Welcome to PyFlag.net, The PyFlag Wiki

What is PyFlag?

FLAG (Forensic and Log Analysis GUI) is an advanced forensic tool for the analysis of large volumes of log files and forensic investigations.

PyFlag features a rich FeatureList which include the ability to load many different log file formats, Perform forensic analysis of disks and images. PyFlag can also analyse network traffic as obtained via tcpdump quickly and efficiently.

Since PyFLAG is web based, it is able to be deployed on a central server and shared with a number of users at the same time. Data is loaded into cases which keeps information separated.

PyFlag is available under the terms of the GPL for anyone to use, modify and improve.

Whats New?

PyFlag was used by 2 of the 5 submissions to the recent Digital Forensics Research Workshop (DFRWS) conference!!! Including the submission which was placed first. This submission has a great walkthough of how PyFlag can be used in a real case:

http://sandbox.dfrws.org/2008/Cohen_Collet_Walters/

A PyFlag tutorial was presented at the annual linux conference. Further information can be found in http://mirror.linux.org.au/linux.conf.au/2008/Thu/indexogg.htm.

The current version of PyFlag is Version 0.86RC1 (released 31st Jan 2008):

• This version improves column types so arbitrary columns can be built joining many different tables.
• Much improved html rendering for network forensics.

The previous version of PyFlag is Version 0.85 (released 28th of December 2007):

• This version features many bug fixes
• A more powerful geoip engine which allows searching and grouping on geoip data.
• Many new file handlers and protocols handlers (e.g. Mozilla history files, Hotmail parsing)

• Memory forensics integrates the Volatility framework

• More powerful log analysis facilities including windows Event logs, and Advanced log driver.
• Preloading filters on log analysis allows for loading a small subset of the log file into the database for faster searching.
• Implemented Advanced carvers from DFRWS challenge.
• Introduction of a new stats view to allow drilling down on various aspects of the case.

Where to from here?

You can continue to navigate this site:

• FeatureList

• Utilities

• Tutorials

• Download

• ScreenShots

• Presentations

• Papers and Articles

• FAQ

• DeveloperDocumentation

• Browse the source

Report a Bug

To view current outstanding bugs, see the BugIndex.

To report a bug click here Bug0086.

Please note this should NOT be used for feature requests (see below).

Feature Requests

To view the current feature requests, see the FeatureRequests.

To request a feature, click here Feature0028

For the more general and/or long term direction of pyFlag, please see the discussions section below (the simpler and agreed on topics should now be moved to the feature request tracker)

Feature discussions

The ToDo page deals with discussion about possible future developments in PyFlag