U.S. Army releases forensics framework on Github
Fri 30 Jan 2015

A research branch of the United States army has released a version on Github of an internal forensics framework which has been in use in the military for five years.
Dshell is an open-source Linux-based Python tool to aid forensic analysts in identifying and investigating compromised environments. According to William Glodek, Network Security branch chief at the U.S. Army Research Laboratory in Maryland, the motive for open-sourcing Dshell is to involve the wider civilian coding community in the development of new modules for the system.
“Outside of government,” says Glodek “there are a wide variety of cyber threats that are similar to what we face here at ARL. Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems,”
The official release states that ‘[a] version’ of Dshell was uploaded to Github on 17th December last year, so it’s unclear what functionality or modules might be absent which are unique to the version that the army uses.
The project represents the first official appearance of the U.S. army at Github, a common code repository with local and cloud-based storage and sophisticated versioning capabilities.
Glodek intends to build on the army’s foray into the OS coding environment with new and additional projects on Github. He says: “I want to give back to the cyber community, while increasing collaboration between Army, the Department of Defence and external partners to improve our ability to detect and understand cyber attacks,”
Glodek anticipates ‘a flourishing developer community on GitHub with users from government, academia and industry’.
“The success of Dshell so far has been dependent on a limited group of motivated individuals within government.” said Glodek. “By next year it should be representative of a much larger group with much more diverse backgrounds to analyse cyber attacks that are common to us all,”
In the last 6-12 months U.S. military and intelligence agencies seems to have shown increasing interest in working with non-military contributors, possibly because it can see itself falling behind a vigorous private sector and talented open source scene in a climate of government cuts. In October of last year the U.S. Department of Defense made careful enquiries about working with the private sector on virtual machine management and block storage systems. In November the US House of Representatives offered out a private tender for a data centre to cover its own storage needs, as well as those of the U.S. Capitol Police and the Library of Congress, among others. And, more controversially, U.S. intelligence agencies remain very keen to work closely with private companies handling public data.