Dshell is a Python-based network forensic analysis framework developed by the U.S. Army Research Laboratory. The framework handles stream reassembly of both IPv4 and IPv6 network traffic and also includes geolocation and IP-to-ASN mapping data for each connection. The framework also enables development of network analysis plug-ins that are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner by allowing users to parse and present data of interest from multiple levels of the network stack.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.