The transition from “ordinary” or “civil” digital forensics to battlefield digital forensics is characterized by the inclusion of the “time” variable into the equation that describes the process of finding, selecting and securing information gathered during forensics activities. While in some cases (such as the post-factum investigation of the Military Police) there may indeed be time to follow usual standard forensics methods, as soon as the scenario turns into an emergency response or a Special Operations Forces (SOF) intervention, it may be difficult to do so. Therefore, the digital forensics best practices developed for the ordinary civil and criminal proceedings as well as its legal value must be re-thought and adapted to the different scenarios of deployment. But does this latter statement mean that the technical standards should be less stringent and that Battlefield Digital Forensics has a lesser or no legal status when its outcomes will be judged in Court? The aim of this paper is to try to answer these questions, challenging first the common assumption that there is only “one” way to define the robustness of digital forensics outcomes. Furthermore, the paper advocates that the value of these outcomes should be assessed on a relative, comparative way, setting the level of acceptance per actual operating scenario. In other words: it is desirable that laboratory-performed digital forensics should match very strict technical procedures to be accepted as a scientific method in Court. But when evidence is gathered under duress and/or with limited technological support, the technical level of the digital forensics techniques and procedures should be adapted accordingly, while preserving its full legal value in a trial. To draw in the clearest possible way all these distinctions and provide technical advice to the operators in the field, this paper starts with a classification of the kind of operations performed in a battlefield theatre, making a distinction among military operations, MP investigations, and International Criminal Court (ICC) trials. Then, it moves to a taxonomy of the rules of evidence set forth by the ICC and advocates that the technical standards that should be acceptable as evidence-supporting could be less stringent than those usually required in ordinary trials. The second part of the paper describes the technical implications of the above-mentioned conclusion, by providing both a framework and technical suggestion to be implemented in battlefield operation.
SOF on trial. the technical and legal value of battlefield digital forensics in court / Mancini, L. V.; Monti, A.; Panico, A.. - 10717:(2017), pp. 9-26. (Intervento presentato al convegno 13th International Conference on Information Systems Security, ICISS 2017 tenutosi a ind) [10.1007/978-3-319-72598-7_2].
SOF on trial. the technical and legal value of battlefield digital forensics in court
Mancini L. V.;Panico A.
2017
Abstract
The transition from “ordinary” or “civil” digital forensics to battlefield digital forensics is characterized by the inclusion of the “time” variable into the equation that describes the process of finding, selecting and securing information gathered during forensics activities. While in some cases (such as the post-factum investigation of the Military Police) there may indeed be time to follow usual standard forensics methods, as soon as the scenario turns into an emergency response or a Special Operations Forces (SOF) intervention, it may be difficult to do so. Therefore, the digital forensics best practices developed for the ordinary civil and criminal proceedings as well as its legal value must be re-thought and adapted to the different scenarios of deployment. But does this latter statement mean that the technical standards should be less stringent and that Battlefield Digital Forensics has a lesser or no legal status when its outcomes will be judged in Court? The aim of this paper is to try to answer these questions, challenging first the common assumption that there is only “one” way to define the robustness of digital forensics outcomes. Furthermore, the paper advocates that the value of these outcomes should be assessed on a relative, comparative way, setting the level of acceptance per actual operating scenario. In other words: it is desirable that laboratory-performed digital forensics should match very strict technical procedures to be accepted as a scientific method in Court. But when evidence is gathered under duress and/or with limited technological support, the technical level of the digital forensics techniques and procedures should be adapted accordingly, while preserving its full legal value in a trial. To draw in the clearest possible way all these distinctions and provide technical advice to the operators in the field, this paper starts with a classification of the kind of operations performed in a battlefield theatre, making a distinction among military operations, MP investigations, and International Criminal Court (ICC) trials. Then, it moves to a taxonomy of the rules of evidence set forth by the ICC and advocates that the technical standards that should be acceptable as evidence-supporting could be less stringent than those usually required in ordinary trials. The second part of the paper describes the technical implications of the above-mentioned conclusion, by providing both a framework and technical suggestion to be implemented in battlefield operation.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
