Papers and Articles

This section covers various forensic related papers and articles which have something to do with PyFlag:

• RAID reconstruction, Covers an innovative technique to reconstruct a RAID set when individual drives were acquired separately.

• Indexing and Keyword Searching. This paper discusses the indexing technology implemented within PyFlag, its strengths and weaknesses and introduces the indexer.py stand alone utility.

• Hooking IO Calls for Multi-Format Image Support. This paper discusses a novel technique for transparently allowing arbitrary programs to support all the image file formats that are supported by PyFlag.

• Using Fuse with PyFlag. This short howto explains how to install fuse (filesystems in userspace) to allow some of the more advanced features in PyFlag.

• Timestamps in PyFlag. This article explains how timestamps are stored and displayed in PyFlag.

• Advanced Open Standard Forensics Format. This discussion paper aims to develop a modern forensic file format.

• C programming tips. These pages discuss some tips and tricks to implementing advanced programming paradigms in C.

• DFRWS Carving Challenge. The Digital Forensic Research Workshop Carving Challenge.