Software Engineering Institute

Many threats face our internet-connected networks today: denial-of-service (DoS) attacks, viruses, worms, spam and phishing emails, physical security threats, exposure of sensitive information, and numerous others. Network defense strategies are continuously playing catch-up to the latest attacks perpetrated by cyber criminals and malicious insiders. Unfortunately, incidents will occur on almost all networks that impact the confidentiality, integrity, or availability of critical data and systems. Furthermore, cyber criminals use obfuscation techniques such as encryption, steganography, anonymous proxies, and even the leasing of computer robot networks (botnets). When a compromise occurs, system administrators, incident-handling personnel, and digital investigators may all, in some way, be responsible for responding to the event and collecting evidence. Important assets and data must be collected, analyzed, and protected in a forensically sound manner. To ensure that, those responsible for data acquisition, assessment, and reporting must have the necessary knowledge, skills, and experience.

As more and more criminal acts are committed in cyberspace, law-enforcement agencies, businesses, and other organizations must develop new digital investigation capabilities. The intent of this paper is to identify those competencies and what readers must learn about in order to develop them.