Random people Random location Random misc

Incident Response using PyFlag - the Forensic and Log Analysis GUI

PyFLAG (Forensic and Log Analysis GUI) is an advanced open source forensic tool for the analysis of large volumes of log files, forensic images and network captures.

PyFlag features include the ability to load many different log file formats, Perform forensic analysis of disk images, and analysing large network captures as obtained via tcpdump quickly and efficiently. PyFlag allows for advanced recursive searches. For example, keywords may be found in a word document embedded within a Zip file contained in an email attachment found within a PST file.

This tutorial will be hands on. Delegates will work through a number of simple to advanced incident response and forensic scenarios which include:

- Analysis of forensic images to determine the source of an intrusion.
- Analysis of network capture to obtain forensic evidence.
- Analysis of large server log files to determine attack patterns.

The tutorial will be focused on scenarios most likely to be presented to an incidence response team. Delegates will also learn how to write simple extension modules for PyFlag using Python.

Project: pyflag 


Michael Cohen

Dr. Michael Cohen is currently a Data Specialist within the Australian Federal Police. He previously worked for the Information Security Group in the Defence Signals Directorate as a Senior Technical Adviser. Dr. Cohen specialises in Digital Forensics and Telecommunication Intercept analysis. His hobbies include Python, C, and riding his bike.

Michael Cohen

Dr. Michael Cohen is currently a Data Specialist within the Australian Federal Police. He previously worked for the Information Security Group in the Defence Signals Directorate as a Senior Technical Adviser. Dr. Cohen specialises in Digital Forensics and Telecommunication Intercept analysis. His hobbies include Python, C, and riding his bike.

© 2007 MEL8OURNE LCA2008 and Linux Australia | Linux is a registered trademark of Linus Torvalds | Site map | Valid XHTML 1.0

rja