Digital Forensics in a Cyber Warfare Context

The paper explores the application of digital forensics techniques to cyber warfare scenarios. A common accepted taxonomy for digital forensics (and antiforensics) activities, techniques, procedures and work flows does not yet exist but guidelines and even international standards have given the field a framework: this paper explores how digital forensics can be logically framed in the context of cyber warfare. The attribution of a cyber attack is widely considered a fundamental aspect to be resolved before the formulation of every cyber strategy by nation-states. Digital forensics procedures and protocols established in civilian contexts can be adopted by military and intelligence bodies. The paper explores the field of digital forensics as applied to cyber warfare, mainly for defensive and intelligence operations. It proposed a taxonomy for digital forensics activities and on the time dimension how it is applied to the phases of forensic operations: prioritization, collection, acquisition, analysis, interpretation, reporting/dissemination, detailing a model that tailors techniques to military context, giving also a review of existing literature. Defensive and intelligence activities also need knowledge of the range of anti-forensics techniques applied by counterparts, so an analysis of the anti-forensics arsenal and how it correlates with forensics processes is conducted. In the conclusion the paper shows the cardinal role of digital forensics (postattack and in readiness processed) even in military activities and the value of concepts developed in the civilian world, albeit adapted.