Recognizing the critical need for state and local law enforcement agencies to have state-of-the art technologies to effectively fight digital crime, Cisco is creating the AMP Threat Grid for Law Enforcement Program. The program is designed to empower those working to protect our communities from cybercriminals with its dynamic malware analysis and threat intelligence platform.
Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics / digital investigation capabilities. Malware analysis is also a critical part of digital investigations: to prove or disprove a “Trojan Defense” for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.
The AMP Threat Grid for Law Enforcement program is designed for state and local agencies with less than 1,000 sworn officers. In the United States, this encompasses more than 99.5% of law enforcement agencies.[i] Once empowered with AMP Threat Grid, within seconds of a threat intelligence query or within a few minutes of a submitting a suspicious file or URL for analysis, an investigator will have the ability to view and download an easy-to-read and comprehensive report detailing the actual behavior of the submitted file, including changes to the file system, registry, command-and-control communication, downloads, code injection and other malicious activity. In addition, AMP Threat Grid will correlate the file with the millions of samples and billions of artifacts in the threat intelligence database, providing instant global and historical context. The program also includes seamless integration with EnCase Forensic, to reduce investigators’ time and effort to identify and analyze suspected malware.
The AMP Threat Grid for Law Enforcement program includes:
- Two portal user accounts per agency
- Up to five samples (a suspicious file or computer program) or URLs submitted per day, per user, for analysis, through the portal or via the API integration with EnCase Forensic
- Unlimited sample queries through the portal or via the API integration with EnCase Forensic, including file hash values, IP addresses, domains, registry keys and file paths
- The AMP Threat Grid Malware Analysis and Intelligence for EnCase EnScript and installation guide, training manual and video, and EnCase case template
- Access to regularly scheduled law enforcement only WebEx sessions for training and peer discussion
- Discounts for law enforcement agencies who need more Threat Grid user accounts or a higher volume of daily samples submitted for analysis
Cisco will host a hands-on lab for threat intelligence and dynamic malware analysis at the Microsoft Digital Crime Consortium (DCC), March 9-13, 2015; and at the Computer and Enterprise Investigations Conference (CEIC) to be held at Caesars Palace in Las Vegas, May 18-21, 2015.
Law Enforcement investigators can register for the program on the Threat Grid Law Enforcement Program page. The AMP Threat Grid Malware Analysis and Intelligence for EnCase EnScript is available for download at no cost to Guidance Software’s customers from the EnCase App Central store; which includes a 30-day pilot of the full solution for non-law enforcement incident responders, with free malware sample submissions and contextual searches of the Threat Grid threat intelligence repository.