Friday, December 12, 2008

PTK 1.0.2 on Ubuntu

PTK 1.0.2 is the latest GUI based forensic tool by DFLabs. It is 'an alternative Sleuthkit Interface' that works with the Mozilla Firefox, Safari, Opera and Chrome browsers.
I have played with the version released prior to PTK 1.0 in October this year and found the project to be very promising but completely unusable and buggy. Today I have installed and tested the latest version of PTK and must admit that DFLabs guys put a lot of work to make this application more stable and more useful.
The installation is very simple; I just follow the instructions and was up and running in about 15min. This version of PTK only works with Sleuthkit 3.0.0, which is not on default Ubuntu repository yet, so I had to manually download and install it.

I liked its tabbed interface as well as Timeline, Gallery and Keyword Search features. Report creation option worked quite well.

Creating filters to search for specific file types within the specified timeframe is a nice feature. The speed and responsiveness of the application is not great, but acceptable from the usability point of view.

It is still not a bug free application yet, if there is such thing.

I came across PTK version 1.0 vulnerability report by Secunia Advisory stating that PTK is vulnerable to 'an input validation error' when handling forensic images. It is somewhat unusual to read a vulnerability report about Forensic Tools simply because the different environment these tools are designed to operate. I then found on DFLabs web site a very good response in relation to this particular vulnerability report and I have nothing further to add to this.

  1. This is a free forensic tool with great potential!
  2. I will keep an eye on this tool, but will not be using it for forensic examinations yet.

Sunday, December 7, 2008

Backwards incompatible Perl 6 & Python 3.0

Both Perl 6 and Python 3.0 are made backwards incompatible with the previous releases due to the changes made in both languages. It appears that at first, these new versions are going to be much slower (10% +) than their predecessors and will be optimised in the future releases. Python 3.0 was released on 4th December 2008. Python 2.6 however will be developed and maintained until version 2.9, which is still a few years away. 'A Byte of Python' is a free ebook for those who want to learn Python. It has already been updated for the Python 3.0 language.

Monday, December 1, 2008

Write blockers - firmware

Update your write blockers with new firmware. It may be the case that a person responsible for maintenance of your forensic lab and equipment has left the organisation and your forensic equipment is left without proper attention and no one in the office gets manufactures notifications about available updates. Some updates resolve only minor issues and offer support for newer devices but there are also updates that are critical.

The upgrade process is quick and easy. Testing and documenting also takes only a few minutes. The Tableau Firmware Update tool can be found here.