Information for Law Enforcement

If you're in law enforcement, you need to know about cybercrime and any tools you can download to investigate incidents. We have many resources to help you do just that. Consider these questions and read on.

Read our FAQ to learn more about the CERT Division;watch videos and see other artifacts that summarize our latest research. If you have questions, please feel free to contact us.

How Well Are You Using Network Data to Detect Criminal Activity?

We develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks.

Are Your Networks Secure?

Our researchers develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks.

FloCon Conferences
We sponsor FloCon, open conferences where operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic showcase the next generation of flow-based analysis techniques. FloCon 2016 takes pace in Daytona Beach, Florida in January 2016.

Are You Using the Latest Investigative Tools and Techniques?

Our experts produce technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations.

Forensics Tools
Our tools help you facilitate forensic examinations and assist authorized members of the law enforcement community.

Case Studies
These case studies detail how we aided the U.S. Secret Service in solving the landmark TJX & Heartland and Iceman cases.

Are You Prosecuting Malicious Insiders Effectively?

Our experts enable insider threat programs to be more effective by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats.

Insider Threat Workshops
Our workshops help attendees develop a list of actions to consider as they implement effective insider threat detection across their organization. The confidential, on-site workshops use actual malicious insider incidents that occurred in your organization.

Insider Threat Vulnerability Assessments
Our assessments help you to understand your exposure to insider threats and deliver a single actionable framework to manage these issues and associated risks.

Protect Your Assets

Information Security for Technical Staff
This course teaches you practical techniques for protecting the security of your organization's information assets and resources, beginning with concepts and proceeding on to technical implementations.

Learn to Recognize Secure Code

DidFail
The DidFail tool uses static analysis to detect potential leaks of sensitive information within a set of Android apps.

Rosecheckers Tool
The Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard.

Secure Coding Validation Suite
The Secure Coding Validation Suite is a set of tests that validate the rules defined in ISO Technical Specification 17961.

AIR Security Integer Model
Our researchers are working on a number of solutions for addressing the issue of integral security, including the "as-if infinitely ranged" AIR prototype.

Secure Coding in C and C++
This course provides practical advice on secure practices in C and C++ programming, provides a detailed explanation of common programming errors in C and C++, and describes how these errors can lead to code that is vulnerable to exploitation.

Secure Coding in Java
This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation.

Secure Coding
This course, offered through Carnegie Mellon's Open Learning Initiative, addresses the secure and insecure use of integers, arrays, strings, dynamic memory, formatted input/output functions, and file I/O.

Secure Coding Standards
These rules and recommendations can help you evaluate your code for software security, safety, reliability, and related properties.

Combat Insider Threats

Public Insider Threat Workshops
These public offerings teach you patterns of insider behaviors, organizational issues, and technical actions over time for each type of crime.

Insider Threat Best Practices
These practices can help you mitigate IP theft, IT sabotage, and fraud in your organization.

Insider Threat Data Sets
This generated collection of synthetic insider threat test datasets provide both synthetic background data and data from synthetic malicious actors.

Learn More About Forensics

Advanced Forensic Response and Analysis
This course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis.
 

Applied Cybersecurity, Incident Response and Forensics
This five-day, hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience.

Attend a Conference

Our work in network situational awareness develops cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks. Attend or present at the next FloCon event.