Difference between revisions of "PyFlag"

From Forensics Wiki
Jump to: navigation, search
(File Search Facilities)
 
(19 intermediate revisions by 7 users not shown)
Line 1: Line 1:
=Pyflag=
+
{{Deprecated Software}}
  
"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."
+
{{Infobox_Software |
 +
  name = PyFlag |
 +
  maintainer = [[Michael Cohen]], [[David Collett]] |
 +
  os = {{Linux}}, {{Web-based}} |
 +
  genre = {{Analysis}} |
 +
  license = {{GPL}} |
 +
  website = [http://sourceforge.net/projects/pyflag/ sourceforge.net/projects/pyflag/] |
 +
}}
  
[http://pyflag.sourceforge.net/ Website]
+
'''PyFlag''' is a web-based, database-backed ''forensic and log analysis GUI'' and [[Computer forensics framework]] written in [[Python]]. PyFlag stores disk images in numerous file formats, including raw, [[sgzip]], [[AFF]], and [[EnCase]] format.
  
 
+
= Features =
=Features=
+
== Suppoprted File Systems ==
 
+
PyFlag uses the [[Sleuthkit]] for file system support.
==File Systems Understood==
+
 
+
(unknown)
+
  
 
==File Search Facilities==
 
==File Search Facilities==
Line 22: Line 26:
  
 
Can it build timelines and search by creation date?
 
Can it build timelines and search by creation date?
 +
* Creates a "case file".
  
 
==Searching Abilities==
 
==Searching Abilities==
Line 30: Line 35:
 
==Hash Databases==
 
==Hash Databases==
 
   
 
   
* Hashes and compares with Hashkeeper using MD5.
+
* Hashes and compares with [[Hashkeeper]] using [[MD5]].
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
 
 
  
 
=History=
 
=History=
  
+
* Originally started by the [[Australian Department of Defence]], PyFlag is now hosted on [[SourceForge]].
* Creates a "case file".
+
 
+
==License Notes==
+
 
+
GNU GPL.
+
  
 
= External Links =
 
= External Links =
+
* http://sourceforge.net/projects/pyflag/
[http://pyflag.sourceforge.net/ Website}
+
 
+
==External Reviews==
+

Latest revision as of 06:34, 27 July 2012

File:40px-Ambox warning pn.png

This tool is deprecated.
The tool that this page describes is deprecated and is no longer under active development.
Further information might be found on the discussion page.

PyFlag
Maintainer: Michael Cohen, David Collett
OS: Linux,Web-based
Genre: Analysis
License: GPL
Website: sourceforge.net/projects/pyflag/

PyFlag is a web-based, database-backed forensic and log analysis GUI and Computer forensics framework written in Python. PyFlag stores disk images in numerous file formats, including raw, sgzip, AFF, and EnCase format.

Contents

[edit] Features

[edit] Suppoprted File Systems

PyFlag uses the Sleuthkit for file system support.

[edit] File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords.
  • Works with compressed zip files.

[edit] Historical Reconstruction

Can it build timelines and search by creation date?

  • Creates a "case file".

[edit] Searching Abilities

  • Searches for keywords.
  • Builds an index.

[edit] Hash Databases

[edit] Evidence Collection Features

[edit] History

[edit] External Links

Retrieved from "http://www.forensicswiki.org/w/index.php?title=PyFlag&oldid=2724"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox