Army ‘commits’ to open source with net forensic tool

The Army Research Lab recently posted its first application code to the open software repository GitHub.

Dshell, a forensic network analysis tool, has been used for nearly five years to help the Army understand compromises in Defense Department networks. ARL expects that by posting it to GitHub, other developers would contribute to the project by adding modules that benefit others within the digital forensic and incident response community, said William Glodek, Network Security branch chief at ARL in a statement.

And that seems to be the case. A version of Dshell was added to the GitHub social coding website on Dec. 17, 2014, with more than 100 downloads and 2,000 unique visitors in 18 countries, ARL said.

"Dshell can help facilitate the transition of knowledge and understanding to our partners in academia and industry who face the same problems," said Glodek, whose Dshell page is the first official Army page on GitHub.

"For a long time, we have been looking at ways to better engage and interact with the digital forensic and incident response community through a collaborative platform," Glodek said.

"The traditional way of sharing software even between government entities can be challenging. We have started with Dshell because the core functionality is similar to existing publicly available tools but provides a simpler method to develop additional functionality.

What Dshell offers is a new mechanism, or framework, which has already been proven to be useful in government to better analyze data."

Glodek would like to see others in the open source community add value and expertise to the existing Dshell framework, he said.

He is starting an open source working group at ARL to look at other potential projects for a GitHub repository.