Army Research Lab Releases Dshell Forensics Framework

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.

The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The goal in open sourcing the framework is to encourage outside developers and analysts to develop and contribute their own modules, based on their experiences.

“Outside of government there are a wide variety of cyber threats that are similar to what we face here at ARL,” William Glodek, Network Security branch chief at the Army Research Laboratory, said in a statement.

“Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems.”

The Dshell framework is available on GitHub, and Glodek said in his statement that he hopes that users in private industry and the academic community will find the framework useful and be able to contribute their own modules and help expand the framework’s functionality.

“The success of Dshell so far has been dependent on a limited group of motivated individuals within government. By next year it should be representative of a much larger group with much more diverse backgrounds to analyze cyber attacks that are common to us all,” Glodek said.

The release of Dshell comes shortly after Cisco released its own OpenSOC security analytics framework on GitHub in November. That framework is designed specifically for large network environments and provides some anomaly detection and incident forensics capabilities.

“OpenSOC is a Big Data security analytics framework designed to consume and monitor network traffic and machine exhaust data of a data center. OpenSOC is extensible and is designed to work at a massive scale,” the OpenSOC documentation says.

Suggested articles