PyFlag Logo
   
Introduction
FAQ
Screenshots
 
Downloads
Download PyFlag
Standard Image Sets
Browse the Source
 
Documentation
User Manual
Tutorials
Developer Documentation
Papers and Articles
Presentations
 
Email Us
Support Mailing List
 
Thanks to Sourceforge for their support: SourceForge.net Logo
[Python Powered]
 
© 2004-2005
 
Print this page
  

PyFlag Tutorials

Introduction

PyFlag is an advanced forensic application with many features. Often new users find it difficult to comprehend the many features and ways of using PyFlag in real life contexts. These tutorials address this need and provide examples of how to use Flag in real life scenarios.

Although in real life it is rare to use all the features that PyFlag offers in the same case, these tutorials attempt to show off many of the features available. Often we do not necessarily arrive at the final conclusions in the quickest way, rather we show different features along the way which may be useful occasionally. Once users are accustomed to the different features and techniques, the most appropriate methodology for specific cases should become evident.

Accompanying these tutorials are a number of example files containing images, or log files. These pre-fabricated samples are not actual forensic evidence. The example files strike a balance between complexity (allowing users to really stress test PyFlag) and download size. We encourage users to employ these samples when evaluating other forensic products against PyFlag. We welcome constructive comments on improving PyFlag. Eventually we hope the sample images evolve to become a subjective metric used to measure performance of forensic tools in general.

Conventions

By convention terminal IO is marked as follows, with lines preceded by the bash prompt as command-lines, while other lines are marked as output:

mic@dell:~/pyflag$ ./flag.sh
Debug: Will attempt to load plugin '/home/mic/pyflag/pyflag/..//plugins/CaseManagement.py'
Debug: Added pyflag.Reports.report 'Case management:DelCase'
Debug: Added pyflag.Reports.report 'Case management:NewCase'
Debug: Added pyflag.Reports.report 'Case management:ResetCase'
...
Debug: Added pyflag.pyflagsh.command 'BasicCommands:pwd'
Debug: Added pyflag.pyflagsh.command 'BasicCommands:reset'
Debug: Added pyflag.pyflagsh.command 'BasicCommands:set'
Serving HTTP on 0.0.0.0 port 8000 ...

Paths

The author has the binary pyflag distribution installed in their home directory under ~/pyflag/.

The configured upload directory is /var/tmp/demo/. The upload directory is the directory where all images and log files must reside in order for PyFlag to load them.

It is possible to set the PATH variable to include ~/pyflag/bin/, in that case all PyFlag utilities become available without a fully qualified path reference.

Tutorials

The following tutorials are currently available:

View document source. Generated on: 2005-08-20 13:24 UTC. Generated by Docutils from reStructuredText source.