Dshell Logo

Dshell

0
Free
Visit Website

An extensible network forensic analysis framework that enables rapid development of plugins to support the dissection of network packet captures. Key features include deep packet analysis using specialized plugins, robust stream reassembly, IPv4 and IPv6 support, multiple user-selectable output formats, chainable plugins, parallel processing option, and the ability to create custom output handlers. It also provides guides such as the Dshell User Guide for installation and analysis, and the Dshell Developer Guide for plugin development. Requirements include Linux (developed on Ubuntu 20.04 LTS), Python 3 (developed with Python 3.8.10), pypacker, pcapy-ng, pyOpenSSL, and MaxMind GeoIP2 for geoip2.

FEATURES

ALTERNATIVES

DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.

Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.

Orochi is a collaborative forensic memory dump analysis framework.

A python module for orchestrating content acquisitions and analysis via Amazon SSM.

MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.

A library and tools to access and analyze APFS file systems

Malscan is a tool to scan process memory for YARA matches and execute Python scripts.

A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.