Please choose your delivery country and your customer group
This report is a guide to plugin development for the decoder-shell (Dshell) framework. It provides basic examples, core function and class definitions, and an overview of data flow. This guide will help end users develop new, custom plugins as well as modify existing plugins. Dshell is an open-source, Python-based, network forensic analysis framework developed by the US Army Combat Capabilities Development Command Army Research Laboratory. It is a modular and flexible framework, which includes over 40 plugins for the analysis and decoding of network traffic using a variety of network protocols. Dshell plugins are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner via command-line interface. Dshell is a tool for network forensic analysis that can be used out of the box for simple and advanced analyses, or customized to fit an end-users needs. Custom Dshell plugins can be developed to parse and analyze unique network traffic protocols and data, such as malware. Existing plugins can be modified to extract different information from the protocols they currently parse, customize the programmatic actions performed on the data, or alter the outputted information when using the plugin. The Dshell GitHub repository contains the current Python 3 version as well as an archived Python 2 version available as a tarball. This developer guide only applies to the current version.