Authors: Michael Cohen (Australian Federal Police)
DFRWS USA 2008
Abstract
Network forensics is an investigation technique looking at the network traffic generated by a system. PyFlag is a general purpose, open source, forensic package which merges disk forensics, memory forensics and network forensics. This paper describes the PyFlag architecture and in particular how that is used in the network forensics context. The novel processing of HTML pages is described and the PyFlag page rendering is demonstrated. PyFlag’s novel processing of complex web applications such as Gmail and other web applications is described. Finally PyFlag’s report generation capabilities are demonstrated.