Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
(fix website)
m
Line 9: Line 9:
  
  
'''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' written in [[Python]].
+
'''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' written in [[Python]].  PyFlag stores disk images in the [[sgzip]] format.
  
 
=Features=
 
=Features=
 +
 +
  
 
==File Systems Understood==
 
==File Systems Understood==

Revision as of 09:07, 11 June 2007

PyFlag
Maintainer: Michael Cohen, David Collett
OS: Linux,Web-based
Genre: Analysis
License: GPL
Website: pyflag.net


PyFlag is a web-based, database-backed forensic and log analysis GUI written in Python. PyFlag stores disk images in the sgzip format.

Features

File Systems Understood

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

  • Creates a "case file".

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Evidence Collection Features

History

License Notes

External Links

External Reviews