Forensic Incident Responses & Security Preparedness

In today’s cyber landscape, digital forensics – i.e., the investigation of digital or electronic evidence using standard processes, investigative methods, and evidence-handling techniques that can be used in legal proceedings – has become a critical aspect of incident response and disaster preparedness. Digital forensics not only plays a vital role in the investigation of virus outbreaks, network intrusions, and computer crime offenses, but also provides an organization with answers that can lead to the capture of perpetrators and to strengthening the overall U.S. network security architecture. For any organization, but particularly for high-profile companies, the ability to investigate the activities on a network is an essential component of the overall security architecture.

In the United States, public agencies as well as private-sector organizations and businesses are driving the need for additional cybersecurity training. In 1998, the U.S. Department of Defense (DoD) established and put into operation a new Cyber Crime Center (DC3) to address the already recognized need for the nation’s armed forces, as well as a broad section of defense agencies, to transition from boots-on-the-ground battles to intelligence gathering. As DC3 posted on its website, today, more than ever before, defense organizations “need to plan for the future as significant shifts in cyber operations accelerate globally.” In short, digital forensics is becoming increasingly more important, not only for national-security reasons but also for the security of the broad spectrum of technology networks on which national infrastructures, major corporations, small businesses, and individual citizens depend.

In 2011, DC3 launched a pilot program for outstanding academic institutions in the field of digital forensics education that works with colleges and universities to accredit programs that will meet DC3 standards and workforce needs. Eight U.S. academic institutions are now: (a) enrolled in the pilot program; and (b) have received the DC3 Center of Digital Forensics Academic Excellence (CDFAE) designation: Anne Arundel Community College, Howard County Community College, Stevenson University, and Johns Hopkins University in Maryland; Oklahoma State University; Utica College in New York; Norwich University in Vermont; and the Air Force Institute of Technology (AFIT) in Ohio.

Training Programs & New Digital Forensics Challenges 

As an important new building block in the current nationally recognized cybersecurity curriculum, a digital forensics degree program emphasizes not only the proper handling of digital evidence and the tools and techniques used in forensics analysis but also the importance of proper documentation and report generation as well as the laws and ethics governing the handling of evidence. Topics discussed within the curriculum include but are not limited to the following: the proper collection and preservation of digital evidence; the retrieval of evidence from multiple environments, situations, and devices; the use of commercial forensics and open-source tools; manual recovery techniques; the analysis of collected information; and proper documentation and reporting.

In order to earn DC3 CDFAE accreditation, a digital forensics program must fully map to an extensive list of objectives in eight knowledge domains: (a) Legal and Ethics; (b) Investigative Processes; (c) Storage Media; (d) Mobile and Embedded Devices; (e) Network Forensics; (f) Program and Software Forensics; (g) Quality Assurance, Control, and Management; and (h) Lab and Forensic Operations. Students who complete an accredited program will therefore possess, as a minimum, the basic skills needed to enter the workforce as agents, analysts, consultants, technicians, and/or other specialized professionals in various working areas of digital forensics.

DC3 also has been collaborating in many other ways with academic institutions, industry partners, and the U.S. public in general to fill current and future workforce needs and create a base community of digital forensic professionals. One particular collaborative effort is DC3’s own annual Digital Forensics Challenge, which serves as an open call to prospective civilian, commercial, government, military, and academic participants. The Challenge presents five levels of scenario-based exercises – scored by experts within DC3 – designed with the specific purpose of pioneering new investigative tools, techniques, and methodologies, as well as to generate and discover new talent in the field.

The 2011 Challenge attracted 1,147 teams and 1,791 individual participants from all 50 states and the District of Columbia; 52 other nations also participated in last year’s Challenge. (The digital forensics team from Maryland’s Anne Arundel Community College took first place in the community-college level of this rapidly expanding international competition.)

By focusing on a continued increase in the cyber course offerings, U.S. colleges and universities, and other institutions of higher learning, can earn official recognition and professional designations – and, not incidentally, help secure future grants to expand training opportunities for in-demand careers in various interrelated fields of science, technology, engineering, and mathematics.

____________

For additional information on: The DoD’s National Center of Digital Forensics Academic Excellence (CDFAE), visit http://www.dc3.mil/cdfae/CDFAE_Fact_Sheet_83011.pdf

The DoD’s DC3 Challenge, visit http://dc3.mil/challenge/2011/play/index.php