Dshell

This framework allows for extensible network forensic analysis, facilitating the rapid development of plugins designed to dissect network packet captures. Key features include in-depth packet analysis through specialized plugins, effective stream reassembly, support for both IPv4 and IPv6, various user-selectable output formats, chainable plugins, an option for parallel processing, and the capability to create custom output handlers.

It also provides helpful guides, including the Dshell User Guide for installation and analysis, as well as the Dshell Developer Guide for plugin development.

The system requirements include Linux (specifically developed on Ubuntu 20.04 LTS), Python 3 (developed using Python version 3.8.10), as well as the following libraries: pypacker, pcapy-ng, pyOpenSSL, and MaxMind GeoIP2 for geoip2 functionalities.