Techniques

Contents

Techniques are what an adversary does to prevent you from achieving your goals.

Matrix

A screenshot of the Matrix page.

The Matrix provides an overview of all the tactics and techniques, as well as buttons that allow you to hide or show specific techniques. Click on the image to access it.

List

NameDescription
Alarm systems

Alarm systems are mechanisms that protect physical or digital infrastructure by sending an alert signal when unauthorized access to the infrastructure is detected. The alert signal can lead to the rapid intervention of security guards or law enforcement in order to investigate the situation.

Biased interpretation of evidence

Biased interpretation of evidence is the practice of interpreting evidence in favor of a particular point of view.

Covert house visit

A covert house visit is a discreet visit of a residence conducted by an adversary when the occupants are not present.

Covert surveillance devices

Covert surveillance devices are electronic devices hidden by an adversary to collect data: audio, video, and location data.

Audio

Covert audio surveillance devices are electronic devices, typically microphones, hidden by an adversary to collect audio data.

Location

Covert location surveillance devices are electronic devices hidden by an adversary to collect location data.

Video

Covert video surveillance devices are electronic devices, typically cameras, hidden by an adversary to collect video data.

Detection dogs

Detection dogs are dogs that have been trained by an adversary to detect certain substances, primarily through their sense of smell.

Door knocks

Door knocks are when an adversary comes knocking where you live to intimidate you or get information. Door knocks aim to intimidate or create paranoia, to see who is willing to talk and possibly be recruited as an informant, and to gather information from the people who do talk.

Doxing

Doxing is the practice of publishing a target's personal information without their consent in order to harm them or encourage others to harm them. It is most often used by non-State adversaries.

Evidence fabrication

Evidence fabrication is the creation of fake evidence, or the falsification of real evidence, to incriminate a target.

Forensics

Forensics is the application of science to investigations for the collection, preservation, and analysis of evidence. It has a broad focus: DNA analysis, fingerprint analysis, bloodstain pattern analysis, firearms examination and ballistics, toolmark analysis, serology, toxicology, hair and fiber analysis, footwear and tire tread analysis, drug chemistry, paint and glass analysis, linguistics, digital audio, video, and photographic analysis, etc.

Arson

Arson forensics (also known as fire investigation) is the application of science to the investigation of arson. Arson forensics has two distinct phases: fire scene investigation, which focuses on evidence at the scene of the fire, and fire debris analysis, which focuses on evidence removed from the scene and analyzed in a laboratory.

Ballistics

Ballistic forensics (also known as firearm examination) is the application of science to the investigation of firearms and bullets. When a bullet is fired from a gun, the gun leaves microscopic marks on the bullet and cartridge case. These marks are like ballistic fingerprints.

Digital

Digital forensics is the retrieval, storage, and analysis of electronic data that can be useful in investigations. This includes information from computers, phones, hard drives, and other data storage devices.

DNA

DNA forensics (also known as DNA analysis) is the collection, storage, and analysis of DNA traces for the purpose of matching DNA traces to individuals.

Facial recognition

Facial recognition is the analysis of the features of human faces for the purpose of matching one face to another.

Fingerprints

Fingerprint forensics is the collection, storage and analysis of the impressions left by the ridges of human fingers.

Gait recognition

Gait recognition is the analysis of the walking style and pace of individuals, for the purpose of matching one walking style and pace to another.

Handwriting analysis

Handwriting analysis is the analysis of handwriting samples, typically for the purpose of matching one sample to another.

Linguistics

Forensic linguistics is the application of linguistic knowledge to identify the author of a text or the person behind a voice. Author identification (also called stylometry) is based on the analysis of certain patterns of language use: vocabulary, collocations, spelling, grammar, etc. Voice identification is based on speech sounds (phonetics) and the acoustic qualities of the voice.

Trace evidence

Trace evidence is the tiny fragments of physical evidence that can be transferred between objects, or between objects and the environment. This transfer can occur when two objects touch, or when small particles are dispersed by an action or movement. Trace evidence can be analyzed to establish links between people, objects, and places.

Guards

Guards (also known as security guards) are people employed by an adversary to protect buildings or other physical infrastructure.

House raid

A house raid is a surprise visit of a residence conducted by an adversary to seize items, arrest occupants of the residence, or install cover surveillance devices.

ID checks

An ID check (short for identity check) is the process by which the State verifies a person's identity by asking them for their personal information, requiring them to produce a government-issued ID document, or taking their biometric information (face photograph, fingerprints, DNA) and comparing it against a database. An ID check can be a pretext for questioning and pressuring, and can be followed by a search of the person's belongings.

Increased police presence

Increased police presence is the process by which the police increase their presence in a particular place and time for two reasons: to intimidate, and to improve their options for intervention and their responsiveness.

Infiltrators

An infiltrator is someone who infiltrates a group or network by posing as someone they are not in order to gain information or destabilize the group or network. They may come from police, intelligence or military forces, from a private company or contractor, or they may act for ideological reasons or under duress (e.g., they are told they will be imprisoned if they don't work as an infiltrator).

Informants

An informant (or snitch) is someone from inside a group or network recruited by an adversary to provide information on the group or network.

International cooperation

International cooperation is the exchange of information between law enforcement and intelligence agencies of different countries.

Interrogation techniques

Interrogation techniques are the methods used by an adversary to obtain information from people during interrogations.

Mass surveillance

Mass surveillance is the large-scale surveillance of an entire or substantial portion of a population. It is the surveillance baseline of our society.

Civilian snitches

Civilian snitches are people who are not part of an adversary's security force, but who would inform the adversary if they saw something suspicious.

Mass digital surveillance

Mass digital surveillance is the large-scale collection, storage, and analysis of the digital communications of an entire or substantial portion of a population.

Police files

Police files are physical or digital records maintained by law enforcement agencies. Police files contain vast amounts of data about many things, are kept indefinitely or for long periods of time, and can be efficiently analyzed and cross-referenced using digital tools.

Video surveillance

Mass video surveillance (also known as close-circuit television, or CCTV) is the large-scale collection, storage and analysis of video and audio data from video surveillance cameras. Mass video surveillance aims to capture the identity of people who pass through a space and to extend its coverage to as much space as possible. Some countries now have more surveillance cameras than citizens.

Network mapping

Network mapping is the process by which an adversary gains insight into the organization and social relationships of a given network. By gaining this insight, an adversary can select individuals for additional scrutiny, arrest, or recruitment as informants.

Open-source intelligence

Open-source intelligence (OSINT) is the collection and analysis of data from open sources (social medias, news media, blogs, forums, public records…).

Parallel construction

Parallel construction is the unlawful law enforcement process of building a parallel, or separate, evidentiary basis for an investigation in order to conceal how an investigation was actually conducted.

Physical surveillance

Physical surveillance is the direct observation of people or activities for the purpose of gathering information. A physical surveillance operation is typically conducted by one or more surveillance teams, which consist of specially trained personnel called surveillance operators.

Aerial

Aerial physical surveillance is the direct observation of people or activities from the air for the purpose of gathering information. In many countries, helicopters have traditionally been the predominant tool for this purpose. As drones become less expensive, their use is becoming more common. Surveillance planes are also occasionally used and are much more covert than helicopters.

Covert

Covert physical surveillance is the direct observation of people or activities when the surveillance operators do not want to be detected by their targets.

Overt

Overt physical surveillance is the direct observation of people or activities when the surveillance operators intend to be, or do not mind being, detected by their targets. This is common practice at demonstrations and gatherings to identify participants, whether to facilitate network mapping or to incriminate individuals for actions carried out during the demonstration.

Physical violence

Physical violence is the use of physical force by an adversary to intimidate a target or its network, incapacitate a target, or coerce a target into revealing information.

Police patrols

Police patrols are the law enforcement practice of traversing a particular area to monitor and secure it. Police may conduct patrols either as a routine operation or in response to a perceived threat in an area.

Service provider collaboration

Service provider collaboration is the process by which an entity that has information about you because it provides a service to you provides that information to an adversary. Service provider collaboration can provide both current and historical information.

Mobile network operators

Mobile network operators can provide information about you to an adversary.

Other

Service providers other than mobile network operators can provide information about you to an adversary.

Targeted digital surveillance

Targeted digital surveillance is the targeted collection and analysis of digital data and communications.

Authentication bypass

Authentication bypass is the process by which an adversary bypasses the Full Disk Encryption that protects access to a digital device. An adversary can achieve authentication bypass through human error, weak passwords, or technical exploits.

IMSI-catcher

An IMSI-catcher (also known as a Stingray) is a device used to collect information about all mobile phones that are turned on in a limited area (from a few meters to several hundred meters) around it. A passive IMSI-catcher simply listens to the traffic, while an active IMSI-catcher acts as a “fake” cell tower between the phones and the legitimate cell towers.

Malware

Malware is malicious software installed on a digital device such as a computer, server, or mobile phone, to compromise the device. Malware can do many different things, but against anarchists and other rebels, it typically aims to gain visibility into the compromised device through remote screen capture and remote keylogging (recording the keys pressed on a keyboard), and to track the location of the device (in the case of phones).

Network forensics

Network forensics is the monitoring and analysis of network traffic.

Physical access

Physical access is the process by which an adversary physically accesses an electronic device in order to access its data or compromise it.