Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
(File Systems Understood)
Line 16: Line 16:
==File Systems Understood==
==File Systems Understood==
See: [[Sleuthkit]]
PyFlag uses the [[Sleuthkit]] for file system support.
==File Search Facilities==
==File Search Facilities==

Revision as of 17:47, 24 July 2012

Maintainer: Michael Cohen, David Collett
OS: Linux,Web-based
Genre: Analysis
License: GPL
Website: sourceforge.net/projects/pyflag/

PyFlag is a web-based, database-backed forensic and log analysis GUI and Computer forensics framework written in Python. PyFlag stores disk images in numerous file formats, including raw, sgzip, AFF, and EnCase format.


File Systems Understood

PyFlag uses the Sleuthkit for file system support.

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

  • Creates a "case file".

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Evidence Collection Features


External Links