Positioned at the nexus of federal law enforcement, defense intelligence, industry and research, the CERT Digital Intelligence and Investigation Directorate (DIID) assists in the pursuit of cybercriminals and develops tools and methods that both prevent and combat cybercrime.

By providing operational support to high-profile intrusion, identity theft, and general computer crime investigations, DIID is able to see the current limitations of computer forensics and incident response in the field first hand. Combining this applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, DIID is unmatched in its ability to develop new tools and methods to address cybersecurity limitations and critical gap areas.

DIID is currently focusing on

• Advanced Text Extraction
• Automated Cryptographic Key Recovery/Disk Decryption
• Damaged Media Recovery
• Large-Scale Speed-Up of Forensics Software (GPU Leveraging)
• Parallel Distributed Acquisition System
• Unknown File Recognition
• Video Exploitation Improvement

DIID technologies, tools, and practices have provided previously unattainable results for multiple national and international cybercrime investigations. DIID assisted in the TJX case, an investigation of 11 people who were charged in August 2008 with the theft of more than 40 million credit and debit card numbers from T.J. Maxx, Marshall's, Barnes & Noble, OfficeMax, and other major retailers.

While providing analysis support to Federal Law Enforcement, DIID developed a new tool for recovering and organizing credit card numbers from digital evidence. U.S. Representatives John Murtha, Mike Doyle, and Jason Altmire recognized the team's efforts on TJX during a visit to Carnegie Mellon University in September 2008.

"Our primary work is research, but the application of it in real-world cases is what's really gratifying," team leader Rich Nolan, a former Drug Enforcement Administration agent, said. "A white paper is nice, but locking people up is better."

DIID also assisted in the Iceman case, where a former computer security consultant, Max Ray Butler (also known as the "Iceman"), was allegedly attacking computers at financial institutions and credit card processing centers, stealing account information, and selling the data to others. Knowing about the DIID Team's expertise in cracking sophisticated techniques used by cybercriminals, the Federal Law Enforcement requested DIID's assistance in acquiring and decrypting the Iceman's data, thus providing critical evidence for the case.

DIID multiplies its effectiveness by training various federal, state, local and international law enforcement agencies in its tools and techniques.