(l. to rt.) Rich Nolan with senior members of the DIID technical staff Matthew Geiger, and Cal Waits.
Albert Gonzales managed to pull off the largest cyber theft in U.S. history.
But he was no match for the U.S. Secret Service, assisted by computer forensics scientists at Carnegie Mellon University's Software Engineering Institute (SEI).
Their work led to a 20-year prison sentence for Gonzales — the largest sentence on record for a computer criminal.
Think of it as CSI: Computers.
The Digital Intelligence and Investigation Directorate (DIID) group at the SEI consists of former agents, former military and intelligence officers, and a host of researchers.
They are tasked with investigating and preserving the digital crime scene — analyzing network traffic, providing operational support to government agencies, and assisting in incident response.
"We are a national resource in cybercrime investigation," explained Rich Nolan, who directs the DIID group.
Through their operational work with government agencies, the team has become extraordinarily relevant in understanding the state of practice of cybercrime and the new tactics being employed, Nolan says.
"It focuses our research efforts. It enables us to improve security measures and improve our response."
Their secret weapons? We can't tell you that — not really.
"We've got very smart people, and we use technologies developed in-house that are not commercially available," Nolan explained.
Not only are they making cyberspace safer, but students at CMU are benefitting from their expertise.
"Through the forensics track of CMU's INI program, we take our operational experience and bring it to the classroom," he said.
Their work at the national level has resulted in the two largest computer-related sentences on record: Gonzales as well as Max Butler, who was sentenced to 13 years.
The U.S. Secret Service recently honored Nolan and Matthew Geiger, a senior member of the technical staff in the DIID group, with the Director's Recognition Award.
The award was given for providing assistance in the TJX investigation, which involved a network intrusion that compromised customer records at T.J. Maxx, Marshall's and other retailers.
Eleven individuals were indicted in 2008 in connection with the data breach. It was one of the largest data breaches in U.S. history.
The individuals were allegedly responsible for the theft of account data for more than 90 million credit and debit cards over a six-year period.