CHARLESTON, SOUTH CAROLINA – A woman is murdered in her home. Her husband is home at the time but says he didn’t do it. The only possible clues to solving the crime lie in a smart TV, mobile phones, a voice-controlled intelligent personal assistant (Echo), a router, cloud data and network capture.
That’s the scenario members of Space and Naval Warfare Systems Center (SSC) Atlantic’s Navy Cyber team solved to take both first place and the grand prize in a Digital Forensics Challenge that featured competition with academic and professional digital forensic investigators from around the world.
The SSC Atlantic team performed digital forensics analysis, wrote software and developed tools to extract information from the various internet of things (IoT) digital evidence artifacts. They provided a solution that not only proved the innocence of the husband, but identified the woman’s boyfriend as the murderer. They also produced a field-ready digital forensics tool that could be used in other cases.
The scenario, according to SSC Atlantic Secure Software Analysis Supervisor Joshua Lewis, was based on an actual case in which Echo data was used to solve a crime. Lewis had to develop the tools to combine and analyze the data in order to expose and visualize patterns of interest. They displayed the information on a graphical timeline given the estimated time of the woman’s death. They were able to corroborate statements from the husband about when he was watching TV, and to gather information from sensors in the room that were synchronized to smart devices in the house and indicated when doors were opened or locked.
The competition was part of the annual Digital Forensics Research Workshop (DFRWS) USA conference. Held this year from July 15 to 18 in Providence, Rhode Island, DFRWS has been bringing together academic researchers and digital forensic investigators and practitioners to present and discuss research papers since 2001. The DFRWS challenge addresses three major objectives that also align to SSC Atlantic’s digital forensics mission: incorporating a rigorous scientific method in the evolving discipline of digital forensic science; performing research that considers practitioner requirements, multiple investigative environments and real world usability; and producing conclusive, persuasive evidence that meets the heightened scrutiny of the courts and other decision-makers in military and civilian environments.
Lewis said SSC Atlantic teams have participated in these types of digital forensics challenges before, but this competition was more focused on some of the biggest challenges of forensics. The conference gave the team a chance to engage with and learn from leading digital forensics professionals in academia and the commercial sector. The gathering was attended by internationally recognized digital forensics experts Dr. Eoghan Casey, Ph.D., and Dr. Brian Carrier, Ph.D., and also featured training from Facebook and Google digital forensics specialists. The team also had the chance to see the latest forensic tools released in the scientific and academic communities.
“It was a great conference,” Lewis said. “There were only about 100 participants and everyone was very approachable, so there were lots of opportunities for networking.” Noting that digital forensics can be at the mercy of the software tools that are available, he said this competition was especially valuable because it allowed the team to do more work on the tool development side, not just analysis.
“This competition helped us develop skills and tool sets for forensics cases where tools don’t exist … tools that could extract information to determine what took place, and then to display the events in a user interface that is easy to view and interpret,” Lewis said. The team developed the tools, extracted the evidence and produced a report to detail the findings. Contest submissions were reviewed and evaluated by Casey and Carrier.
“This competition really challenged us to stretch out and learn new analysis methods,” said team member Randy Sharo, who was also the principal investigator for a fiscal year 2018 Naval Innovative Science and Engineering (NISE) project team that performed research and prepared the challenge submission. “I'm looking forward to applying these new techniques in other project areas."
For a government team to win this type of challenge competing against world-class academic and professional digital forensics teams was very noteworthy, Lewis said. While the team’s efforts resulted in a win at the challenge, it also represents a big win for SSC Atlantic.
In addition to rubbing elbows with digital forensics academics and professionals, who are at the top of the field, and winning the grand prize (a $1,000 award, which the team turned over to the U.S. Treasury), Lewis said the challenge also helped raise the visibility of SSC Atlantic as a center of excellence for digital forensics.
“Any time we can make more contacts within the forensics community and increase our skill sets, we are helping increase SSC Atlantic’s brand recognition and enabling our portfolios to win and execute new work,” Lewis said.
This most recent challenge was directly aligned to SPAWAR’s efforts in mobility forensics, cloud, IoT and supervisory control and data acquisition (SCADA) technology growth areas. From this experience the team learned new tools, techniques and alternative methodologies that can be brought to bear on Navy, Marine Corps and Joint programs.
Not content to rest on their laurels, the team has already requested to participate in the 2019 DFRWS Challenge. While next year’s challenge has not been announced yet, Lewis thinks it will likely continue to focus on cloud, IoT, and SCADA, perhaps expanding into the Invisible Internet, The onion Router (ToR) forensics, Darkweb and other topics.
“We look forward to any opportunity to help SSC Atlantic maintain a leadership role in the field of digital forensics, data analysis, and cyber tool development,” Lewis said. “The skillsets we attain enable us to offer current and prospective sponsors the capability to develop custom tools for transition to their own environments. This allows us to increase the services we offer as well as increase the speed to capability for delivering new cyber warfighting capabilities."
SSC Atlantic provides systems engineering and acquisition to deliver information warfare capabilities to the naval, joint and national warfighter through the acquisition, development, integration, production, test, deployment, and sustainment of interoperable C4ISR, cyber and information technology capabilities.