Law Enforcement Tools and Technologies for Investigating Cyber Attacks: Gap Analysis Report

Ongoing cyber attacks (computer attacks that can undermine the confidentiality, integrity, or availability of a computer or information resident on it) affecting corporate, government, academic, and critical infrastructure networks are significant law enforcement concerns. In a commercial software market flush with security products, the development of investigative solutions for law enforcement has been limited. The tools employed by law enforcement for investigating cyber attacks are not keeping up with the technologies employed by attackers. This report, the second in a three-part series, attempts to analyze the gaps that exist between the needs discovered in the National Needs Assessment (part one in the series) and tools and technologies generally available to law enforcement. It focuses on the collection, categorization, and solicitation of feedback on the available solutions to address the needs of the cyber attack investigative community. The report begins with a brief overview of the National Needs Assessment and its use as a foundation for the source of the “needs” referenced throughout the paper. It details the research conducted to produce the report including a literature review, project outreach, and cyber attack investigative tool collection efforts. The findings from the report include: (1) all of the needs discovered in part one are important to the investigation of cyber attacks; (2) the needs of cyber attack investigators have not been met by the available technology solutions; (3) most tools are already employed in investigations in the community as a whole; (4) the specific needs of the cyber attack investigative community will continue to evolve as the type of cyber attacks changes over time and new solutions are developed; and (5) 18 distinct needs were determined to be the most critical needs requiring research and development. Appendices