Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
(File Search Facilities)
Line 17: Line 17:
* Sorts files by type.
* Sorts files by type.
* Searches for keywords.
* Searches for keywords.
* Registry Viewer
* Works with compressed zip files.
==Historical Reconstruction==
==Historical Reconstruction==

Revision as of 17:07, 21 March 2006


"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."



File Systems Understood


File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

  • Hashes and compares with Hashkeeper using MD5.

Evidence Collection Features


  • Creates a "case file".

License Notes


External Links

[http://pyflag.sourceforge.net/ Website}

External Reviews