Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
 
 
(21 intermediate revisions by 8 users not shown)
Line 1: Line 1:
=DIBS=
+
{{Deprecated Software}}
  
This Fort Worth based company makes forensics software and packages it with portable hardware for investigators in the field with desktop workstations for offices.
+
{{Infobox_Software |
 +
  name = PyFlag |
 +
  maintainer = [[Michael Cohen]], [[David Collett]] |
 +
  os = {{Linux}}, {{Web-based}} |
 +
  genre = {{Analysis}} |
 +
  license = {{GPL}} |
 +
  website = [http://sourceforge.net/projects/pyflag/ sourceforge.net/projects/pyflag/] |
 +
}}
  
[http://www.dibsusa.com/ Website]
+
'''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' and [[Computer forensics framework]] written in [[Python]]. PyFlag stores disk images in numerous file formats, including raw, [[sgzip]], [[AFF]], and [[EnCase]] format.
  
 
+
= Features =
=Features=
+
== Suppoprted File Systems ==
 
+
PyFlag uses the [[Sleuthkit]] for file system support.
==File Systems Understood==
+
 
+
(unknown)
+
  
 
==File Search Facilities==
 
==File Search Facilities==
Line 17: Line 21:
 
* Sorts files by type.
 
* Sorts files by type.
 
* Searches for keywords.
 
* Searches for keywords.
* Registry Viewer
+
* Works with compressed zip files.
  
 
==Historical Reconstruction==
 
==Historical Reconstruction==
  
 
Can it build timelines and search by creation date?
 
Can it build timelines and search by creation date?
 +
* Creates a "case file".
  
 
==Searching Abilities==
 
==Searching Abilities==
 
+
* Can use basic keyword searching.
+
* Searches for keywords.
* Offers full-text indexing.
+
* Builds an index.
  
 
==Hash Databases==
 
==Hash Databases==
 
+
* Offers the "Hash Library-KFF".
+
* Hashes and compares with [[Hashkeeper]] using [[MD5]].
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
 
Can it sign files? Does it keep an audit log?
 
  
 
=History=
 
=History=
  
+
* Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]].
 
+
==License Notes==
+
 
+
Is it commercial or open source? Are there other licensing options?
+
  
 
= External Links =
 
= External Links =
+
* http://sourceforge.net/projects/pyflag/
[http://www.dibsusa.com/ Website}
+
 
+
==External Reviews==
+

Latest revision as of 06:34, 27 July 2012

40px-Ambox warning pn.png

This tool is deprecated.
The tool that this page describes is deprecated and is no longer under active development.
Further information might be found on the discussion page.

PyFlag
Maintainer: Michael Cohen, David Collett
OS: Linux,Web-based
Genre: Analysis
License: GPL
Website: sourceforge.net/projects/pyflag/

PyFlag is a web-based, database-backed forensic and log analysis GUI and Computer forensics framework written in Python. PyFlag stores disk images in numerous file formats, including raw, sgzip, AFF, and EnCase format.

Features

Suppoprted File Systems

PyFlag uses the Sleuthkit for file system support.

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

Historical Reconstruction

Can it build timelines and search by creation date?

  • Creates a "case file".

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

Evidence Collection Features

History

External Links