run a dump of the PTK database before starting the update procedure.

Reference

PTK complete tutorial

The Academy Webcast

Sourceforge Forum

PTK other resources

Michele Zambelli, GCFA SIlver #1856, is a member of PTK Team and a Security Consultant at DFLabs Italy.