BATTLEFIELD DIGITAL FORENSICS
BDF_Battlefield_Digital_Forensics_final
BDF_Battlefield_Digital_Forensics_final
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9<br />
Sustaining the Data<br />
Hayretdin Bahşi<br />
In the limited time-frame of an operation, SOF operators may not have the opportunity to collect all the<br />
devices. One alternative way of obtaining information from the devices may be to install surveillance software<br />
on the target devices and set up an information channel based on the existing internet connection or a network<br />
which can be swiftly established in the theatre during the operation. This information channel may enable<br />
collection of the data to begin during the operation. The collection phase may even continue after the<br />
completion of the mission, depending on the survivability of the channel.<br />
In this chapter, existing technology and research projects are investigated for the preliminary analysis of gaps<br />
between current technology and the solutions required specifically for battlefield digital forensics. Using an<br />
existing internet connection for data extraction is a widely known scenario which can be executed using<br />
existing tools and technology. Thus, this chapter does not cover detailed discussion of data exfiltration via the<br />
internet, but focuses on establishing an additional network infrastructure.<br />
In cases where an internet connection is not available, SOF operators may apply two approaches for data<br />
collection. The first approach is to establish a temporary wireless local area network (WLAN) in the site area<br />
and place a data collection server in this network, which remains in the area only during the operation. The<br />
data collector server acts as the computer that stores the obtained digital forensics data. A helicopter can be<br />
included in the WLAN so that it can host the data collector, which eliminates the need for carrying an additional<br />
device. In this approach, all the network components are removed from the site after the completion of the<br />
mission, which means that collection of the forensics data is only enabled during the operation time. However,<br />
the local area network may provide a high data transfer rate.<br />
The second approach is to establish a connection to a satellite or a drone (UAV) from the theatre, which will<br />
still remain after the operation. In this approach, the forensics data is transferred with lower data transfer<br />
rates, but the connection continues until the related network devices run out of battery or the enemy destroys<br />
the connection infrastructure. If the position of the UAV enables it to be part of a WLAN, higher data transfer<br />
rates may be possible. The data collector can be located in a secured site, which can be accessible over satellite<br />
or UAV; it may even be integral to the UAV itself. The main drawback of this approach is that it requires leaving<br />
network devices in the theatre after the operation, which may cause higher operation costs or create room for<br />
the enemy to carry out forensics analysis on the devices and conduct cyber-attacks against the data collector.<br />
Regardless of the alternative chosen, the relevant network infrastructure should be designed according to the<br />
inherent limits of operations. The first requirement is that the devices of this network should be easily<br />
deployable and require only a small amount of configuration during the setup. This configuration should be<br />
possible for non-technical people to do in a short time. Secondly, all the installation equipment and network<br />
devices should be portable and should not exceed the carriage limits. Thirdly, network devices with lower<br />
energy consumption and higher bandwidth capacities are preferable in order to increase the amount of<br />
forensics data that can be obtained from the site. Lastly, environmental and structural factors such as the<br />
existence of walls and signal blocking materials, and the weather situation, should be carefully considered<br />
during the network establishment phase.<br />
The analysis given in this chapter focuses on establishing wireless networks due to their easy deployment.<br />
Therefore, digital devices which already have wireless interfaces can be chosen as targets for the data<br />
extraction. The SOF operators may also insert wireless USB adapters to the relevant targets that have no<br />
wireless interfaces.<br />
53