ProDiscover is an excellent analysis application that I have had the privilege of having access to since Version 3 Version 5 was released in summer 2008. Cohen used PyFlag to perform his analysis, searching the provided data (a memory dump and an image acquired from a thumb drive) for clues to answer the questions posed in the challenge. Cohen has also incorporated Volatility’s functionality within PyFlag, allowing an analyst to include memory dumps.ĭuring the DFRWS 2008 Forensic Rodeo (Dr. PyFlag incorporates the use of the TSK tools and allows an analyst to incorporate acquired image files, log data, and packet captures all in one "case." Dr. Once PyFlag is installed, you can use it normally, just as you would if it were running on Linux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |