Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
(History)
(License Notes)
Line 44: Line 44:
 
* Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]].
 
* Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]].
 
* As of 2012-07-24, this project is no longer under active development.
 
* As of 2012-07-24, this project is no longer under active development.
 
==License Notes==
 
  
 
= External Links =
 
= External Links =

Revision as of 12:45, 24 July 2012

PyFlag
Maintainer: Michael Cohen, David Collett
OS: Linux,Web-based
Genre: Analysis
License: GPL
Website: sourceforge.net/projects/pyflag/


PyFlag is a web-based, database-backed forensic and log analysis GUI and Computer forensics framework written in Python. PyFlag stores disk images in numerous file formats, including raw, sgzip, AFF, and EnCase format.

Features

File Systems Understood

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

  • Creates a "case file".

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Evidence Collection Features

History

External Links

External Reviews