FLAG (Forensic and Log Analysis GUI) is an advanced forensic tool for the analysis of large volumes of log files and forensic investigations. PyFlag features a rich FeatureList which include the ability to load many different log file formats, Perform forensic analysis of disks and images. PyFlag can also analyse network traffic as obtained via tcpdump quickly and efficiently. Since PyFLAG is web based, it is able to be deployed on a central server and shared with a number of users at the same time. Data is loaded into cases which keeps information separated. PyFlag is available under the terms of the GPL for anyone to use, modify and improve. Network Forensics
- PyFlag is able to analyse network captures in TCPDump format. There is support for a number of Network Protocols.
Log Analysis
- PyFlag has a powerful Log Analysis facility. Many log formats are supported and a powerful system is provided for querying the log file data.
Disk Forensics
- PyFlag has a powerful facility for analysing forensic images of hard disk drives. PyFlag supports a large number of File Formats. An emerging capability for Carving is also present.
|
Imaging
Recherche
PyFlag
Autopsy
Netzwerk
WLAN
Cracking
Rootkits
Steganographie
Sonstiges