US Army Releases Cyber-Forensic Code to Github

The Army Research Laboratory (ARL) is releasing its cyber-forensic framework code publically to help others detect and understand cyber-attacks.

Dshell is a framework that users can leverage to develop custom analysis modules based on compromises they have encountered. Using the source code, developers can contribute to the project by adding modules that benefit others within the digital forensic and incident response community. Dshell has been used for nearly five years as a framework to help the U.S. Army understand the events of compromises of Department of Defense networks.

A version of Dshell has now been added to the GitHub social coding website, with more than 100 downloads and 2,000 unique visitors to date.

"Outside of government there are a wide variety of cyber threats that are similar to what we face here at ARL,” said William Glodek, network security branch chief at ARL, in a statement. "Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems.”

That includes tapping software developers not only in the US, but around the world. Since the release, Dshell has been accessed by users in 18 countries, he said.

"For a long time, we have been looking at ways to better engage and interact with the digital forensic and incident response community through a collaborative platform," Glodek said.

Glodek would like to see others in the open source community add value and expertise to the existing Dshell framework, he said, and he is starting an open source working group at ARL to look at other potential projects for a GitHub repository.

"I want to give back to the cyber-community, while increasing collaboration between Army, the Department of Defense and external partners to improve our ability to detect and understand cyberattacks," Glodek said. 

What’s Hot on Infosecurity Magazine?