SANS Digital Forensics and Incident Response Blog: Author - michelezambelli

PTK installation, configuration and updating

In this article, we will describe the installation of PTK, a very simple and automated process notwithstanding the use it makes of various components. This process is entirely web based. First of all we remind you that the PTK 1.0 was made available for download on October 28. (PTK 1.0 changelog)

Preliminary system setup

Before starting the installation, make sure that packages essential for the functioning of PTK are available. Please note that PTK correctly supports the Mozilla Firefox, Safari and Chrome browsers. The software requirements for using PTK are as follows:

Before installing PTK, check that Apache daemons (with


PTK structure and components

PTK Indexing
The Sleuth Kit (TSK) and PTK are both Open Source and run on UNIX platforms. As shown in the figure, there is an interaction between the advanced interface PTK and TSK core.

PTK core

In particular, TSK, shown in green, is responsiblefor acquiring, extracting and managing the low layer of data contained in the disk images. Thus, PTK adds three more levels of data management, including an indexing engine and a database, which is one of the most important new features of the project. PTK performs a preliminary indexing of images that investigator has to analyze. The Administrator can choose among these


PTK an advanced alternative interface for TSK, the presentation

PTK was developed from scratch and besides providing functions already present in Autopsy Forensic Browser, it implements numerous new features essential during forensics work. PTK is not just a new graphic and highly professional interface based on Ajax technology. It offers many features such as analysis,search and management of complex cases. This is the PTK Schema:

PTK Schema


The main component of the software is made up of an efficient Indexing Engine performing different preliminary analysis operations during evidence importing. PTK enables the management of different cases and allows different levels