The idea you wish to view belongs to a community that requires acceptance of terms and conditions.
on
Abstract
We have developed a prototype plug-and-play forensics system consisting of a USB Bash Bunny evidence extractor and a Windows-based analysis software, that analyzes the data gathered by the extractor. The solution allows first responders, and by extension member states, to identify digital terrorist activities, in a more timely manner.
Description
The increasing use of technology by terrorists to facilitate or commit acts of terrorism is a cause for concern. With the widespread availability of computing devices and the ubiquity of the internet, terrorist organizations such as ISIS and Al-Qaeda have taken to technology to reach out to audiences far and wide, and increasingly, building capability and engaging in cyber-offensive activities against their targets.
The use of technology by terrorists also leave behind an increasing amount of digital artifacts on the computing systems used. The use of a web browser to post terrorist-related communications, for example, leaves behind traces in the form of browser history, cached data, and at times, saved passwords and personal information. Emails and messages sent from a terrorist's computer or mobile device may be cached, and installed software may reveal what the system is used for. Specialized software such as cryptocurrency wallets or hacking tools may indicate the user's use of such capability. Such information, when obtained by law enforcement agents or the military, can be useful in identifying terrorist activities and hindering future terrorist actions.
Under normal circumstances, the process of obtaining and analyzing such data is typically the responsibility of a digital forensic investigator, or forensic analyst. Their job, upon receiving digital devices secured by first responders, is to acquire evidence from the devices and present the evidence to relevant stakeholders to act upon. All this requires time, specialized training, and is typically done in a forensics lab with specialized tools that can be quite costly.
In the case of terrorism and terrorist-related activities, the time delay and multistage process may not be desirable. In particular, the following issues may be observed
A common approach on the scene is to conduct triage inspection of digital evidence sources at the scene. This allows first responders to prioritize preservation efforts on the scene, on the basis of volatility and importance of data. However, this still requires training and specialized knowledge for the responders, which apart from time, has an element of consistency in terms of quality.
We hence propose a technical solution for first responders to obtain actionable information about digital terrorist activity on the field in a plug-and-play manner. Our solution, currently as a prototype, consists of a USB Bash Bunny device that functions as an evidence extractor and a Windows laptop or tablet running our analysis software, that analyzes the data gathered by the extractor. The solution allows first responders, and by extension member states, to identify digital terrorist activities, in a more timely manner.
One of our goal is for such solution to be mass-adoptable, hence the hardware used in the solution are commercial-off-the-shelf, and software being both custom and community code integrated into our framework.
Tan Guan Hong, Roysten Ng Kiang Ann, Muhammad Farid Bin Shafie
Help to Improve This Idea.