Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Military Open Source Python Software

US Army Releases Code For Internal Forensics Framework 37

An anonymous reader writes: The U.S. Army Research Laboratory in Maryland has released on GitHub a version of a Python-based internal forensics tool which the army itself has been using for five years. Dshell is a Linux-based framework designed to help investigators identify and examine compromised IT environments. One of the intentions of the open-sourcing of the project is to involve community developers in the creation of new modules for the framework. The official release indicates that the version of Dshell released to Github is not necessarily the same one that the Army uses, or at least that the module package might be pared down from the Army-issued software.
This discussion has been archived. No new comments can be posted.

US Army Releases Code For Internal Forensics Framework

Comments Filter:
  • Being produced by the Army, this has the chance to be taken seriously enough by companies that are currently beholden to Encase. I know Autopsy and the Forensic Toolkit have been around for quite a while, but I haven't seen them really take off as a serious competitor.

    • This looks like less Encase and more WireShark/pcap post processing.

      • by plover ( 150551 ) on Friday January 30, 2015 @03:47PM (#48942249) Homepage Journal

        Yeah, the more I dig into it, the more it looks like an investigative tool than an evidence analysis tool. That's pretty cool, but as you say, it looks a lot like Wireshark. Still, when you're facing an unknown attacker, it may not hurt to have a couple different views on the problem.

        • by Solozerk ( 1003785 ) on Friday January 30, 2015 @10:04PM (#48944491)
          It's a Python frontend to the wireshark filters accessible from a GUI console. Whoop dee doo !
          That being said, it also includes some features for tracking continuous sessions based on L7 filtering, provides a limited GeoIP resolution, and so on - and it at least provides a framework for developing more advanced analysis.

          As others have said since this release, it is at least an open source, base framework for developing more advanced stuff, and it provides library integration points for other software. As basic as it is, it might provide a common framework for an open development of an advanced traffic analysis tool that'll be open (after careful reading of the code, any relatively good expert would be able to provide a similarly capable code in a matter of days and probably has, as an interesting case study/exercise previously - I know I did, limited to HTTP analysis but still). That can only be a good thing, if only to regroup efforts in that direction to provide a universal traffic analysis tool for forensics and so on.

          Any code being released open source is always a plus :-) It's nice to see even the US army realizes this.
    • I don't think EnCase will worry yet. When people ask, I always say that EnCase is the Windows of forensic software. Windows may suck, but it's still the "gold standard" tool to use in forensics examinations, FTK being second. There's always a niche tho, like BlackLight for Mac examinations. I'm not much of a developer but I would love to poke around with Dshell.
  • by Anonymous Coward

    Destroying free enterprise by releasing stuff for FREE that was paid for by EVIL taxes!

    Don't they remember the words of our Founding Fathers who said "Four Score and Seven Years ago, we asked what can our country do for us that would show e have nothing to fear except death and taxes, but would instead create a more perfect capitalism for Tippacanoe and Tyler too!"

    • by Anonymous Coward

      Well, I suppose a free-market capitalist ought to be offended by this project, if he or she were a caricature living in your head...

  • Trust (Score:5, Funny)

    by dotancohen ( 1015143 ) on Friday January 30, 2015 @03:34PM (#48942127) Homepage

    I'm not sure that I trust this "open source" code from, of all places the US Army, available on Github. Does anyone have a compiled binary for Kubuntu that I could try?

  • by Anonymous Coward

    A string of open source tools marginally better than Wireshark?! This is the state of forensics in the Army? I'm fucking horrified.
    Go look at commercial solutions from Blue Coat or RSA for full packet capture and analysis.

    This dshell stuff sucks rocks.

  • by dremspider ( 562073 ) on Friday January 30, 2015 @06:23PM (#48943349)
    If instead of developing from the ground up they had simply invested their time and effort into enhancing an already existing project that already does more.. https://www.bro.org/ [bro.org]
  • The most bloated budget in the history of the world wants freebies from software developers? Really? Domain/framework-specific freebies? Thank you for your contribution to open source, US Army, but judging by the fact Slashdot can barely muster the will to snark, I don't think you're going to get a lot of contributions.

  • That's nice and all but when can we get the NCIS version. I've been watching their weekly documentary and they have some damned impressive software.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...