An extensible network forensic analysis framework that enables rapid development of plugins to support the dissection of network packet captures. Key features include deep packet analysis using specialized plugins, robust stream reassembly, IPv4 and IPv6 support, multiple user-selectable output formats, chainable plugins, parallel processing option, and the ability to create custom output handlers. It also provides guides such as the Dshell User Guide for installation and analysis, and the Dshell Developer Guide for plugin development. Requirements include Linux (developed on Ubuntu 20.04 LTS), Python 3 (developed with Python 3.8.10), pypacker, pcapy-ng, pyOpenSSL, and MaxMind GeoIP2 for geoip2.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A script to assist in creating templates for VirtualBox to enhance VM detection evasion.
A software that collects forensic artifacts on systems for forensic investigations.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
Open source digital forensics tools for analyzing disk images and recovering files.
Digital investigation tool for extracting forensic data from computers and managing investigations.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.