Dshell User Guide

Krych, Daniel E.; Edwards, Joshua

Dshell User Guide

Active / Technical Report | Accesssion Number: AD1210033 | DOI: 10.21236/AD1210033 |

Open PDF

Abstract:

This report is a general user guide for the decoder-shell (Dshell) framework. It details installation and both basic and advanced analysis usage with examples. Dshell is an open-source, Python-based, network forensic analysis framework developed by the US Army Combat Capabilities Development Command Army Research Laboratory. It is a modular and flexible framework, which includes over 40 plugins for the analysis and decoding of network traffic using a variety of network protocols. Dshell plugins are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner via command-line interface. Dshell is a tool for network forensic analysis that can be used out of the box for simple and advanced analyses, or customized to fit an end-users needs. The Dshell GitHub repository contains the current Python 3 version as well as an archived Python 2 version available as a tarball. This user guide only applies to the current version.

Author(s):

Krych, Daniel E. ; Edwards, Joshua

Author Organization(s):

ARMY RESEARCH LAB ABERDEEN PROVING GROUND MD

Funding Organization(s):

ARMY RESEARCH LAB ABERDEEN PROVING GROUND MD, ABERDEEN PROVING GROUND, MD

Document Type:

Technical Report/Special Report

Publication Date:

2023 Apr 01

Pagination:

26

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release.

Copyright: Not Copyrighted

RECORD

Collection: TRECMS

Subject Terms

Keyword(s):

Cyber, and Computational Sciences, Dshell, user, analyst, guide, manual, cyber, forensics, traffic analysis, decode, pcap, monitor, dissection

Subject Categories:

Mathematical and Computer Sciences

Creation Date:

2023 Sep 13

Update Date:

2024 Jul 05