Cyber defense
Download 2.54 Mb. View original pdf
|
- Navigate this page:
- CIBERDEFENSA
| Digital forensics 361. No matter how solid the network defense is, it is not possible to repel all cyber attacks. Consequently, it is necessary to have a service with the capability to study the nature of the cyber attacks in detail once they have occurred, analyzing the malware and the TTPs used and identifying the origin. 362. Digital forensics uses special techniques that allow extracting encrypted, damaged and apparently deleted information, preserving the original information, as far as possible. The cyber force must consider two different digital forensics services, the regular and the battlefield services. 363. Regular digital forensics is the permanent service of the cyber force, made up of experts specialized in techniques and digital forensic science, aimed at obtaining detailed information on cyber attacks on its own networks. 364. A regular digital forensics team normally performs its work in optimal conditions of time, place and resources and therefore must strive to use forensic techniques and procedures very carefully and cautiously, to extract all possible information without damaging the original source, so that it can be used as evidence in court proceedings. 365. Battlefield digital forensics is a specific mission-oriented service for the extraction of information in the networks of adversaries. It is normally provided in three echelons the first echelon is the information extraction team the second echelon is the battlefield forensics team and the third echelon is the regular forensics service. 366. The information extraction team is made up of personnel from forces not specialized in forensic techniques (usually special operations forces) who, with basic forensic training and in the shortest possible time, must extract information and information devices from adversary networks, in hostile territory, in the best possible way so that this information can be analyzed by the battlefield forensic team or by the regular cyber force forensic service. 367. The battlefield forensic team is a deployed expert team that performs a quick analysis of the information extracted by the extraction team, in order to obtain useful information for ongoing operations. GUÍA DE CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 58 368. The regular forensics service is responsible for carrying out a more detailed analysis with the available information, in order to obtain useful intelligence for future operations. 369. In the context of a military campaign, the extraction team will strive to obtain information and devices, in the best and quickest way possible, so that it is useful for the second echelon without considering the potential damage to the original information that could affect a subsequent court proceeding. In this case, speed and information about the adversary take precedence over legal evidence preservation. 370. One of the problems that the regular digital forensic investigation service usually encounters is malware obfuscation Download 2.54 Mb. Share with your friends:
|