US Army cyber defenders released code to help detect and understand cyber attacks.
The forensic analysis code called Dshell has been used, for nearly five years, as a framework to help the U.S. Army understand the events of compromises of Department of Defense networks.
A version of Dshell was added to the GitHub social coding website on Dec. 17, 2014 with more than 100 downloads and 2,000 unique visitors to date.
Dshell is a framework that its users can use to develop custom analysis modules based on compromises they have encountered. It is anticipated that other developers would contribute to the project by adding modules that benefit others within the digital forensic and incident response community, said William Glodek, Network Security branch chief, U.S. Army Research Laboratory, or ARL.
“Outside of government there are a wide variety of cyber threats that are similar to what we face here at ARL.
“Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems,” said Glodek, whose page is the first official U.S. Army page on GitHub.
GitHub is the center of gravity for software developers not only in the U.S, but around the world. Since the release, Dshell has been accessed by users in 18 countries, he said.
“For a long time, we have been looking at ways to better engage and interact with the digital forensic and incident response community through a collaborative platform,” Glodek said.
“The traditional way of sharing software even between government entities, can be challenging. We have started with Dshell because the core functionality is similar to existing publicly available tools but provides a simpler method to develop additional functionality.
What Dshell offers is a new mechanism, or framework, which has already been proven to be useful in government to better analyze data.”
Glodek would like to see others in the open source community add value and expertise to the existing Dshell framework, he said.
He is starting an open source working group at ARL to look at other potential projects for a GitHub repository.
“I want to give back to the cyber community, while increasing collaboration between Army, the Department of Defense and external partners to improve our ability to detect and understand cyber attacks,” Glodek said.
In the next six months, Glodek expects to have a flourishing developer community on GitHub with users from government, academia and industry.
“The success of Dshell so far has been dependant on a limited group of motivated individuals within government. By next year it should be representative of a much larger group with much more diverse backgrounds to analyze cyber attacks that are common to us all,” Glodek said.