Difference between revisions of "PyFlag"

From ForensicsWiki
Jump to: navigation, search
 
Line 1: Line 1:
=DIBS=
+
=Pyflag=
  
This Fort Worth based company makes forensics software and packages it with portable hardware for investigators in the field with desktop workstations for offices.
+
"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."
  
[http://www.dibsusa.com/ Website]
+
[http://pyflag.sourceforge.net/ Website]
  
  
Line 24: Line 24:
  
 
==Searching Abilities==
 
==Searching Abilities==
 
+
* Can use basic keyword searching.
+
* Searches for keywords.
* Offers full-text indexing.
+
* Builds an index.
  
 
==Hash Databases==
 
==Hash Databases==
 
+
* Offers the "Hash Library-KFF".
+
* Hashes and compares with Hashkeeper using MD5.
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
  
Can it sign files? Does it keep an audit log?
+
 
  
 
=History=
 
=History=
  
 
   
 
   
 +
* Creates a "case file".
  
 
==License Notes==
 
==License Notes==
  
Is it commercial or open source? Are there other licensing options?
+
GNU GPL.
  
 
= External Links =
 
= External Links =
 
   
 
   
[http://www.dibsusa.com/ Website}
+
[http://pyflag.sourceforge.net/ Website}
  
 
==External Reviews==
 
==External Reviews==

Revision as of 13:06, 21 March 2006

Pyflag

"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."

Website


Features

File Systems Understood

(unknown)

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Registry Viewer

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Searches for keywords.
  • Builds an index.

Hash Databases

  • Hashes and compares with Hashkeeper using MD5.

Evidence Collection Features

History

  • Creates a "case file".

License Notes

GNU GPL.

External Links

[http://pyflag.sourceforge.net/ Website}

External Reviews