Difference between revisions of "PyFlag"
From Forensics Wiki
(→File Search Facilities) |
Uwe Hermann (Talk | contribs) m |
||
| Line 1: | Line 1: | ||
| − | = | + | =PyFlag= |
| − | "FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations | + | "''FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations''". --[http://pyflag.sourceforge.net/ PyFlag Website] |
| − | + | ||
| − | [http://pyflag.sourceforge.net/ Website] | + | |
| Line 33: | Line 31: | ||
==Evidence Collection Features== | ==Evidence Collection Features== | ||
| − | |||
=History= | =History= | ||
| − | |||
* Creates a "case file". | * Creates a "case file". | ||
| Line 47: | Line 43: | ||
= External Links = | = External Links = | ||
| − | [http://pyflag.sourceforge.net/ Website | + | * [http://pyflag.sourceforge.net/ Website] |
==External Reviews== | ==External Reviews== | ||
Revision as of 15:12, 21 March 2006
Contents |
PyFlag
"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations". --PyFlag Website
Features
File Systems Understood
(unknown)
File Search Facilities
- Lists allocated and unallocated files.
- Sorts files by type.
- Searches for keywords.
- Works with compressed zip files.
Historical Reconstruction
Can it build timelines and search by creation date?
Searching Abilities
- Searches for keywords.
- Builds an index.
Hash Databases
- Hashes and compares with Hashkeeper using MD5.
Evidence Collection Features
History
- Creates a "case file".
License Notes
GNU GPL.
