Dshell User Guide
Abstract
This report is a general user guide for the decoder-shell (Dshell) framework. It details installation and both basic and advanced analysis usage with examples. Dshell is an open-source, Python-based, network forensic analysis framework developed by the US Army Combat Capabilities Development Command Army Research Laboratory. It is a modular and flexible framework, which includes over 40 plugins for the analysis and decoding of network traffic using a variety of network protocols. Dshell plugins are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner via command-line interface. Dshell is a tool for network forensic analysis that can be used out of the box for simple and advanced analyses, or customized to fit an end-users needs. The Dshell GitHub repository contains the current Python 3 version as well as an archived Python 2 version available as a tarball. This user guide only applies to the current version.
Document Details
- Document Type
- Technical Report
- Publication Date
- Apr 01, 2023
- Accession Number
- AD1210033
Entities
People
- Daniel E. Krych
- Joshua Edwards
Organizations
- United States Army Research Laboratory