Feature List

PyFlag features are divided into 3 main area:

Network Forensics

PyFlag is able to analyse network captures in TCPDump format. There is support for a number of Network Protocols.

Log Analysis

PyFlag has a powerful Log Analysis facility. Many log formats are supported and a powerful system is provided for querying the log file data.

Disk Forensics

PyFlag has a powerful facility for analysing forensic images of hard disk drives. PyFlag supports a large number of File Formats. An emerging capability for Carving is also present.