PyFlag

From Forensics Wiki

Revision as of 12:06, 21 March 2006 by Pw (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Pyflag
2 Features
3 History
- 3.1 License Notes
4 External Links
- 4.1 External Reviews

Pyflag

"FLAG (Forensic and Log Analysis GUI) was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. PyFlag uses a database as a backend to assist in managing the large volumes of data. This allows PyFlag to remain responsive and expedite data manipulation operations."

Features

File Systems Understood

(unknown)

File Search Facilities

Lists allocated and unallocated files.
Sorts files by type.
Searches for keywords.
Registry Viewer

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Searches for keywords.
Builds an index.

Hash Databases

Hashes and compares with Hashkeeper using MD5.

Evidence Collection Features

History

Creates a "case file".

License Notes

GNU GPL.

External Links

[http://pyflag.sourceforge.net/ Website}

External Reviews

Retrieved from "http://www.forensicswiki.org/w/index.php?title=PyFlag&oldid=2703"

Personal tools

Log in / create account

About forensicswiki.org:

Toolbox