Exfiltration via External Device Video Capture

A subject records sensitive information by capturing video using an external device, such as a personal mobile phone or standalone camera. This behavior typically involves filming screens, documents, or physical environments where sensitive information is displayed or discussed.

Unlike software-based screen recording or screenshot tools, this method operates outside corporate control boundaries. The capture process occurs entirely outside the monitored endpoint, bypassing data loss prevention (DLP), endpoint detection, and audit logging mechanisms.

This technique is commonly observed in controlled environments where digital exfiltration is restricted or heavily monitored. It may be opportunistic (such as quickly recording a screen) or deliberate, involving repeated capture of large volumes of information over time. The use of an external device can indicate subject awareness of monitoring controls and an intent to avoid traceable data transfer.