Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
m
(Rewritten description (the previous was cut'n'pasted from the website). Added history.)
Line 1: Line 1:
=PyFlag=
+
'''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' written in [[Python]].
 
+
"''FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations''". --[http://pyflag.sourceforge.net/ PyFlag Website]
+
 
+
  
 
=Features=
 
=Features=
  
 
==File Systems Understood==
 
==File Systems Understood==
 
(unknown)
 
  
 
==File Search Facilities==
 
==File Search Facilities==
Line 20: Line 15:
  
 
Can it build timelines and search by creation date?
 
Can it build timelines and search by creation date?
 +
* Creates a "case file".
  
 
==Searching Abilities==
 
==Searching Abilities==
Line 28: Line 24:
 
==Hash Databases==
 
==Hash Databases==
 
   
 
   
* Hashes and compares with Hashkeeper using MD5.
+
* Hashes and compares with [[Hashkeeper]] using [[MD5]].
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
 
  
 
=History=
 
=History=
  
* Creates a "case file".
+
* Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]].
  
 
==License Notes==
 
==License Notes==
  
GNU GPL.
+
* GNU GPL.
  
 
= External Links =
 
= External Links =
 
   
 
   
* [http://pyflag.sourceforge.net/ Website]
+
* [http://pyflag.sourceforge.net/ Official website]
  
 
==External Reviews==
 
==External Reviews==

Revision as of 15:48, 21 March 2006

PyFlag is a web-based, database-backed forensic and log analysis GUI written in Python.

Features

File Systems Understood

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

  • Creates a "case file".

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Evidence Collection Features

History

License Notes

  • GNU GPL.

External Links

External Reviews