This howto shows how the standard test image set can be loaded into PyFlag. The image set is designed to demosntrate some of the features of PyFlag. Ensure the image is placed into the upload directory.
- Choose "Case management/Create new case". Create a case called demo.
- Click "Load a Disk Image"
- Choose advanced as the IO Source driver, and pyflag_stdimage_0.1 as the image. Leave the offset at 0 (as this is a partition image). Finally name as io source as test.
- PyFlag will run a magic test on the image, and should deduce that it is a Linux rev 1.0 ext2 filesystem data. Select the Linux-ext2 filesystem driver and press submit.
- PyFlag will now load the initial filesystem, and users may navigate within it. However, none of the scanners have been run at this point.
- Navigate to the root of the filesystem, and click the examine toolbar icon (The magnifying glass icon) on the toolbar. This will go to the scan filesystem page.
- Ensure that we are scanning under the root (/). Enable compressed file support, as well as all other scanners.
- New files and directories have now appeared within the VFS. (e.g. the content of pst files, zip file etc).