• Military Forensics

    Military Forensics

  • 1

Military Digital Forensics

Collect, Exploit, and React in the Field

Timely access to battlefield intelligence can mean the difference between success and failure for any combat operation.  In the asymmetrical battlefield of today, this reality is even more pronounced as combat forces undertake operations previously associated with police or intelligence agencies. 

Forward Defense understands this reality.  Our staff come from law enforcement and military environments where failures in the field result in loss of life.  We understand the need for actionable intelligence under less than ideal circumstances. Intelligence that can inform tactical and strategic decisions, but only if it is collected and processed in time to matter.

Military Digital Forensics

To address this reality, we have developed a ruggedized, field forensics kit with the forward deployed operator in mind.  The kit provides a forensics lab, hardened for hostile environments, that easily fits into a small backpack.  The kit is capable of extracting evidence and intelligence from mobile phones, tablets, laptops, desktop computers, and GPS units in the field, where the information can be used to assist interrogations, inform arrest or detention decisions, identify potential threats and triage potentially hostile situations.

This one kit combines the best of breed forensics tools from around the globe into a single, integrated solution.  Our experts provide the training, methodologies, and technical knowledge to convert any field deployed personnel into a mobile forensics expert, empowering your agency to access lifesaving digital intelligence in the field, where and when it matters.  Whether at a checkpoint, a sensitive site exploitation, or a chance encounter on patrol, having access to information stored on encountered digital devices informs field decisions to support your mission, and save lives.

Field Forensics Kit

One of the biggest obstacles to exploiting digital intelligence in the field is the lack of highly training forensics experts.  Most agencies keep their forensic analysts assigned to a laboratory setting, where their skills are critical but making it difficult to exploiting digital intelligence in the field.  Our solution uses the most advanced forensic automation techniques to address this challenge. By automating many of the steps traditionally performed manually by laboratory experts, we allow field personnel to access digitally stored information without the need to transport seized items to a central location for further analysis. 

Our kits consist of military-spec, ruggedized hardware that protects against water, dirt, sand, temperature, shock and other hazards encountered under field conditions.  We use only the most durable storage solutions so that you can rest assured that once the data is extracted, it will remain intact even through hostile conditions.  Our kit provides solutions for mobile devices, such as phones, tablets and GPS units, as well as for computers, including Windows, Linux and Macintosh.

Field Forensics Kit

Mobile Device Solution

Mobile Device Solution

Our mobile device forensics solution includes a Panasonic Toughbook with best of breed mobile device extraction software, including Cellebrite UFED4PC, XRY Office, Oxygen Forensic Analyst and Magnet Axiom.  No one mobile device forensics product is able to extract information from all mobile devices, so by combining the best of products from around the world we maximize the success rate for field collections.  While no system is able to extract data from all mobile devices, our system provides the maximum possible success rate in a mobile, rugged package.

Our solution maximizes the automation possible in the acquisition of data from mobile devices through automatic detection of supported devices, a simple touch screen interface, an in-field review of extracted results.  This allows operators that are not forensic experts to effectively extract and review the contents of mobile devices found at search scenes or seized from suspects while in the field.  The results of these reviews can assist in corroborating information obtained through field interviews, helping to identify non-cooperating suspects, and uncovering affiliations and intent while operators are still able to respond to this new intelligence.

Mobile Device Solution

Computer Triage Solution

In order to address field collection of data stored on computers, we provide a number of different options.  Operators can choose the method that best meets the dynamics of each situation to account for the time available and the objectives of the acquisition.  If time and circumstances permit, we provide tools for complete forensic acquisition of digital media including hard drives, solid state drives, and removable media devices.  Alternatively, we provide field triage technologies that automate searching a computer for files of interest such as pictures, internet history, key words, watch lists of known items of interest such as names, phone numbers, email addresses, or other indicators of affiliation with known criminal or illegal groups.  We combine the most advanced products including ADF Triage G2, Magnet Axiom, Sumuri Recon, and EnCase Portable to provide a full toolkit of computer media exploitation solutions, using the most rugged storage media available to ensure durability.

By providing as much automation as possible, our solution enables operators to reproduce the majority of the results of a digital forensics laboratory examination while still in the field.  While a fully trained and equipped forensics expert working under laboratory conditions will always be the most complete way to exploit digital media, our solutions allows field personnel to extract the majority of the results that a laboratory could produce with minimal training and while still on scene when the information is able to assist in the ongoing field decision making.

Digital Intelligence Bundle

Digital Intelligence Bundle

In addition to the field collection and review capability provided by our Field Forensics Kit, we recommend the Digital Intelligence Bundle to maximize the value of collected information.  This bundle includes the software needed to perform basic link analysis from data extracted by many mobile devices.  This allows intelligence analysts at a forward operating base to uncover links between different suspects based on common data points in their mobile devices, such as people called, contact numbers stored, skype messages sent, and other indicators. 

We also provide technologies to assist in the collection of data stored in the cloud.  Many suspects will store or reveal the credentials for their online cloud accounts, where additional evidence may be stored. We provide the tools necessary to use those credentials to collect such information in an automated fashion to assist in analysis efforts and presentation of such evidence in court. 

With our Digital Intelligence Bundle, analysts are empowered to provide more insight into the information collected, using it to surface previously unknown connections between combatants, identify potential sources of intelligence in the cloud, and develop and maintain watch lists of known targets, groups, or indicators of potential enemy alliances. These watch lists can be used to program each Field Forensics Kit to automatically scan digital devices seized in the field to detect information that may indicate that an encountered individual has affiliations with hostile groups.  This critical component allows your agency to complete the intelligence cycle as illustrated below:

The Process of Field Collection Informed by Updated Intelligence

Digital Intelligence Bundle

Training

Our team will provide training not only in the technologies provided in our kit, but also in the basic technology understanding needed to identify and seize digital evidence under feel conditions.  We design and deliver technical procedures to establish a fixed protocol among operators for how to extract evidence in the field, document their actions, and produce court admissible records of their search and seizure methodologies.  Our training combines all of these elements into a comprehensive capability development package that allows your people to fully understand the technology and process that makes our solution successful.