Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime
Created December 2017
As cybercrime proliferates, CERT researchers help law enforcement investigators process digital evidence by providing skills, methodologies, and tools. We also create and offer courses that help them advance their digital analysis skills.
The Challenge of Learning at the Pace of Cybercrime
Malicious cyber activity continues to grow in size and sophistication. Law enforcement is not always able to keep up with such advances. Our work with agents who analyze digital assets typically focuses on gap areas where investigators may have less experience than we do.
Our Solution: Tools and Training
Our digital investigation methodology is rooted in the “3 Ts”: tools, training, and techniques. We develop tools where there are gap areas. We develop techniques for mining information from computer systems. We deliver these tools and techniques to the people who need them through training.
We provide law enforcement with tools and techniques for processing digital evidence. Our nimble team has the expertise to figure out almost anything quickly. If enforcement agents come across a piece of evidence, for example, in gear they’ve never seen before, we can acquire that type of gear, dismantle it, learn how to extract the evidence, and turn over the tool and techniques we develop so that they can proceed.
The Appliance for Digital Investigation and Analysis (ADIA)
ADIA delivers many tools helpful to the analysis of digital assets. It is an open source virtual computer system and includes tools such as Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark.
New Courses for Law Enforcement
The Cyber Investigation Certificate Program is our newest training offering. We created three courses, funded by the FBI, that are offered for free to law enforcement and available through the Law Enforcement Enterprise Portal (LEEP).
The first course is geared to first responders to crimes involving digital assets such as computers, cell phones, and tablets. Trainees learn the importance of computer equipment such as these with respect to the crime.
About 1,500 officers around the country have taken the six-hour course so far. We foresee it benefiting many more of the 780,000 U.S. police offers who need to learn about digital devices from a criminal investigative perspective. We worked with a Hollywood director and screenwriter to develop a five-part scenario that shows a crime and how it is investigated. This method shows first responders how to respond to crimes that include digital assets.
Our second course is geared to beginning-to-intermediate detectives. The 100 training hours of this course include exercises that focus on what a detective must do in the process of investigating a digital crime—such as gleaning data from the IP address of the computer involved and leveraging social media to gather information about a person of interest. As with the first responders course, we also worked with a Hollywood director and a screenwriter to develop four one-hour television shows.
We also worked with a local studio to create scenarios that depict onscreen crime and investigation. This training has been very well received because it presents the context of the analysis of digital asset tasks and demonstrates how investigations are typically carried out.
The third course being developed will be designed for advanced detectives, covering the increasingly sophisticated techniques that intruders use. It will involve about 80 training hours.
The skills that investigators gain through these courses, combined with the knowledge they acquire through experience with our tools and techniques, help close the gaps in their expertise. Our objective is to reduce those gaps as much as possible.
Software and Tools
In striving to serve all law enforcement members, we’re developing a 36-hour course for new FBI agents or agents returning to the cyber world after completing protection assignments. These returning agents can benefit from a refresher course on malware and how intruders are currently attacking computers.
May 23, 2022 Blog Post
This post explores the creation of skilled cybersecurity human capital to solve real-life threats unique to the African...read
May 12, 2020 Podcast
David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security, sits down with Bobbie Stempfley, director of the SEI's CERT Division, to talk about the future of cybercrime and secure elections.learn more
May 30, 2019 Podcast
Anne Connell discusses recent business email compromise attacks, such as Operation Wire Wire, and offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.learn more
September 28, 2017 Video
With an ever increasing number of crimes with a cyber component, the need for investigators who have been trained the ways of the Internet, encryption, and social media, to name a few, is growing and will continue to grow.watch