US Army Releases Code For Internal Forensics Framework

An anonymous reader writes: The U.S. Army Research Laboratory in Maryland has released on GitHub a version of a Python-based internal forensics tool which the army itself has been using for five years. Dshell is a Linux-based framework designed to help investigators identify and examine compromised IT environments. One of the intentions of the open-sourcing of the project is to involve community developers in the creation of new modules for the framework. The official release indicates that the version of Dshell released to Github is not necessarily the same one that the Army uses, or at least that the module package might be pared down from the Army-issued software.

Re:Is Encase worried yet?

[plover]

Yeah, the more I dig into it, the more it looks like an investigative tool than an evidence analysis tool. That's pretty cool, but as you say, it looks a lot like Wireshark. Still, when you're facing an unknown attacker, it may not hurt to have a couple different views on the problem.