PyFLAG - A Forensic and Log Analysis GUI


Modern computer forensic techniques are often time consuming and require manipulation of very large quantities of data. The Forensic and Log Analysis GUI (pyFLAG) is a free (GPL) forensic package designed to streamline the analysis of very large quantities of data. The core design goal of pyFLAG is to use a relational database for managing the large quantities of data uncovered during automatic forensic analysis, leaving the investigator to peruse the results once the time consuming analysis is done. This tutorial covers a number of common computer forensic techniques, and illustrate how these techniques are implemented within pyFLAG. Delegates will perform some of these techniques on forensic evidence and will be able to perform simple forensic analysis and incident response. The following broad categories are covered: - Disk Forensics - Log Analysis - Network Forensics

Michael Cohen

Dr. Michael Cohen graduated as a bachelor of Electrical Engineering from the University of Queensland in 1996 with first class honours. He received his PhD from the Australian National university in 2001 in the field of Physical Sciences (Semiconductor Lasers). Michael has been working in the Australian Department of Defence since 2001 where he is currently a senior technical advisor to the Information Security Group. Michael specialises in incident response and forensics, as well as information security.