The book Information Security Systems has been published in late 2017 by Springer as part of the ? Lecture Notes in Computer Science book series.
Together with Prof. Luigi Mancini and dr. Agostino Panico of the Information Technology Department of the Sapienza University (Rome) I wrote the chapter titled “SOF on Trial. The Technical and Legal Value of Battlefield Digital Forensics in Court“.
Here is the abstract:
The transition from “ordinary” or “civil” digital forensics to battlefield digital forensics is characterized by the inclusion of the “time” variable into the equation that describes the process of finding, selecting and securing information gathered during forensics activities.
While in some cases (such as the post-factum investigation of the Military Police) there may indeed be time to follow usual standard forensics methods, as soon as the scenario turns into an emergency response or a Special Operations Forces (SOF) intervention, it may be difficult to do so. Therefore, the digital forensics best practices developed for the ordinary civil and criminal proceedings as well as its legal value must be re-thought and adapted to the different scenarios of deployment.
But does this latter statement mean that the technical standards should be less stringent and that Battlefield Digital Forensics has a lesser or no legal status when its outcomes will be judged in Court?
The aim of this paper is to try to answer these questions, challenging first the common assumption that there is only “one” way to define the robustness of digital forensics outcomes. Furthermore, the paper advocates that the value of these outcomes should be assessed on a relative, comparative way, setting the level of acceptance per actual operating scenario.
In other words: it is desirable that laboratory-performed digital forensics should match very strict technical procedures to be accepted as a scientific method in Court. But when evidence is gathered under duress and/or with limited technological support, the technical level of the digital forensics techniques and procedures should be adapted accordingly, while preserving its full legal value in a trial.
To draw in the clearest possible way all these distinctions and provide technical advice to the operators in the field, this paper starts with a classification of the kind of operations performed in a battlefield theatre, making a distinction among military operations, MP investigations, and International Criminal Court (ICC) trials. Then, it moves to a taxonomy of the rules of evidence set forth by the ICC and advocates that the technical standards that should be acceptable as evidence-supporting could be less stringent than those usually required in ordinary trials.
The second part of the paper describes the technical implications of the above-mentioned conclusion, by providing both a framework and technical suggestion to be implemented in battlefield operation.