Welcome to PyFlag.net, The PyFlag Wiki

What is PyFlag?

FLAG (Forensic and Log Analysis GUI) is an advanced forensic tool for the analysis of large volumes of log files and forensic investigations.

PyFlag features a rich FeatureList which include the ability to load many different log file formats, Perform forensic analysis of disks and images. PyFlag can also analyse network traffic as obtained via tcpdump quickly and efficiently.

Since PyFLAG is web based, it is able to be deployed on a central server and shared with a number of users at the same time. Data is loaded into cases which keeps information separated.

PyFlag is available under the terms of the GPL for anyone to use, modify and improve.

Whats New?

There is very preliminary windows port of PyFlag. See PyFlagWindows for more.

PyFlag was used by 2 of the 5 submissions to the recent Digital Forensics Research Workshop (DFRWS) conference!!! Including the submission which was placed first. This submission has a great walkthough of how PyFlag can be used in a real case:

http://sandbox.dfrws.org/2008/Cohen_Collet_Walters/

A PyFlag tutorial was presented at the annual linux conference. Further information can be found in http://mirror.linux.org.au/linux.conf.au/2008/Thu/indexogg.htm.

The current version of PyFlag is Version 0.87pre1 (released 3rd Sep 2008):

• This version incorporates all the changes implemented in response to the DFRWS forensic challenge (so you should be able to follow the walkthrough with it).
• The ability to prepare stand alone reports with interlinked static html pages.
• Lots of webmail analysis
• A new hexeditor widget allows sophisticated interactive analysis.
• Powerful new keyword indexing and searching facility allows indexing to be distributed across clustered CPUs.

• Memory forensics integrates the Volatility framework

Where to from here?

You can continue to navigate this site:

• FeatureList

• Utilities

• Tutorials

• Download

• ScreenShots

• Presentations

• Papers and Articles

• FAQ

• DeveloperDocumentation

• Browse the source

Report a Bug

To view current outstanding bugs, see the BugIndex.

To report a bug click here Bug0096.

Please note this should NOT be used for feature requests (see below).

Feature Requests

To view the current feature requests, see the FeatureRequests.

To request a feature, click here Feature0031

For the more general and/or long term direction of pyFlag, please see the discussions section below (the simpler and agreed on topics should now be moved to the feature request tracker)

Feature discussions

The ToDo page deals with discussion about possible future developments in PyFlag