DEPARTMENT OF DEFENSE
DoD Forensic Science Lexicon
May 27, 2018
Department of Defense Forensic Science Lexicon
Page Count: 99 pages
Date: January 2018
Originating Organization: Defense Forensics and Biometrics Agency
File Type: pdf
File Size: 956,884 bytes
File Hash (SHA-256): 4C47BA0C862DB9F0E3775053480ED5715945EAEB78510D786286A554C8C2BDC1
The Department of Defense (DoD) performs forensic science in a collaborative environment which necessitates the clear communication of all activities and their results. A critical enabler of communication is the use of a clear, internally consistent vocabulary.
The goal of the Department of Defense Forensics Lexicon is to provide an operational vocabulary to address Forensics. A shared vocabulary enables a common understanding of Forensics, enhances the fidelity and the utility of operational reporting, facilitates structured data sharing, and strengthens the decision making processes across the DoD.
This lexicon encompasses the broad spectrum of scientific disciplines, processes, and equipment associated with performing forensic activities. Additional terms include those related to the programmatic support domains (e.g., doctrine, policy, standards, and accreditation) which enable forensic activity within the DoD.
Excluded from this lexicon are terms and definitions that describe the various types of Improvised Explosive Devices (IEDs) and the specific components of IEDs, as those have been previously defined in other well established lexicons.
This Department of Defense Forensics Lexicon was authored by subject matter experts from key organizations and agencies engaged in the full range of forensic activities and the personnel that provide programmatic support to those experts. It was then staffed multiple times across the Defense Forensics Enterprise in order to obtain support and consensus.
The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.
UAS FACILITATE PHYSICAL ACCESS TO UNSECURED SYSTEMS
UASs provide malicious actors an additional method of gaining proximity to networks and equipment within critical infrastructure sectors. Malicious actors could then use the proximity provided by a UAS to wirelessly exploit unsecured systems and extract information from systems they cannot otherwise access remotely or may not be able to access due to range limitations. This includes networks and devices within secured buildings, as well as networks and devices behind fencing and walls.
UASs can also allow a malicious actor to wirelessly exploit vulnerabilities from a distance (figure 1). The prevalent ownership and operation of UASs by the general public, the distance from which UAS can be operated, and a lack of tracking data can also provide malicious actors a level of anonymity that otherwise may not be available. UASs, in particular UASs, are typically more difficult to detect than a malicious actor attempting to trespass beyond physical barriers.
UAS FOR WIRELESS SYSTEM EXPLOITATION
Malicious actors could utilize UASs in order to wirelessly exploit access points and unsecured networks and devices. This can include using UASs in order to inject malware, execute malicious code, and perform man-in-the-middle attacks. UASs can also deliver hardware for exploiting unsecured wireless systems, allowing malicious actors persistent access to the wireless system until the hardware is detected or runs out of power. While OCIA does not know of a confirmed incident utilizing UASs to exploit wireless systems, researchers have demonstrated this capability.
MALICIOUS ACTORS CAN EXPLOIT COMPROMISED UAS
While UASs can be used as a tool for an attacker, they are also vulnerable to exploitation. Many commercial UAS variations, for example, currently communicate with ground stations and operators using unencrypted feeds. This can allow a malicious actor to intercept and review data sent to and from the UAS.