Digital Intelligence and Investigation Tools
By providing operational support to high-profile intrusion, identity theft, and general computer crime investigations, DIID is able to see the current limitations of computer forensics and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, we have developed resources, training, and tools to facilitate forensic examinations and assist authorized members of the law enforcement community.
Restricted Access Tools
Users can access the following tools after they register and are vetted.
Live View LE allows forensic investigators to take a physical device or an image file of a disk or partition and automatically transform it into a virtual machine.
CCFinder is a suite of utilities designed to facilitate the discovery, organization, and query of financial data and related personally identifiable information in large-scale investigations.
CryptHunter alerts law enforcement if active encryption is running on a system so that investigators can act to preserve evidence that would be lost if the system were shut down.
ADIA is a VMware-based appliance used for digital investigation and acquisition.
Unrestricted Access Tools
Users can access the following tools for free; no secondary access is required.
AfterLife permits the collection of physical memory contents from a system after a warm or cold reboot.
Live View (public version) is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk.
DINO is a lightweight front end for network visualization and utilizes the open source network monitoring tools SiLK and SNORT to create an easy-to-use dashboard for situational awareness.
LATK is a collection of command line and web-based tools for use in incident response and long-term analysis of web server and proxy server log data.
CERT Linux Forensics Tools Repository houses packages for Linux distributions. The repository provides useful tools for cyber forensics acquisition and analysis practitioners and is currently offering Fedora and Centos/RHEL.
Users can access information and perhaps more about the following tools; requests are handled on a case-by-case basis.
C-CAP is a state-of-the-art forensics analysis environment that provides a broad set of tools for host-based and network investigations.
MCARTA is a completed incident analysis framework in respect to run-time analysis with automated log and pocket data correlation.