Before you get started, make sure you have the following packages installed:
If you need EWF or AFF support you can install them from:
After installing everything, you need to initialize MySQL (as root):
# /sbin/chkconfig mysqld on
# /sbin/service mysqld start
# mysqladmin -u root password 'new-passwd'
You must use quotes around the new-passwd you choose, and don't forget what it is!
You must also start the http server(as root):
# /sbin/service httpd start
Now you are ready to download and install PTK from sourceforge. I downloaded version 1.0.5.
In order to install PTK, extract the tarball in your webserver directory as root:
# cd /var/www/html
# tar -xzf ptk-1.0.5.tar.gz
# chown -R apache.apache ptk
The last command above makes sure that all files are owned by the webserver user.
Now we have address a problem that still exists regarding the installation script. Go inside the ptk folder. At this point, you should see the install.php script. If you have Sleuthkit installed in /usr/local/bin the install script will not work as expected because this is not in its path. You can find out where it is installed by typing which plus one of the Sleuthkit commands e.g.:
$ which istat
If the path returned is /usr/local/bin then you can modify the install.php file by changing entries like:
$istat = shell_exec("which istat");
$istat = shell_exec('export PATH="/usr/bin:/usr/local/bin"; which istat');
and so on...
If all goes well, you will get to the options screen, which should look something like the following:
Fill everything out as you like (including distro) and press next. Now, when I installed PTK under Fedora, everything was ready to go at this point. With CentOS, it was another story. For some reason, things did not get updated with the extra configure scripts.
So, you have to manually add the locations for your Sleuthkit executables in the following files:
where config is the folder within the ptk folder [/var/www/html/ptk/config]. If you open up conf.pl it may look like:
installdir => '/var/www/html/ptk/',
md5_bin => '/usr/bin/md5sum',
sha1_bin => '/usr/bin/sha1sum',
fsstat_bin => '',
mmls_bin => '',
fls_bin => '',
istat_bin => '',
Notice that there are some blank entries. Therefore you will have to enter the correct path for those executables.
All right, so I'm not going to make you do it... :-) Here are the modified files for my CentOS box. Just make sure you put then in the right places, and you might have to chown them as well.
Enjoy! and hope this helps someone out there...