Difference between revisions of "PyFlag"
From Forensics Wiki
m |
|||
| Line 9: | Line 9: | ||
| − | '''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' and [[Computer forensics framework]] written in [[Python]]. PyFlag stores disk images in | + | '''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' and [[Computer forensics framework]] written in [[Python]]. PyFlag stores disk images in numerous file formats, including raw, [[sgzip]], [[AFF]], and [[E01]] format. |
=Features= | =Features= | ||
Revision as of 22:01, 3 December 2008
| PyFlag | |
|---|---|
| Maintainer: | Michael Cohen, David Collett |
| OS: | Linux,Web-based |
| Genre: | Analysis |
| License: | GPL |
| Website: | pyflag.net |
PyFlag is a web-based, database-backed forensic and log analysis GUI and Computer forensics framework written in Python. PyFlag stores disk images in numerous file formats, including raw, sgzip, AFF, and E01 format.
Contents |
Features
File Systems Understood
File Search Facilities
- Lists allocated and unallocated files.
- Sorts files by type.
- Searches for keywords.
- Works with compressed zip files.
Historical Reconstruction
Can it build timelines and search by creation date?
- Creates a "case file".
Searching Abilities
- Searches for keywords.
- Builds an index.
Hash Databases
- Hashes and compares with Hashkeeper using MD5.
Evidence Collection Features
History
- Originally started by the Australian Department of Defence, PyFlag is now hosted on SourceForge.
License Notes
External Links
http://sourceforge.net/projects/pyflag/
