Dshell Logo

Dshell

0
Free
Visit Website

An extensible network forensic analysis framework that enables rapid development of plugins to support the dissection of network packet captures. Key features include deep packet analysis using specialized plugins, robust stream reassembly, IPv4 and IPv6 support, multiple user-selectable output formats, chainable plugins, parallel processing option, and the ability to create custom output handlers. It also provides guides such as the Dshell User Guide for installation and analysis, and the Dshell Developer Guide for plugin development. Requirements include Linux (developed on Ubuntu 20.04 LTS), Python 3 (developed with Python 3.8.10), pypacker, pcapy-ng, pyOpenSSL, and MaxMind GeoIP2 for geoip2.

FEATURES

ALTERNATIVES

A powerful reverse engineering framework

Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.

Open source tool for generating YARA rules about installed software from a running OS.

Automated digital image forensics tool

A command-line utility to show and change EXIF information in JPEG files

Recover event log entries from an image by heuristically looking for record structures.

A tool with advanced filtering capabilities for analyzing events based on time, path, weekday, and date.

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

PINNED