ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
(File Search Facilities)
Line 17: Line 17:
* Sorts files by type.
* Sorts files by type.
* Searches for keywords.
* Searches for keywords.
* Registry Viewer
* Works with compressed zip files.
==Historical Reconstruction==
==Historical Reconstruction==

Revision as of 17:07, 21 March 2006


"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."



File Systems Understood


File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

  • Hashes and compares with Hashkeeper using MD5.

Evidence Collection Features


  • Creates a "case file".

License Notes


External Links

[ Website}

External Reviews