ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
 
Line 1: Line 1:
=DIBS=
+
=Pyflag=
  
This Fort Worth based company makes forensics software and packages it with portable hardware for investigators in the field with desktop workstations for offices.
+
"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."
  
[http://www.dibsusa.com/ Website]
+
[http://pyflag.sourceforge.net/ Website]
  
  
Line 24: Line 24:
  
 
==Searching Abilities==
 
==Searching Abilities==
 
+
* Can use basic keyword searching.
+
* Searches for keywords.
* Offers full-text indexing.
+
* Builds an index.
  
 
==Hash Databases==
 
==Hash Databases==
 
+
* Offers the "Hash Library-KFF".
+
* Hashes and compares with Hashkeeper using MD5.
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
  
Can it sign files? Does it keep an audit log?
+
 
  
 
=History=
 
=History=
  
 
   
 
   
 +
* Creates a "case file".
  
 
==License Notes==
 
==License Notes==
  
Is it commercial or open source? Are there other licensing options?
+
GNU GPL.
  
 
= External Links =
 
= External Links =
 
   
 
   
[http://www.dibsusa.com/ Website}
+
[http://pyflag.sourceforge.net/ Website}
  
 
==External Reviews==
 
==External Reviews==

Revision as of 17:06, 21 March 2006

Pyflag

"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."

Website


Features

File Systems Understood

(unknown)

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Registry Viewer

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

  • Hashes and compares with Hashkeeper using MD5.

Evidence Collection Features

History

  • Creates a "case file".

License Notes

GNU GPL.

External Links

[http://pyflag.sourceforge.net/ Website}

External Reviews