CERT-SEI

Digital Intelligence and Investigation

Watch Archive of CERT Cyber COI Event

In this day-long, interactive, virtual event, CERT researchers discussed current work associated with DoD cyber community of interest (COI) technology challenges and gaps.
Watch the archive of this event

Engage with Us

Help inform our research by sharing your ideas with us. Let us know if you need support from our team.
Explore how we can work together

Tools Repository

Our tools help you facilitate forensic examinations and assist authorized members of the law enforcement community.
Access our tools

Our Mission: We conduct research and develop technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate forensics investigations.

Current tools and processes are inadequate for responding to increasingly sophisticated attackers and cybercrimes. The Digital Intelligence and Investigation Directorate (DIID) is addressing that problem by conducting research and developing technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate forensics investigations. DIID team members also develop advanced tools and techniques to address gaps that are not covered by existing resources.

We sponsor the annual FloCon conference.

Our annual network security conference invites operational network analysts, tool developers, researchers, and others to discuss and showcase the next generation of flow-based analysis techniques.

We develop large-scale, open source tools.

Our open source tools enable organizations to monitor large-scale networks using flow data. These tools grew out of the AirCERT and SiLK projects, and the effort to integrate those projects into a unified, standards-compliant flow collection and analysis platform.

Engage with Us

Help inform our research by sharing your ideas with us. Let us know if you need support from our team.

Engage with Us

Publications & Media

A New Approach to Cyber Incident Response
In this blog post, Anne Connell and Tim Palko describe a tool that their teams are developing to provide the various agencies and organizations that respond to cyber incidents a platform by which to share information and forge collaborations.  

Search for Boston Bombers Likely Relied on Eyes, Not Software
In this article, Todd Waits, a digital investigation and intelligence expert in the CERT Division, talks to Reuters about the potential use of facial-recognition technology in the investigation of the 2013 Boston Marathon bombing attack.

DIID Collaborates on Computer Crime Cases
As part of the TJX & Heartland case, DIID team members collaborated with the U.S. Secret Service to collect evidence and create forensic images of the computers involved in the theft of over 130 million credit and debit card numbers, making it the biggest computer crime case ever prosecuted in the United States. The DIID Team also assisted federal law enforcement in acquiring and decrypting data related to the Iceman case, which involved attacks on computers at financial institutions and credit card processing centers.