Feature List

PyFlag features are divided into 4 main areas:

Network Forensics

PyFlag is able to analyse network captures in TCPDump format. There is support for a number of Network Protocols.

Log Analysis

PyFlag has a powerful Log Analysis facility. Many log formats are supported and a powerful system is provided for querying the log file data.

Disk Forensics

PyFlag has a powerful facility for analyzing forensic images of hard disk drives. PyFlag supports a large number of File Formats. An emerging capability for Carving is also present.

Memory Forensics

PyFlag has preliminary support for some Memory forensics functions, using the Volatility Framework.

PyFlag Manual

There is an online PyFlag Manual available for more information about each of these features.