Digital Intelligence and Investigation

Digital Intelligence and Investigation

Work Areas
Engage with Us
Workforce Development
About Us
News
Careers
Information for
Home Digital Intelligence and Investigation
Overview
Research
Publications
Tools
ADIA
AfterLife
C-CAP
CCFinder
CryptHunter
DINO
LATK
Linux Forensics Tools Repository
Live View
MCARTA
Case Studies
History
Mission

We conduct research and develop technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations.

Landmark Cases

Our team members aided the U.S. Secret Service in solving the landmark TJX & Heartland and Iceman cases.
Read our case studies

Tools Repository

Our tools help you facilitate forensic examinations and assist authorized members of the law enforcement community.
Access our tools

Research

Our research yields approaches for protecting mobile devices from malware attacks, leveraging social media to discover malicious activity, and improving automated text extraction and video exploitation.
Learn more about our research

Current tools and processes are inadequate for responding to increasingly sophisticated attackers and cybercrimes. The Digital Intelligence and Investigation Directorate (DIID) is addressing that problem by conducting research and developing technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations. DIID team members also develop advanced tools and techniques to address gaps that are not covered by existing resources.

Key Capabilities
What’s New
Featured Work

We leverage social media to uncover malicious activity.

Our research includes leveraging social media to discover malicious activity, protecting mobile devices from unknown malware attacks, and improving automated text extraction and video exploitation.

We develop tools to help law enforcement.

We develop resources and tools to facilitate forensic examinations, including tools to help authorized members of the law enforcement community.

Engage with Us
Help inform our research by sharing your ideas with us. Let us know if you need support from our team.
Contact Us
Publications & Media

08/06/2013
Responding to a Large-Scale Cybersecurity Incident
In this 2013 webinar, Christian Roylo discusses the role of technology in responding to large-scale cyber incidents.
03/01/2013
Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection
In this report, the authors present methods for detecting and preventing data exfiltration using a Linux-based proxy server in a Microsoft Windows environment.
03/01/2012
Digital Investigation Workforce Development
In this paper, the authors describe an approach for deriving measures of software security from well-established and commonly used standard practices.
09/18/2009
CERT 2009 Research Report
In this report, the authors summarize the research conducted by the CERT Division at the Software Engineering Institute in 2009.
08/01/2008
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis
In this 2008 report, the authors compare various approaches and tools used to capture and analyze evidence from computer memory.
A New Approach to Cyber Incident Response
In this blog post, Anne Connell and Tim Palko describe a tool that their teams are developing to provide the various agencies and organizations that respond to cyber incidents a platform by which to share information and forge collaborations.

Search for Boston Bombers Likely Relied on Eyes, Not Software
In this article, Todd Waits, a digital investigation and intelligence expert in the CERT Division, talks to Reuters about the potential use of facial-recognition technology in the investigation of the 2013 Boston Marathon bombing attack.

DIID Collaborates on Computer Crime Cases
As part of the TJX & Heartland case, DIID team members collaborated with the U.S. Secret Service to collect evidence and create forensic images of the computers involved in the theft of over 130 million credit and debit card numbers, making it the biggest computer crime case ever prosecuted in the United States. The DIID Team also assisted federal law enforcement in acquiring and decrypting data related to the Iceman case, which involved attacks on computers at financial institutions and credit card processing centers.

Related Training
Assessing Information Security Risk Using the OCTAVE Approach
Applied Cybersecurity, Incident Response and Forensics

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s