Special Ops wants next-gen device-cracking tools
- By Defense Systems Staff
- Nov 19, 2014
Special Operations Forces are looking for the next generation of devices that allow them to quickly crack into computing devices retrieved on the battlefield.
In a request for information, the Special Operations Command said it, along with other organizations within the Defense Department and Intelligence Community, wants to evaluate the latest tactical Document and Media Exploitation, or DOMEX, tools, and sets strict timeframes for what those tools can accomplish.
When forces come across a PC, smartphone, tablet or other device while on a mission, they want to extract as much information from it in a little time as possible. DOMEX, or sometimes just document exploitation, has been a regular tool for the armed forces in combatting terrorists, as they often recover devices and documents in a variety of formats and languages that could hold key information. In many cases, speed is the key to recovering and translating data.
In its solicitation, SOCOM said it is looking for devices that, in addition to being effective, have intuitive interfaces and require only basic levels of training.
Within 15 minutes, in conditions SOCOM describes as “austere,” the devices should be able to extract files and associated information such as file names and hash numbers, obtain personal information ranging from user names to chat user names, produce a summary of what has been collected, and put it all into a format compatible with standard Windows apps such as Word or Excel.
In an hour or less, and back at a forward operating base or safe house with external communications, devices should also be able to collect forensic information, including user configurations, directory structure, date and time stamps, user-created metadata, and keywords and phrases in applicable languages, and then compare that information to an external database or watch list.
Within eight hours, in an operating base, safe house or Expeditionary Analysis Center, SOCOM wants to be able to do further analysis, such as examining whether files have been stored in default or alternate locations, determine the relationship between files and do further comparisons of the data to watch lists.
And eventually, without time constraints, the devices should be able to separate “cleaned” and “dirty” files and do a full deep dive of the system, analyzing multiple media images at once, and identifying any software used to delete or conceal activities, such as cryptography, steganography, secure deletion and shredder programs.