Difference between revisions of "PyFlag"
From Forensics Wiki
Joachim Metz (Talk | contribs) (→History) |
Joachim Metz (Talk | contribs) (→License Notes) |
||
| Line 44: | Line 44: | ||
* Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]]. | * Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]]. | ||
* As of 2012-07-24, this project is no longer under active development. | * As of 2012-07-24, this project is no longer under active development. | ||
| − | |||
| − | |||
= External Links = | = External Links = | ||
Revision as of 12:45, 24 July 2012
| PyFlag | |
|---|---|
| Maintainer: | Michael Cohen, David Collett |
| OS: | Linux,Web-based |
| Genre: | Analysis |
| License: | GPL |
| Website: | sourceforge.net/projects/pyflag/ |
PyFlag is a web-based, database-backed forensic and log analysis GUI and Computer forensics framework written in Python. PyFlag stores disk images in numerous file formats, including raw, sgzip, AFF, and EnCase format.
Contents |
Features
File Systems Understood
File Search Facilities
- Lists allocated and unallocated files.
- Sorts files by type.
- Searches for keywords.
- Works with compressed zip files.
Historical Reconstruction
Can it build timelines and search by creation date?
- Creates a "case file".
Searching Abilities
- Searches for keywords.
- Builds an index.
Hash Databases
- Hashes and compares with Hashkeeper using MD5.
Evidence Collection Features
History
- Originally started by the Australian Department of Defence, PyFlag is now hosted on SourceForge.
- As of 2012-07-24, this project is no longer under active development.
