Authors: Heather M.B. Dussault (SUNY Institute of Technology), Chet J. Maciag (Air Force Research Laboratory, Information Directorate)
DFRWS USA 2004
Derived from personal observations of the differences between winning a losing a dogfight, the ability rapidly move through a decision cycle of observing, orienting, deciding and acting (i.e., Boyd’s OODA loop) is a central concept in modern military command and control (C2). The OODA loop, the digital forensic science process, and protect-detect-assess-respond processes are briefly described, compared and contrasted. The first three steps of the OODA loop (observe, orient, and decide) map reasonably well onto the digital forensic science process and indicate that many digital forensic tools and techniques may well find use in cyber command and control processes. Attributes of digital forensic processes suitable for implementation in cyber C2 systems are described and implementation issues are discussed. One thing that was missing in the digital forensic science process that was present in the OODA loop is the link from decision to action. In establishing digital forensics capabilities in cyber C2 systems, the potential to establish links between decision-making and actions would naturally exist and allow digital forensics to expand into new capacities and capabilities in such broad areas as planning tools; decision support; wargaming, exercises and experiments; and predictive battle management.