Digital Triage Forensics: Processing the Digital Crime Scene
2/5
()
About this ebook
Digital Triage Forensics: Processing the Digital Crime Scene provides the tools, training, and techniques in Digital Triage Forensics (DTF), a procedural model for the investigation of digital crime scenes including both traditional crime scenes and the more complex battlefield crime scenes. The DTF is used by the U.S. Army and other traditional police agencies for current digital forensic applications. The tools, training, and techniques from this practice are being brought to the public in this book for the first time. Now corporations, law enforcement, and consultants can benefit from the unique perspectives of the experts who coined Digital Triage Forensics. The text covers the collection of digital media and data from cellular devices and SIM cards. It also presents outlines of pre- and post- blast investigations.
This book is divided into six chapters that present an overview of the age of warfare, key concepts of digital triage and battlefield forensics, and methods of conducting pre/post-blast investigations. The first chapter considers how improvised explosive devices (IEDs) have changed from basic booby traps to the primary attack method of the insurgents in Iraq and Afghanistan. It also covers the emergence of a sustainable vehicle for prosecuting enemy combatants under the Rule of Law in Iraq as U.S. airmen, marines, sailors, and soldiers perform roles outside their normal military duties and responsibilities. The remaining chapters detail the benefits of DTF model, the roles and responsibilities of the weapons intelligence team (WIT), and the challenges and issues of collecting digital media in battlefield situations. Moreover, data collection and processing as well as debates on the changing role of digital forensics investigators are explored.
This book will be helpful to forensic scientists, investigators, and military personnel, as well as to students and beginners in forensics.
- Includes coverage on collecting digital media
- Outlines pre- and post-blast investigations
- Features content on collecting data from cellular devices and SIM cards
Stephen Pearson
Stephen Frank Pearson was born in Aylesbury, England in 1963 and has been involved with Digital Media Exploitation since the early 1990's. Stephen served in the United States Army as a Military Policeman for over 21 years. During this time, Stephen wrote and compiled numerous texts that are still used today to train the Army’s Military Police and Investigators. Stephen's last military assignment was Non Commissioned Officer in Charge of the Advanced Technology Criminal Investigations Division at the Military Police School, Ft Leonard Wood, Missouri. After retiring, Stephen accepted a position as chief of detectives at the Pulaski County Sheriffs Office in Missouri. Stephen opened the first Digital Forensic Lab at the Sheriff's Department which was responsible for numerous convictions. Stephen, during this time, also started and ran the High Tech Crime Institute. In 2006 Stephen was contracted by the National Ground Intelligence Center to teach and design a course in Digital Triage Forensics for the new WIT teams deploying to Iraq and Afghanistan. To date, Stephen continues to teach and design new procedures that enable small team units to gather and exploit Digital Media from the Battle Space. Stephen currently lives in Palm Harbor, Florida and is the CEO of the High Tech Crime Institute.
Related to Digital Triage Forensics
Related ebooks
Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsMalware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Digital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsIntegrating Python with Leading Computer Forensics Platforms Rating: 0 out of 5 stars0 ratingsData Hiding Techniques in Windows OS: A Practical Approach to Investigation and Defense Rating: 5 out of 5 stars5/5Computer Forensics: A Pocket Guide Rating: 4 out of 5 stars4/5Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats Rating: 3 out of 5 stars3/5Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace Rating: 0 out of 5 stars0 ratingsCloud Storage Forensics Rating: 4 out of 5 stars4/5Unified Communications Forensics: Anatomy of Common UC Attacks Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Introduction to Cyber-Warfare: A Multidisciplinary Approach Rating: 5 out of 5 stars5/5Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations Rating: 0 out of 5 stars0 ratingsData Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5The Basics of Cyber Warfare: Understanding the Fundamentals of Cyber Warfare in Theory and Practice Rating: 4 out of 5 stars4/5Practical Digital Forensics Rating: 0 out of 5 stars0 ratingsXBOX 360 Forensics: A Digital Forensics Guide to Examining Artifacts Rating: 4 out of 5 stars4/5Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners Rating: 4 out of 5 stars4/5Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis Rating: 0 out of 5 stars0 ratingsCybercrime Investigators Handbook Rating: 0 out of 5 stars0 ratingsHow to Defeat Advanced Malware: New Tools for Protection and Forensics Rating: 0 out of 5 stars0 ratingsImplementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsLearning Android Forensics Rating: 4 out of 5 stars4/5X-Ways Forensics Practitioner’s Guide Rating: 0 out of 5 stars0 ratingsHacking and Penetration Testing with Low Power Devices Rating: 2 out of 5 stars2/5No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Rating: 4 out of 5 stars4/5Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology Rating: 4 out of 5 stars4/5Network Security Traceback Attack and React in the United States Department of Defense Network Rating: 0 out of 5 stars0 ratings
Information Technology For You
Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5Personal Knowledge Graphs: Connected thinking to boost productivity, creativity and discovery Rating: 0 out of 5 stars0 ratingsUnity Game Development Essentials Rating: 5 out of 5 stars5/5Inkscape Beginner’s Guide Rating: 5 out of 5 stars5/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsData Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5How To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsData Governance For Dummies Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5An Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Learning Website Development with Django Rating: 0 out of 5 stars0 ratingsThe Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Investigating Child Exploitation and Pornography: The Internet, Law and Forensic Science Rating: 5 out of 5 stars5/5Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Supercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5The iPadOS 17: The Complete User Manual to Quick Set Up and Mastering the iPadOS 17 with New Features, Pictures, Tips, and Tricks Rating: 0 out of 5 stars0 ratingsHandbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5An Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5A Civic Technologist's Practice Guide Rating: 0 out of 5 stars0 ratingsCompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratings
Reviews for Digital Triage Forensics
1 rating0 reviews
Book preview
Digital Triage Forensics - Stephen Pearson
http://mobileforensics.wordpress.com.
New age of warfare
How digital forensics is reshaping today's military
Not since the use of improvised explosive devices (IEDs) by the Irish Republican Army in the United Kingdom have we seen extensive use of IEDs as we have during combat operations against American and coalition forces in Iraq and Afghanistan as a primary force multiplier and sometimes tactical advantage. These IEDs have been taken to a level of use in modern warfare that has shown to be effective for an enemy with inferior technology or organized modern army. From homemade explosives to modified military ordnance, IEDs have become the preferred weapon of choice for insurgents operating in Iraq and Afghanistan. Weapons technical intelligence (WTI) is being developed daily on today's IED components so that tactics, techniques, and procedures (TTPs) can be developed to thwart activities directed at U.S. ground forces as they move about the battlefield. Weapons intelligence teams (WITs) are being fielded to further WTI collection as well as the exploitation of IED materials and electronic digital media. With so much emphasis on all realms of forensics, Baghdad has become the hub for battlefield evidence collection and relevant in prosecuting the war. Military intelligence and evidence have merged as a vehicle to capture and prosecute enemy combatants taking full advantage of modern technology to root out actionable intelligence through digital forensics, thus creating battlefield cops out of everyday modern soldiers.
Yesterday's booby trap
is today's IED
Today's battlefield in Iraq and Afghanistan has generated many changes in how U.S. military services conduct warfare in the twenty-first century. One evident change is how U.S. enemies are using anything they can to blow up U.S. ground forces and cause massive casualties instead of face-to-face combat as in past wars. Enemy forces that do not have superior numbers and firepower are creating IEDs as a force multiplier causing chaos and fear wherever they are detonated. Unfortunately, these devices are being used against civilian populations as well when enemy forces target local government officials, such as host nation police and security forces. This tactic has proven to stall cooperation between our military forces and the host nation government. Judges and community leaders have been the target of IED attacks in an attempt to sap the will of the local population and further the enemy's political agenda.
In past armed conflicts, small explosive devices have been used or altered to create booby traps,
thus wounding, maiming, and killing a very small number of soldiers. These traps were not used as a major tactic to employ against our military forces, but as a way to slow us down and create casualties to tie up two to four personnel to take care of any dead or wounded created from the trap. Don't get me wrong, IEDs are not a new phenomenon; they just have not been as prevalent on the battle field as they are in this century.
There have been enormous amounts of military ordnance that have been created that are explosive in nature and are designed for specific missions, such as land and water mines. These devices are usually hidden from unsuspecting enemy forces and are detonated when struck, run over, or stepped on. The claymore mine is an antipersonnel explosive device that can be preset and detonated manually by the emplacer or set as a booby trap
and set off by the unsuspecting victim. You may be wondering how this differs from IEDs. The difference is that military ordnance is manufactured to specific guidelines and in many cases for specific weapon systems that they can be fired from, such as mortars and artillery shells. IEDs are generally military ordnance that has been improvised
in some way to be detonated by means other than the originally intended one (see Figure 1.1).
Figure 1.1 Artillery Shell IED emplaced in a road.
Photograph taken by the author, Rich Watson.
Other IEDs that have been developed by local insurgents have been created by manufacturing containers, filling them with military grade explosives or homemade explosives (HME) and rigging them with some sort of initiation device (see Figure 1.2). More will be discussed about different types of IEDs in Chapter 3.
Figure 1.2 Homemade IED container with victim-operated pressure switch.
Photograph taken by the author, Rich Watson.
The insurgents in Iraq have been quite successful in using IEDs against U.S. troops and other military forces since U.S. forces landed on their soil in 2003. In 2009, IED activity began ramping up in Afghanistan as focus turned to the U.S. military forces with the United States' attempts to defeat the Taliban. With all of the United States' high-tech ways of conducting warfare, IEDs have proven that low-tech still has its place in modern warfare. The amount of sophistication that goes into an IED depends on training and background of the actual IED maker and the amount of money available in the region to purchase bomb making materials, to name just a few. During my time in Iraq, I was located in AR Ramadi, a large city in the Al Anbar province of western Iraq. Most of the IEDs I saw were not as sophisticated as devices seen in Baghdad. I referred to some of the common IEDs I saw as Red Neck IEDs
as they were made from any materials they could find. Some worked and some did not.
Weapons technical intelligence
So where have all these developments taken us today in modern warfare? The use of IEDs is considered asymmetric warfare and is quite effective for the enemy to use. Because of the use of IEDs, WTI was added to traditional Technical Intelligence (TECHINT) of weapons as a response to the threat. TECHINT is basically the gathering of information about weapons systems of U.S. enemies. WTI is just a category of intelligence gathered from technical and forensic collection of IEDs. Intelligence and forensic evidence gathered help soldiers, sailors, marines, and airmen in their battle spaces to learn the TTPs of the enemies they face.
Every time IED materials are collected from pre- or postlast investigations, the components, wiring, and overall build of the device is examined to determine if new techniques are being implemented to develop IEDs that could defeat the United States' current TTPs. One device that we're focused on in this book is the use of cell phone technology and its use as an IED component.
As you will read in Chapter 5 cell phones are used extensively to detonate IEDs and to store and transmit photographs and data related to insurgent cells, IED sites, and future IED attacks. Cell phone technology has advanced rapidly in the last 15 years and they are now small computers that are capable of being used not only as phones but also powerful electronic processing devices. For a long time, desktop computers and laptops have been the most powerful sources of computing ability available for everyday use. Now cell phones are replacing even laptops as a primary means to conduct business and everyday life with the ability to access the Internet from almost anywhere. As you will see in Chapter 4 computers still have a major role in storing large amounts of data by insurgent cells that can effectively be exploited even when data is supposedly deleted from the system's hard drive. Because of cell phone and computer usage in relation to IED manufacturing, you'll no doubt see these items listed as part of WTI lexicon documentation in the