By Capt. Andrew WeiJune 20, 2016
FORT GORDON, Ga. -- Flip the television to an episode of "Law and Order," "CSI" or any other police procedural, and you're guaranteed to see it happening -- detectives poring over a confiscated hard drive or smartphone looking for evidence of a crime.
Digital forensics has quickly become a key part of criminal investigations. With the vast amount of data and communications stored on digital devices, it is often the first place investigators look to find evidence of a crime.
Digital forensics is a key skill set for cyber operations at all levels, and the same forensic analysis techniques used by law enforcement are now being taught to military cyber operators.
Operators supporting units at the corps and below must master digital forensics tools to quickly extract data from digital evidence gathered from targeted objectives.
At the operational and strategic level, cyber operators need to be able to find data hidden in enemy systems and discover evidence of criminal or malicious activity in order to distinguish between hostile or non-hostile networks.
Four teams from the 782nd Military Intelligence Battalion and two from the Cyber Protection Brigade (CPB) here took part in a cyber challenge that furthered their training and insight into the field of digital forensics. The event was part of a quarterly series hosted by the battalion.
"This is what these challenges are all about," said Lt. Col. David Chang, the 782nd MI Bn. commander. "Giving teams the opportunity to build on their core skill sets and challenge each other through friendly competition."
The battalion's Effects Support Cell invited two researchers from Mississippi State University's Distributed Analytics and Security Institute, Demarcus Thomas and Christopher Lanclos, to teach an introductory course on forensic analysis.
The DASI operates the National Forensics Training Center, which provides digital forensics training to law enforcement agencies across the country. They touched on a variety of forensics topics and introduced Soldiers to tools available to conduct research and analysis on digital systems.
Once the classroom instruction was complete, the challenge began as the teams faced off in a race to identify the source of a simulated security leak in a corporate espionage case. Teams received a hard drive image of an employee of a bioengineering firm suspected of selling company secrets. Teams searched for evidence of espionage and created a timeline of criminal activity.
Chief Warrant Officer 3 John Bernal took part in the challenge with the B Company, 782nd MI Bn. team. A graduate of SANS 408 and 508 digital forensics analysis courses, Bernal said he enjoyed the event and believes it was a good fit for introducing Soldiers to digital forensics.
CPB members gave positive feedback on the challenge as well, and said it was an accurate representation of a real-life forensics scenario they might encounter as part of their cyber defense mission of protecting Department of Defense networks from intrusion and malicious activity.
After the scores were tallied, the team of four Soldiers from C Company, 782nd MI Bn. won the challenge, crediting attention to detail, accurate reporting and mastery of forensics tool sets for their success.