Forensics

Response Team Support National CSIRTs CSIRT Development
Investigation Forensics

Publications Catalog Historical Documents Virtual Training Environment

Digital Intelligence and Investigation Directorate

Positioned at the nexus of federal law enforcement, defense intelligence, industry and research, the CERT Digital Intelligence and Investigation Directorate (DIID) assists in the pursuit of cybercriminals and develops tools and methods that both prevent and combat cybercrime.

By providing operational support to high-profile intrusion, identity theft, and general computer crime investigations, DIID is able to see the current limitations of computer forensics and incident response in the field first hand. Combining this applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, DIID is unmatched in its ability to develop new tools and methods to address cybersecurity limitations and critical gap areas.

For more information visit www.sei.cmu.edu/digitalintelligence.

Linux Forensics Tool Repository

The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners. It is regularly updated.

Tools & Methods

DIID has developed a variety of tools and methods to facilitate digital investigations. Some tools are only available to Law Enforcement Organizations. To learn more visit our Tools & Methods pages. (To download our tools, you will need to accept our licensing agreement.)

Demos

The CERT VTE (Virtual Training Environment) includes a variety of demos showing how to use some of the DIID tools. Look for the “Forensics” category in the drop-down menu.

Our PGP Key

You can contact us by sending email to Please encrypt sensitive information before sending it to us.

Our PGP Public Key:
http://www.cert.org/forensics/repository/forensics.asc

Fingerprint:
AE8F 91D1 5126 5835 B4DE 765D 9198 DA78 51B6 01A4

Publications & Media

Publications

Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (pdf)

First Responders Guide to Computer Forensics (pdf)

First Responders Guide to Computer Forensics - Advanced Topics (pdf)

Podcasts

TJX, Heartland, and CERT's Forensics Analysis Capabilities

Computer and Network Forensics: A Master's Level Curriculum

Computer Forensics for Business Leaders: A Primer

Computer Forensics for Business Leaders: Building Robust Policies and Processes

Last updated February 8, 2012