Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime
Created December 2017
As cybercrime proliferates, CERT researchers help law enforcement investigators process digital evidence by providing skills, methodologies, and tools. We also create and offer courses that help them advance their digital analysis skills.
The Challenge of Learning at the Pace of Cybercrime
Malicious cyber activity continues to grow in size and sophistication. Law enforcement is not always able to keep up with such advances. Our work with agents who analyze digital assets typically focuses on gap areas where investigators may have less experience than we do.
Our Solution: Tools and Training
Our digital investigation methodology is rooted in the “3 Ts”: tools, training, and techniques. We develop tools where there are gap areas. We develop techniques for mining information from computer systems. We deliver these tools and techniques to the people who need them through training.
We provide law enforcement with tools and techniques for processing digital evidence. Our nimble team has the expertise to figure out almost anything quickly. If enforcement agents come across a piece of evidence, for example, in gear they’ve never seen before, we can acquire that type of gear, dismantle it, learn how to extract the evidence, and turn over the tool and techniques we develop so that they can proceed.
The Appliance for Digital Investigation and Analysis (ADIA)
ADIA delivers many tools helpful to the analysis of digital assets. It is an open source virtual computer system and includes tools such as Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark.
New Courses for Law Enforcement
The Cyber Investigation Certificate Program is our newest training offering. We created three courses, funded by the FBI, that are offered for free to law enforcement and available through the Law Enforcement Enterprise Portal (LEEP).
The first course is geared to first responders to crimes involving digital assets such as computers, cell phones, and tablets. Trainees learn the importance of computer equipment such as these with respect to the crime.
About 1,500 officers around the country have taken the six-hour course so far. We foresee it benefiting many more of the 780,000 U.S. police offers who need to learn about digital devices from a criminal investigative perspective. We worked with a Hollywood director and screenwriter to develop a five-part scenario that shows a crime and how it is investigated. This method shows first responders how to respond to crimes that include digital assets.
Our second course is geared to beginning-to-intermediate detectives. The 100 training hours of this course include exercises that focus on what a detective must do in the process of investigating a digital crime—such as gleaning data from the IP address of the computer involved and leveraging social media to gather information about a person of interest. As with the first responders course, we also worked with a Hollywood director and a screenwriter to develop four one-hour television shows.
We also worked with a local studio to create scenarios that depict onscreen crime and investigation. This training has been very well received because it presents the context of the analysis of digital asset tasks and demonstrates how investigations are typically carried out.
The third course being developed will be designed for advanced detectives, covering the increasingly sophisticated techniques that intruders use. It will involve about 80 training hours.
The skills that investigators gain through these courses, combined with the knowledge they acquire through experience with our tools and techniques, help close the gaps in their expertise. Our objective is to reduce those gaps as much as possible.
Looking Forward
In striving to serve all law enforcement members, we’re developing a 36-hour course for new FBI agents or agents returning to the cyber world after completing protection assignments. These returning agents can benefit from a refresher course on malware and how intruders are currently attacking computers.
Learn More
SEI Cyber Minute: Cyber Investigator Certificate Program
•Video
With an ever increasing number of crimes with a cyber component, the need for investigators who have been trained the ways of the Internet, encryption, and social media, to name a few, is growing and will continue to grow.
WatchDigital Investigation Workforce Development
•White Paper
In this paper, the authors describe an approach for deriving measures of software security from well-established and commonly used standard practices.
ReadComputer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis
•Technical Note
The authors compare various approaches and tools used to capture and analyze evidence from computer memory.
ReadFirst Responders Guide to Computer Forensics: Advanced Topics
•Handbook
The authors help technical staff members who are charged with administering and securing information systems and networks.
ReadRelated Courses
Advanced Analytics: Digital Forensics
After learning about digital forensics related to cybersecurity, aspiring data scientists can:Gain a fundamental understanding of forensic based data science problemsBecome fluent in natural language processing techniques for insider threat analysis with the help of a scripting languageBetter unders...
RegisterCERT Certificate in Digital Forensics
In today's networked world, it is essential for system and network administrators to understand the fundamental areas and the major issues in computer forensics. Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic value of data. This awareness will greatly enhance system and network administrators' effectiveness when responding to security alerts and other routine matters. The CERT Certificate in Digital Forensics is designed to familiarize experienced system and network computer professionals with the essential elements of digital forensics and build on their existing technical skill set. Completion of this Professional Certificate will prepare administrators to approach both routine and unusual events in a systematic forensic manner. The CERT Certificate in Digital Forensics is a Professional Certificate program that includes two (2) eLearning courses. Upon registering for this CERT Certificate, you will receive access to both the Introduction to Computer Forensics course and Advanced Digital Forensics course: Introduction to Computer Forensics Computer forensics is the convergence of computer science and law that governs the collection and analysis of data about computer systems and network connections. This course teaches about the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This eLearning course contains one (1) hour and 40 minutes of video instruction that may be studied incrementally. Advanced Digital Forensics The Advanced Digital Forensics focuses on the entire investigative process, from the very beginning through the conclusion and determination of 'who did it.' This course focuses on building your skills to improve your ability to piece together the various components of the digital investigation. Optional course exercises provide opportunities for you to apply the knowledge you'll learn by responding to a realistic scenario from the awareness of a suspected incident to the conclusion. This eLearning course contains five (5) hours of video instruction. Five (5) optional exercises are provided as VM and application files for download....
Register