SOF on Trial. The Technical and Legal Value of Battlefield Digital Forensics in Court

  • Luigi V. Mancini
  • Andrea Monti
  • Agostino Panico
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10717)


The transition from “ordinary” or “civil” digital forensics to battlefield digital forensics is characterized by the inclusion of the “time” variable into the equation that describes the process of finding, selecting and securing information gathered during forensics activities. While in some cases (such as the post-factum investigation of the Military Police) there may indeed be time to follow usual standard forensics methods, as soon as the scenario turns into an emergency response or a Special Operations Forces (SOF) intervention, it may be difficult to do so. Therefore, the digital forensics best practices developed for the ordinary civil and criminal proceedings as well as its legal value must be re-thought and adapted to the different scenarios of deployment.

But does this latter statement mean that the technical standards should be less stringent and that Battlefield Digital Forensics has a lesser or no legal status when its outcomes will be judged in Court?

The aim of this paper is to try to answer these questions, challenging first the common assumption that there is only “one” way to define the robustness of digital forensics outcomes. Furthermore, the paper advocates that the value of these outcomes should be assessed on a relative, comparative way, setting the level of acceptance per actual operating scenario.

In other words: it is desirable that laboratory-performed digital forensics should match very strict technical procedures to be accepted as a scientific method in Court. But when evidence is gathered under duress and/or with limited technological support, the technical level of the digital forensics techniques and procedures should be adapted accordingly, while preserving its full legal value in a trial.

To draw in the clearest possible way all these distinctions and provide technical advice to the operators in the field, this paper starts with a classification of the kind of operations performed in a battlefield theatre, making a distinction among military operations, MP investigations, and International Criminal Court (ICC) trials. Then, it moves to a taxonomy of the rules of evidence set forth by the ICC and advocates that the technical standards that should be acceptable as evidence-supporting could be less stringent than those usually required in ordinary trials.

The second part of the paper describes the technical implications of the above-mentioned conclusion, by providing both a framework and technical suggestion to be implemented in battlefield operation.


Digital forensics Battlefield digital forensics Special Operations Forces 


  1. 1.
    Monti, A., Kennealy, E.: Case study: a failure success clothing. Digit. Invest. 2, 247–253 (2005)CrossRefGoogle Scholar
  2. 2.
    United States v. Harrington, 923 F.2d 1371 (1994) Google Scholar
  3. 3.
    United States Supreme Court - Utah vs. Strieff - Certiorari to the Supreme Court of Utah No. 14–1373. Argued 22 February 2016—Decided 20 June 2016Google Scholar
  4. 4.
    Criminal Court of Bologna, Decision n. 1823/05 (2017)Google Scholar
  5. 5.
    Criminal Court, Decision n. 44851 (2012)Google Scholar
  6. 6.
    Braccini, C., Vaisanen, T., Sadlon, M. et. al.: Battlefield Digital Forensics Digital Intelligence and Evidence, pp. 1–69 (2016)Google Scholar
  7. 7.
    Corte di cassazione (Italian Supreme Court) Orders nn. 8605 and 8606 (2015)Google Scholar
  8. 8.
    Corte di cassazione (Italian Supreme Court) Orders n. 9760 (2015)Google Scholar
  9. 9.
    Chiccarelli, S., Monti, A.: Spaghetti Hacker. Pescara: s.n., p. 187 (2011)Google Scholar
  10. 10.
    Pearson, S., Watson, R.: Digital Triage Forensics. s.l.: Syngress (2010)Google Scholar
  11. 11.
    Rogers, M.K., et al.: Computer forensics field triage process model. J. Digit. Forensics Secur. Law 1, 19–38 (2006)Google Scholar
  12. 12.
    Grillo, A., et al.: Fast user classifying to establish forensic analysis priorities. In: Fifth International Conference on IT Security Incident Management and IT Forensics (2009)Google Scholar
  13. 13.
    Marturana, F., Tacconi, S.: A Machine Learning-based Triage methodology for automated categorization of digital media. Digit. Invest. 10, 193–204 (2013)CrossRefGoogle Scholar
  14. 14.
    NATO CCDCOE. Crossed Sword Exercise. Tallinn: s.n. (2017)Google Scholar
  15. 15.
    Giannelli, P.C.: Chain of Custody and Identification of Real Evidence. s.l.: Case Western Reserve University (1983)Google Scholar
  16. 16.
    Saaralein, T.: Optimizing the performance of a dismounted future force warrior by means of improved situational awareness. Int. J. Adv. Telecommun. 5, 42–54 (2012)Google Scholar
  17. 17.
    OSForensics [Online] (2017). [Cited: 22 May 2017].
  18. 18.
    Mohseni, H.: Faraday Cage. University of Tehran High Voltage Lab, Tehran (2006)Google Scholar
  19. 19.
    Bussoletti, F.: Analisi Difesa [Online], 27 October 2016. [Cited: 22 May 2017].

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Luigi V. Mancini
    • 1
  • Andrea Monti
    • 1
  • Agostino Panico
    • 1
  1. 1.Dipartimento di InformaticaSapienza University RomaRomeItaly

Personalised recommendations