BATTLEFIELD DIGITAL FORENSICS

More documents

Recommendations

Info

8.1 Exfiltration Process .............................................................................................................................. 42 8.2 Very Portable Media and Electronic Devices Collection ...................................................................... 43 8.3 Portable Devices Collection ................................................................................................................. 43 8.4 Non-Portable Devices Collection ......................................................................................................... 46 8.5 Equipment and Tools Required ........................................................................................................... 51 8.6 Document Phase .................................................................................................................................. 51 8.6.1 Photographing/Recording the Scene .............................................................................................. 51 8.6.2 Packaging and Labelling .................................................................................................................. 51 9 Sustaining the Data ....................................................................................................................................... 53 9.1 Surveillance Software Installation and Forensics Data Extraction ...................................................... 54 9.2 An Optimised E-Discovery Tool ........................................................................................................... 54 9.3 Establishing a Temporary Wireless Local Area Network ..................................................................... 55 9.4 Access to Satellite ................................................................................................................................ 55 9.5 Access to UAVs and Other Aerial Vehicles ........................................................................................... 56 9.6 Establishing Wireless Sensor Networks ............................................................................................... 58 9.7 General Overview of Alternatives ....................................................................................................... 59 10 Chain of Custody ...................................................................................................................................... 60 10.1 Legal Framework for Operations ......................................................................................................... 60 10.2 SOF Operations .................................................................................................................................... 60 10.3 Documentation of Evidence ................................................................................................................ 61 10.4 ‘Illegal’ Evidence .................................................................................................................................. 61 10.5 Responsibility for Obtained Evidence .................................................................................................. 62 11 References ............................................................................................................................................... 63 12 Biographies .............................................................................................................................................. 67 13 Acknowledgements .................................................................................................................................. 68 5
Figures Figure 1. The Targeting Cycle [3]........................................................................................................................... 11 Figure 2. Transparent USB drive. .......................................................................................................................... 15 Figure 3. A faulty laptop explosive device used in a 2013 attack on Mogadishu, Somalia ................................... 16 Figure 4. Faraday Cage. ......................................................................................................................................... 17 Figure 5. DTN example of store-and-forward functionality [11]........................................................................... 22 Figure 6. High level examples of DTN-based and opportunistic networking. ....................................................... 23 Figure 7. Example USB slot in a motherboard. ..................................................................................................... 31 Figure 8. Autothysis128t ....................................................................................................................................... 33 Figure 9. Piles of dead hard drives. ....................................................................................................................... 34 Figure 10. Examples of messy cable management setups from server rooms. .................................................... 35 Figure 11. a) PiZero Cluster and b) an example design of the case for it. ............................................................. 35 Figure 12. CinnXP-Luna theme in Linux; it looks similar to Microsoft Windows XP. ............................................. 36 Figure 13. a) Hand-soldered example of USB Killer and b) the same device obfuscated to look like a regular USB flash drive. ............................................................................................................................................................. 39 Figure 14. How to remove battery from a laptop (example). ............................................................................... 45 Figure 15. a) Firewire port on the laptop (port in the middle) [29] and b) two Firewire ports [30]. .................... 45 Figure 16. Locating computer’s drive bay with the hard drive [36]. ..................................................................... 49 Figure 17. Removing the drive from the drive bay [36]. ....................................................................................... 49 Figure 18. Removing the drive from the drive bay [36]. ....................................................................................... 49 Figure 19. Unplugging data cable and power cable [36]....................................................................................... 50 Figure 20. Unplugging the SATA data cable and SATA power cable from the SSD drive [37]............................... 50 Figure 21. ABSOLUTE System Architecture. .......................................................................................................... 58 Figure 22. Smart Dust sensor. ............................................................................................................................... 59 Table Table 1. Statistical Gatherable Intelligence Table, based on Chapter 8. ............................................................... 29 Flowcharts Flowchart 1. Collecting digital evidence................................................................................................................ 14 Flowchart 2. Anti-forensics mapped to SIDSS. ...................................................................................................... 41 Flowchart 3. Exfiltration process. .......................................................................................................................... 42 Flowchart 4. Portable devices collection process. ................................................................................................ 44 Flowchart 5. Non-portable devices collection process. ........................................................................................ 47 6
Page 1 and 2: Christian Braccini, Teemu Väisäne
Page 3 and 4: About the NATO CCD COE The NATO Coo
Page 5: Table of Contents About the NATO CC
Page 9 and 10: LED Linux LTE MANET materiel MEDEX
Page 11 and 12: properly discovered, preserved and
Page 13 and 14: From a targeting perspective, digit
Page 15 and 16: . Utilise the existing internet con
Page 17 and 18: Figure 3. A faulty laptop explosive
Page 19 and 20: 5 Onto the Battlefield Christian Br
Page 21 and 22: 6 Computer Forensics Agostino Panic
Page 23 and 24: In a wireless ad-hoc network, all t
Page 25 and 26: However, this solution is impossibl
Page 27 and 28: Connection Backup: The vector shoul
Page 29 and 30: The goal of this statistical approa
Page 31 and 32: 7 Anti-Forensics Measures Teemu Vä
Page 33 and 34: Recommendation: When designing and
Page 35 and 36: As presented by Azadegan, Liu, Sist
Page 37 and 38: Recommendation: Be aware that harml
Page 39 and 40: security for smartphones are descri
Page 41 and 42: If any marks of explosives are dete
Page 43 and 44: 8 Exfiltration Solutions Michal Sad
Page 45 and 46: Portable device found Laptop Type o
Page 47 and 48: As with other portable devices (suc
Page 49 and 50: Devices might be found in different
Page 51 and 52: 4. Remove the drive from the drive
Page 53 and 54: items of the evidence, typically on
Page 55 and 56: 9.1 Surveillance Software Installat
Page 57 and 58:
A communication channel to satellit
Page 59 and 60:
Figure 21. ABSOLUTE System Architec
Page 61 and 62:
10 Chain of Custody Kris van der Me
Page 63 and 64:
police or other official investigat
Page 65 and 66:
[15] E. Imsand and J. A. Hamilton,
Page 67 and 68:
[46] J. M. Kahn, R. H. Katz, and K.
Page 69:
13 Acknowledgements Authors of the
show all

BATTLEFIELD DIGITAL FORENSICS

Create successful ePaper yourself

Delete template?

Save as template?