Engage with Us
Home Digital Intelligence and Investigation
Linux Forensics Tools Repository
We conduct research and develop technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations.
Our team members aided the U.S. Secret Service in solving the landmark TJX & Heartland and Iceman cases.
Read our case studies
Our tools help you facilitate forensic examinations and assist authorized members of the law enforcement community.
Access our tools
Our research yields approaches for protecting mobile devices from malware attacks, leveraging social media to discover malicious activity, and improving automated text extraction and video exploitation.
Learn more about our research
Current tools and processes are inadequate for responding to increasingly sophisticated attackers and cybercrimes. The Digital Intelligence and Investigation Directorate (DIID) is addressing that problem by conducting research and developing technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations. DIID team members also develop advanced tools and techniques to address gaps that are not covered by existing resources.
We leverage social media to uncover malicious activity.
Our research includes leveraging social media to discover malicious activity, protecting mobile devices from unknown malware attacks, and improving automated text extraction and video exploitation.
We develop tools to help law enforcement.
We develop resources and tools to facilitate forensic examinations, including tools to help authorized members of the law enforcement community.
Engage with Us
Help inform our research by sharing your ideas with us. Let us know if you need support from our team.
Publications & Media
Responding to a Large-Scale Cybersecurity Incident
In this 2013 webinar, Christian Roylo discusses the role of technology in responding to large-scale cyber incidents.
Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection
In this report, the authors present methods for detecting and preventing data exfiltration using a Linux-based proxy server in a Microsoft Windows environment.
Digital Investigation Workforce Development
In this paper, the authors describe an approach for deriving measures of software security from well-established and commonly used standard practices.
CERT 2009 Research Report
In this report, the authors summarize the research conducted by the CERT Division at the Software Engineering Institute in 2009.
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis
In this 2008 report, the authors compare various approaches and tools used to capture and analyze evidence from computer memory.
A New Approach to Cyber Incident Response
In this blog post, Anne Connell and Tim Palko describe a tool that their teams are developing to provide the various agencies and organizations that respond to cyber incidents a platform by which to share information and forge collaborations.
Search for Boston Bombers Likely Relied on Eyes, Not Software
In this article, Todd Waits, a digital investigation and intelligence expert in the CERT Division, talks to Reuters about the potential use of facial-recognition technology in the investigation of the 2013 Boston Marathon bombing attack.
DIID Collaborates on Computer Crime Cases
As part of the TJX & Heartland case, DIID team members collaborated with the U.S. Secret Service to collect evidence and create forensic images of the computers involved in the theft of over 130 million credit and debit card numbers, making it the biggest computer crime case ever prosecuted in the United States. The DIID Team also assisted federal law enforcement in acquiring and decrypting data related to the Iceman case, which involved attacks on computers at financial institutions and credit card processing centers.
Assessing Information Security Risk Using the OCTAVE Approach
Applied Cybersecurity, Incident Response and Forensics