Cyber Forensics
Background
The role of computers and portable media devices (e.g. cell phones, GPS devices) in criminal and terrorist activity has increased significantly in recent years. Criminals are utilizing digital media in all forms of criminal activity. As such, devices frequently contain vital evidence, including user information, call logs, location, text messages, email, images and audio and video recordings.
In the area of cyber forensics, a significant barrier for law enforcement is keeping abreast of technology changes. New technology, both hardware and software, is released into the market at a very rapid pace and used in criminal and terrorist activity almost immediately. The large volume of information contained on digital devices can make the difference in an investigation and law enforcement investigators require updated tools to address the changing technology.
Since its inception in November 2008, project requirements have come directly from the Cyber Forensics Working Group (CFWG), run by CSD, which is composed of representatives from Federal, State and local law enforcement agencies. CFWG members meet bi-annually to provide requirements, discuss capability gaps and prioritize the areas of most immediate concern to focus technology development, and participate as test and evaluation partners of resultant solutions.
Current Cyber Forensics Efforts
GPS Logical Analysis: The effort is developing a unified tool specifically designed to examine GPS devices in a manner consistent with the best practices of handling digital evidence. The developed tool will be a single platform that is manufacturer agnostic and capable of supporting the needs of Federal, State, and local law enforcement agencies as well as other partners within the Homeland Security Enterprise.
First Responder Computer Triage: This is a tool designed specifically for investigators and first responders who have a need to scan computers to gather important evidence or intelligence quickly. The tool will reduce the training required for non-technical users, minimize required support from forensic examiners, and target relevant evidence quickly and in a forensically sound manner.
Cell Phone Forensics: This is a tool designed specifically for investigators and first responders who have a need to scan computers to gather important evidence or intelligence quickly. The tool will reduce the training required for non-technical users, minimize required support from forensic examiners, and target relevant evidence quickly and in a forensically sound manner.
Cyber Forensics Tool Testing: The project is providing funding the Cyber Forensics Tool Testing Program at the National Institute for Standards and Technology (NIST) which offers a measure of assurance that the tools used by law enforcement in the investigations of computer-related crimes produce valid results. The implementation of testing based on rigorous procedures provides impetus for vendors to improve their tools and provides assurance to law enforcement that results will stand up in court.
Insider Threat Study: This study of malicious cyber activity in the banking and finance sector builds on the previous work accomplished in this area. This study updates the initial study in the banking and finance sector (Insider Threat Study: Illicit Activity in the Banking and Finance Sector, dated August 2004) to provide analysis of more recent cases. It also extends the coverage to include a comparison of internal and external attackers from a technical security controls perspective. In addition, results from this analysis will support law enforcement in cybercrime investigations by enabling them to more easily differentiate methods used by internal and external attackers.