Improvised Explosive Device Anatomy and Triage

The main charge is the largest single explosive component by mass, the element whose detonation delivers the primary blast effects. In improvised devices, the main charge is almost always one of a small set of energetic materials determined by local availability, chemical precursor access, and the technical knowledge of the constructor. The forensic task is to identify which one, as early as possible in the post-blast investigation, because the answer directs the supply chain inquiry and the intelligence linkage to previous incidents.

Triacetone triperoxide (TATP) is among the most commonly encountered improvised explosives globally, used in devices linked to al-Qaeda-affiliated networks in Europe from the 2005 London bombings (where TATP was the main charge in three of the four devices) through the 2016 Brussels attacks and the 2017 Manchester Arena bombing. TATP is synthesised from acetone, hydrogen peroxide, and an acid catalyst, all readily available at consumer grade. Its synthesis requires no specialised equipment but is hazardous (spontaneous decomposition and flash ignition during preparation are well-documented causes of pre-incident injuries in constructor networks). Post-blast, TATP leaves residues of acetone and hydrogen peroxide in addition to the parent compound, identifiable by GC-MS (parent compound elutes at m/z 222 for the cyclic trimer). Its detonation velocity of approximately 5,000 m/s and its characteristic crystalline appearance (white powder or plates before initiating) are additional identifiers.

Ammonium nitrate fuel oil (ANFO) has been the most widely used large-device main charge in political and criminal bombing campaigns from the Provisional IRA (the 1996 Manchester bomb, approximately 1,500 kg ANFO, commercial AN prills sourced from agricultural supply) through the 1995 Oklahoma City bombing (approximately 2,300 kg ANFO in the Ryder truck used by Timothy McVeigh) and multiple mining-linked improvised explosive incidents in the Maoist insurgency corridor in central India. Ammonium nitrate is a fertiliser and industrial chemical available at scale; fuel oil is the fraction typically sourced from diesel or heating oil. Post-blast, AN residue is identified by ion chromatography as the nitrate and ammonium ion pair. The prill structure of undetonated AN is visible under scanning electron microscopy.

Urea nitrate is a simpler improvised oxidiser-based explosive produced from urea (a garden fertiliser) and dilute nitric acid or urea and ammonium nitrate in solution. It was the main charge in the 1993 World Trade Center bombing in New York (a 680 kg urea nitrate device concealed in a Ryder truck, constructed by a network linked to Ramzi Yousef). Post-blast identification relies on ion chromatography for the nitrate and urea moieties, and GC-MS for organic residues. Urea nitrate is hygroscopic and more sensitive to moisture than ANFO, limiting shelf life in humid environments.

Military explosives (RDX in Composition C-4 or in Semtex, PETN, or TNT) are encountered in devices supplied through military theft, corrupt arms networks, or state sponsorship. C-4 consists of approximately 91% RDX with a binder of mineral oil and polyisobutylene. Semtex is a PETN-RDX mixture (originally approximately 76% PETN and 6% RDX in Semtex-A, or approximately equal proportions in Semtex-H) manufactured by Explosia a.s., Czech Republic. Post-blast, RDX is identified by GC-MS (m/z 222, 176, 120); PETN by m/z 316 parent and characteristic fragment ions; Semtex by the combination of PETN and DMDNB taggant. The presence of military explosive in a post-blast residue profile has significant intelligence value, pointing to a military or professional commercial supply chain rather than improvised synthesis.

A detonator (or initiator) is a small, highly sensitive explosive assembly designed to convert an electrical, thermal, shock, or chemical input into a detonation wave sufficient to initiate the main charge. In the IED model, the detonator bridges the switch and power source on one side and the main charge on the other. Its sensitivity distinguishes it from the main charge: most main charge materials require a significant initiating impulse (a strong detonator output wave) to reliably detonate, which is by design a safety feature in legitimate commercial explosive use.

Commercial electric detonators consist of a metallic shell (typically aluminium, 6 to 7 mm outer diameter, 40 to 80 mm length) containing a primary explosive (lead azide or PETN) and a bridgewire (typically a fine-gauge nichrome or tungsten wire, 0.02 to 0.05 mm diameter) that heats to ignition temperature when a current of approximately 1 to 2 amperes passes through it. Major manufacturers include Dyno Nobel (US/Australia/Norway), Orica (Australia/global), Schlumberger (US), and Premier Explosives Limited (India). Each manufacturer's detonators have characteristic shell dimensions, wire gauge, and initiating charge formulation that allow forensic identification even from post-blast fragments. In India, commercial detonators are licensed under the Explosives Act 1884 and Explosives Rules 2008; theft from licensed mining and quarrying operations has been the primary source in Maoist IED construction in Chhattisgarh, Jharkhand, and Odisha.

Non-electric detonators use a shock tube (a plastic tube with a reactive inner wall coating of PETN and aluminium) instead of an electric bridgewire. The shock tube transmits a low-pressure detonation wave from an initiating device (a detonator or a mechanical initiator) to the detonator cap. Non-electric systems are preferred in environments where stray electrical current (lightning, radio frequency, static) poses a hazard. Post-blast, shock tube fragments (thin-walled plastic tubing with a distinctive inner coating residue) are diagnostically important. The NATO STANAG 2984 and ISO 8825 standards govern commercial detonator dimensions and performance testing.

Improvised detonators, constructed from primary explosives sourced or synthesised by the device constructor, lack the reliable initiating threshold of commercial units and are more likely to cause unintended initiation during assembly. Mercury fulminate, silver azide, DDNP (diazodinitrophenol), and lead styphnate have all appeared in improvised detonator components recovered from device workshops in the UK, US, Spain, and Pakistan. Improvised detonators are identifiable post-blast by the absence of commercial manufacturing signatures (uniform shell dimensions, crimp patterns, manufacturer codes) and by the presence of unusual primary explosive residues in the detonator position within the device.

The firing switch is the element that connects (or disconnects) the power source to the detonator initiation circuit. Switch design is a statement of tactical intent: a victim-operated switch targets people who move through a space; a command-initiated switch targets a specific person or vehicle at a specific moment; a timer targets a place at a specific time; and an anti-handling switch targets anyone who tries to intervene with the device.

Victim-operated switches (VOS) include pressure plates (two metal plates separated by a compressible spacer, completing the circuit under the weight of a person or vehicle); trip wires (a wire stretched across a path, completing or breaking a circuit when displaced); tension-release switches (spring-loaded contacts held open by a wire, releasing when the wire is cut or breaks); and pressure-release switches (completing a circuit when a weight is removed, targeting the act of lifting a package). VOS devices were the dominant IED type in the IRA campaign in Northern Ireland through the 1970s to 1990s and in Taliban IED operations in Afghanistan from 2006 onward, where pressure-plate devices buried in roads and paths caused the majority of ISAF vehicle and foot patrol casualties. US JIEDDO counter-IED analysis reports (declassified summaries published 2010 to 2014) document the systematic evolution of pressure-plate design in Afghanistan from simple copper-sheet plates to vinyl-coated plates designed to defeat metal detector detection.

Command-initiated switches use a remote signal to complete the initiation circuit. Radio-frequency (RF) command switches use a commercially available or improvised radio receiver connected to the firing circuit; the operator transmits a coded or uncoded signal from a safe standoff distance. Infrared command switches require line-of-sight between transmitter and receiver. Cellular (mobile phone) command switches use the ring, vibrate, or battery-activation signal of a mobile phone to trigger a relay in the firing circuit. Cellular command switches allow initiation from any distance with cellular coverage and provide a time-delay option (call the number at the moment of the target's approach). Forensic analysis of cellular command switches at post-blast scenes focuses on recovering the SIM card, handset, and relay circuit fragments; the SIM card, even if partially destroyed, may retain the network-assigned IMSI number, which allows CDR (call data record) subpoena from the network operator to identify the caller. This technique was applied in the 2002 Bali bombing investigation, where cellular switch circuitry recovered from the Sari Club scene linked to CDR evidence.

Timer switches use mechanical (clockwork) or electronic (digital timer chip) delay to initiate the device at a preset time after arming. Mechanical timers leave distinctive clockwork spring and cog fragments that survive post-blast; digital timer circuits leave PCB (printed circuit board) fragments. Timer-based devices were used in several IRA attacks on infrastructure in the 1980s (including the Brighton hotel bombing, 1984, targeting the UK Cabinet) and in the 1988 Lockerbie bombing (Pan Am Flight 103), where a Swiss MST-13 timer chip fragment was recovered from clothing debris in Scotland and traced to a specific manufactured batch supplied to the Libyan intelligence service.

Anti-handling devices (AHD) are secondary circuit elements that initiate the device if it is moved, tilted, lifted, or tampered with. Common AHD types include tilt switches (a mercury or ball-bearing switch that completes the circuit when inclined beyond a threshold angle), trembler switches (a suspended pendulum contact that closes on vibration), tension-release switches (as described above, where the tension is provided by the device's own weight or attachment), and light-dependent resistors that close the circuit when a package is opened (breaking a light seal). AHDs are specifically designed to defeat EOD render-safe procedures and have caused EOD operator fatalities. The UK DEMSS, US EOD units, and India BDDS all maintain classified training programmes on AHD typology and render-safe technique.

The power source provides the electrical energy to bridge the initiating threshold of the detonator. In the majority of IEDs, this is a battery, ranging from a 9V PP3 (the most commonly recovered type in Northern Ireland IRA devices per UK DEMSS historical records) to 12V car batteries in vehicle-borne IEDs or multiple AA cells wired in series for higher voltage requirements. Lithium polymer (LiPo) batteries, originally developed for RC aircraft and drone applications, have appeared in more recent IED power source configurations because of their high energy density and light weight. Battery type, brand, and manufacturing batch can be forensically identified from recovered terminal fragments, cell casing residues, and electrolyte chemistry; matched against purchase records, this has contributed to network identification in several UK Counter Terrorism investigations.

Power source selection reflects tactical and operational constraints. A cellular command switch requires power only for the standby state of the phone and the relay trigger; a 3.7V lithium cell is sufficient. A pressure-plate VOS requires no battery at all if the main charge can be initiated by a sufficiently energetic primary switch arc (though in practice most VOPs include a battery circuit for reliability). A timer-initiated device must maintain power for the duration of the delay, which for multi-day timer devices in IRA infrastructure attack operations required sealed lead-acid gel cells of 6 to 12 Ah capacity.

The container is the physical housing of the device, determining its visual profile (how it appears to the intended victim), its structural confinement (which affects brisance and fragmentation), and its concealment method. Common container types and their forensic signatures:

Pressure cookers, used in the 2013 Boston Marathon bombing (two 6-quart aluminium pressure cookers packed with TATP main charge, BBs and nails as fragment augmentation, and 9V battery initiating circuits concealed in nylon backpacks), leave post-blast fragments of the aluminium vessel body and lid, with characteristic spigot and gasket remnants. The brand, model, and production year of the pressure cooker can often be identified from lid handle fragments, allowing online purchase record subpoena.

Pipe bombs (steel or PVC pipe, end-capped) are the most common low-sophistication IED container globally. The pipe provides confinement that lowers the effective critical diameter of the main charge and directs fragment projection radially. Post-blast, pipe threads, end-cap fragments, and nipple remnants are recovered with the grid search. Thread pitch and pipe diameter are dimensionally distinctive and can narrow the supply source.

Vehicles (VBIED, vehicle-borne IED) use the vehicle body as both container and fragment augmentation. Post-blast vehicle component identification (VIN plate fragments, engine block numbers, axle and suspension markings) provides vehicle identity independent of registration plate evidence.

Briefcases, bags, and packages conceal the device as an ordinary object in the target environment. Post-blast fabric, zipper hardware, buckle fragments, and foam padding are recoverable. Fabric pattern and brand label can link a device to a purchase record.

IED triage is the process by which an EOD operator, working within the constraints of time, standoff, and available equipment, assesses a suspect device and decides on a render-safe course of action. The triage framework used by the UK's Ammunition Technical Officers (ATO, the Army designation for EOD operators trained at DEMSS) and by the Metropolitan Police MO19 Explosives Officers follows a structured sequence that maps directly onto the six-element IED model.

The initial approach phase uses standoff observation (binoculars, cameras mounted on remote vehicles, robot camera systems such as the iRobot Packbot or Northrop Grumman Andros F6A) to characterise as many of the six elements as can be observed without physical contact. Can the container be identified? Is any wiring or circuitry visible? Is there evidence of AHD (a visible tilt switch, a tension wire, a mercury tube)? What is the probable main charge type from external indicators (container shape, size, visible crystalline material, smell if accessible)?

The second phase is standoff disruptive action if the threat and time available require it. Water-jet disruptors (the Marksman, manufactured by Med-Eng, now part of Safariland; or the BATT, Bomb Access Total Takeout Tool, used by UK EOD) fire a high-velocity water jet at the detonator or initiation circuit to physically separate the circuit before initiation can occur. The intent is to disrupt the initiation circuit without initiating the device; the water jet acts faster than the detonator bridgewire can heat to ignition temperature. This technique is the preferred standoff render-safe method for devices where a direct approach is unsafe and where the detonator position has been identified.

The third phase is manual approach and render-safe if standoff action is not available or not appropriate (for example, if the device has been identified as having no AHD and direct circuit severance is required). ATOs in the UK and EOD technicians in the US (trained under US Army TRADOC IED doctrine) approach with personal protective equipment (EOD suit, Kevlar-reinforced boots, face shield) and use manual tools to physically sever the initiation circuit. Manual approach was the method used by ATOs in many Northern Ireland operations; it is now reserved for lower-risk device types or for situations where the standoff option has failed.

In the US context, ATF Special Agent Bomb Technicians and FBI Hazardous Device School-certified (HDS) technicians follow the FBI/ATF Bomb Technician Certification Programme's triage checklist, which is aligned with the IABTI (International Association of Bomb Technicians and Investigators) standardised triage protocol. In India, BDDS units are trained by the CRPF and the Central Industrial Security Force; the published standard operating procedures are classified, but open-source National Institute of Criminology and Forensic Science (NICFS) training materials reference the same six-element model as the organisational framework.

1. Cordon and evacuation
   Establish a minimum safe standoff cordon (per device size estimate and explosive type hypothesis). Evacuate the public and unnecessary personnel before any technician approach.
2. Standoff observation and characterisation
   Use binoculars, robot camera, or pole-mounted camera to characterise the visible elements: container type, wiring, power source access, visible switches, AHD indicators.
3. Six-element hypothesis
   Record a working hypothesis for each of the six elements based on observable and intelligence information. This drives the render-safe decision.
4. Disruptive or manual render-safe
   Apply the safest available render-safe technique: standoff water-jet disruption if the detonator position is identified; manual circuit severance if risk assessment and access permit; total containment and controlled detonation if neither is viable.
5. Post-render-safe technical exploitation
   Once safe, conduct detailed forensic documentation of all six elements in situ before any component is moved. Photograph every component and its position. Exhibit all recoverable components.
6. Scene handover to post-blast or live-device investigation team
   Transfer exhibits with chain-of-custody documentation to the forensic investigation team. Complete the IED report (IEDDTU format or equivalent) for intelligence databases.

The relationship between post-blast forensic analysis and bomb-disposal doctrine is iterative and formalised in the institutional structures of major counter-terrorism programmes. The US JIEDDO was established in 2006 specifically to accelerate the feedback loop from IED incidents in Iraq and Afghanistan to doctrine, training, and technology deployment. It operated as a joint organisation drawing on all US military services and relevant civilian agencies, and its successor (JIDA) continues to publish quarterly IED threat analysis reports. The core feedback mechanism is the IEDDTU (IED Exploitation Data Transfer Unit) report, completed for every recovered or post-blast device, capturing all six-element characterisations, forensic findings, and tactical circumstances.

In the UK, the Terrorism and Allied Matters (TAME) database, maintained by Counter Terrorism Policing and the Home Office, aggregates post-blast forensic findings from every significant device incident in the UK and from allied jurisdictions via Interpol's IEDDI (IED Intelligence) programme. FEL Porton Down contributes analytical findings on each recovered residue or device component; these feed into the device signature library used by all UK Counter Terrorism and EOD units.

Key specific lessons that have changed doctrine:

The Lockerbie bombing (1988) introduced the principle of full-aircraft-wreckage forensic recovery as a mandatory post-blast protocol for aviation bombings. The recovery of a fragment of Swiss MST-13 timer circuit board from a field in Lockerbie, traced by the FEL and FBI to a specific Zurich manufacturer (MEBO AG) and a specific customer (Libyan intelligence), established that nanogram quantities of forensic material from a high-energy detonation could survive and be traced. The Aviation Security (Scotland) Act 1990 and the subsequent UK Air Navigation Order requirements for explosive detection in hold baggage were direct legislative outcomes.

The Oklahoma City bombing (1995) drove changes in ammonium nitrate supply monitoring in the US. The subsequent Anti-Terrorism and Effective Death Penalty Act 1996 introduced taggant requirements for AN-based blasting agents (though full implementation has been incomplete). In the EU, Regulation (EU) 98/2013 on the marketing and use of explosive precursors restricts retail purchase of ammonium nitrate above 16% nitrogen concentration and requires end-user licensing for commercial purchases. India's Explosives (Amendment) Rules 2010 tightened record-keeping requirements for AN-based commercial explosives, driven partly by Maoist device incident analysis.

The 7 July 2005 London bombings (TATP as primary charge) accelerated the deployment of IMS (ion mobility spectrometry) detection portals in UK transport hubs and the development of TATP-specific detection algorithms for existing Smiths Detection (now Smiths Group) and L-3 Technologies portal scanners. The TATP detection capability gap exposed by 7/7 was documented in the Intelligence and Security Committee report and drove EU-wide harmonisation of explosive detection standards under the ECAC (European Civil Aviation Conference) Doc.30 framework.