Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime

Our Solution: Tools and Training

Our digital investigation methodology is rooted in the “3 Ts”: tools, training, and techniques. We develop tools where there are gap areas. We develop techniques for mining information from computer systems. We deliver these tools and techniques to the people who need them through training.

We provide law enforcement with tools and techniques for processing digital evidence. Our nimble team has the expertise to figure out almost anything quickly. If enforcement agents come across a piece of evidence, for example, in gear they’ve never seen before, we can acquire that type of gear, dismantle it, learn how to extract the evidence, and turn over the tool and techniques we develop so that they can proceed.

The Appliance for Digital Investigation and Analysis (ADIA)

ADIA delivers many tools helpful to the analysis of digital assets. It is an open source virtual computer system and includes tools such as Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark.

New Courses for Law Enforcement

The Cyber Investigation Certificate Program is our newest training offering. We created three courses, funded by the FBI, that are offered for free to law enforcement and available through the Law Enforcement Enterprise Portal (LEEP).

The first course is geared to first responders to crimes involving digital assets such as computers, cell phones, and tablets. Trainees learn the importance of computer equipment such as these with respect to the crime.

About 1,500 officers around the country have taken the six-hour course so far. We foresee it benefiting many more of the 780,000 U.S. police offers who need to learn about digital devices from a criminal investigative perspective. We worked with a Hollywood director and screenwriter to develop a five-part scenario that shows a crime and how it is investigated. This method shows first responders how to respond to crimes that include digital assets.

Our second course is geared to beginning-to-intermediate detectives. The 100 training hours of this course include exercises that focus on what a detective must do in the process of investigating a digital crime—such as gleaning data from the IP address of the computer involved and leveraging social media to gather information about a person of interest. As with the first responders course, we also worked with a Hollywood director and a screenwriter to develop four one-hour television shows.

We also worked with a local studio to create scenarios that depict onscreen crime and investigation. This training has been very well received because it presents the context of the analysis of digital asset tasks and demonstrates how investigations are typically carried out.

The third course being developed will be designed for advanced detectives, covering the increasingly sophisticated techniques that intruders use. It will involve about 80 training hours.

The skills that investigators gain through these courses, combined with the knowledge they acquire through experience with our tools and techniques, help close the gaps in their expertise. Our objective is to reduce those gaps as much as possible.

Looking Forward

In striving to serve all law enforcement members, we’re developing a 36-hour course for new FBI agents or agents returning to the cyber world after completing protection assignments. These returning agents can benefit from a refresher course on malware and how intruders are currently attacking computers.

Software Engineering Institute