I came across a security tool that seems to be sponsored or written by
the Australian Department of Defence called PyFLAG, Forensic and Log
FLAG was designed to simplify
the process of log file analysis and forensic investigations. Often, when
investigating a large case, a great deal of data needs to be analysed and
correlated. Flag uses a database as a backend to assist in managing the
large volumes of data. This allows flag to remain responsive and expedite
data manipulation operations.
Since FLAG is web based, it
is able to be deployed on a central server and shared with a number of
users at the same time. Data is loaded into cases which keeps information
separated. Flag also has a system for reporting the findings of the analysis
by extensively using bookmarks.
is very curious. I sent them an email questioning the orgins and
contined relationship that the Australian government has with this
project. I will throw it in the lab next week and see what this
puppy can do. Here is the government web site and the sorceforge site.