Thursday, January 24, 2008



In the first part of the series we were able to establish the difference between ICT security and forensics. We outlined that computer forensics is the acquisition, examination, and reporting of information found on computers and networks that pertain to a criminal or civil investigation, although the same processes and methods are applied to corporate and other "private" investigations. Forensic computing will in the immediate future increase in importance for Kenyan companies, legal practitioners and law enforcers. There are a number of underlying reasons that demand we pay more attention to cyber crime and our attendant capacity to investigate and prosecute cyber offenders.

The first is that cyber-crimes are particularly lucrative because they are generally non-violent crimes. Secondly these crimes yield high profits despite low investment and risk. Compare this with a bank robbery which requires considerable organization, financing and risk. Cyber crime has a relatively low risk of capture and if caught and convicted the result is usually a relatively short prison sentence. Computer forensics and digital investigations have become an integral part of police work in the new millennium. Computers are now as much a part of the modern law enforcement officer's daily routine as the fimbo, sidearm, two-way radio, or handcuffs.

At the heart of a computer forensic investigation is digital evidence. Everything that someone does on a computer or a network leaves traces. Locard’s Principle of Exchange states that any person who enters a scene of crime leaves something behind and takes something from the scene with them. This applies to the physical and digital realms. In this instance deleted files, registry entries to the internet history cache, automatic word backup files, e-mail headers and instant messaging logs give clues as to the intermediate servers through which information has traversed. Server logs also provide information about every computer host accessing a web site.

Obtaining digital evidence and maintaining its integrity and admissibility is achievable. The problem is in conducting a successful prosecution. At this point in time - 2008 - various challenges confront the cyber forensic investigator in Kenya. They are mainly legal, financial, scope of jurisdiction, training, the ubiquitous and dynamic access to the internet, ignorance and the absence of a supervisory authority. I want to briefly discuss these challenges.

Various countries have introduced legislation that directly deals with cyber crime while others have reformed and modified their existing criminal laws to include this emerging crime. However many countries do not have adequate legislation that addresses cyber crime and this includes Kenya. Cyber crime laws, for example, protect certain rights and assets such as privacy and identity by rendering illegal the interception and unauthorized access to digital data and resources privately owned. They also provide legal frameworks that assist forensic investigators in achieving successful prosecutions. The United Kingdom for example has introduced various legislative initiatives over time, meant to specifically address cyber crime. These include the Computer Misuse Act (1990), the Criminal Justice and Police Act (2001), the Police & Criminal Evidence Act (1984) and the Regulation of Investigatory Powers Act (2000) among others. In the United States of America, legislation has also been introduced to combat cyber crime for example the Patriot Act (2001), Homeland Security Act (2002), Prosecutorial Remedies and Tools Against the Exploitation of Children Today (PROTECT) Act among many others. The absence of an integrated cyber legal framework in Kenya provides a great challenge to successful local cyber crime investigations and digital evidence gathering efforts. The Kenya Communications Bill 2007 proposes to create a number of new offences and to prescribe the maximum punishments to be meted out on offenders. It mentions various offences. They include tampering with a computer’s programme source code, availing an electronic signature certificate for a fraudulent purpose, interfering with the operation of mobile telephone equipment, hacking into a computer system, unauthorized access and publishing obscene information in electronic form. It is well and good for the bill to list punishable offences and prescribe penalties. What the bill has failed to recommend and spell out is the legal process of cyber crime investigation and digital handling in Kenya. This is absolutely necessary because it translates to the rate of successful prosecutions. This issue is especially relevant to our investors, for example call centers, which need a legislative umbrella that safeguards their operations (i.e. identity details and data handling).

Another challenge that confronts forensic investigators in Kenya is jurisdiction. The internet is borderless. Serious crimes are now facilitated by the internet where cyber criminals are in one country while the victims are located in another. Trans-national computer crime has emerged as a mounting problem due to the global nature of the internet. Developing countries are especially vulnerable due to the presence of inadequate cyber crime legislation. While international offending is by no means a uniquely modern phenomenon, the global nature of cyberspace significantly enhances the ability of offenders to commit crimes in one country which will affect individuals in a variety of other countries. Examples such as identity theft, Nigerian 409, scams and phishing are crimes perpetrated through the use of multiple servers in various countries. Cyberstalking and other child sexual exploitation activities have been dramatically enabled because of the global reach of the internet. We need to introduce relevant laws in Kenya that address this amorphous context of the internet. This is a global effort and we need to join other countries in this concerted effort of combating global cyber crime.

Global liaison is an area that also presents a challenge to computer forensic investigation. No area of criminal activity is more on the cutting edge or has greater global implications than crime involving technology and computers. It is evident that as the globalization of distributed computing continues, and as computer criminals become more sophisticated, law enforcement will increasingly need timely access to computer or telecommunication information from multiple countries. These efforts will require a global agency that coordinates them. Mechanisms would have to be introduced that cater for digital evidence interchange between countries, standardization of procedures, personnel training and investigation co-operation. Currently the International Police (Interpol), Virtual Global Taskforce and the Cyber Law Enforcement Organization are bodies attempting to provide the focus for global effort in fighting cyber crime. There is however a greater requirement to have a more concerted effort to strengthen these organizations and others so as to pre-empt fragmented national and regional efforts. Kenya needs to assign responsibility of regional and international digital co-operation efforts to a specific entity for example the yet to be established Kenya Police High Tech Crime Unit.

We are faced with a further challenge of training which has resulted in a shortage of adequately trained cyber forensic investigators. Training a computer forensic expert would result in an efficient and high job performance. A failure to provide sufficient training would leave investigators and their agencies vulnerable to court dismissals (either civil or criminal) and failure to effectively process digital evidence may exculpate an individual, or may result in failure to protect an organization in the event of a dispute. Competence is paramount. As has been stated before, the intricate process of gathering digital evidence and its presentation in court requires an investigator to have highly developed technical computer and legal skills. This training should ideally be found at the undergraduate and postgraduate levels in our local universities (e.g. Jomo Kenyatta University, Juja). This training is currently provided by Karman Security Services Limited which is located in Kitisuru and was founded in 2007 by former CID director, Mr. Joseph Kamau. This initiative is commendable and will go a long way in enhancing the computer forensic capacity in Kenya.

Directly related to the shortage of adequately trained computer forensic investigators is the limitation imposed by budgets or financial resources. Kenya is adversely affected by this problem. Law enforcement agencies are allocated budgets to fight crime. The budget is often inadequate considering the needs. Financial budgets are therefore allocated to various competing areas. Cyber-crime units compete for scarce resources with other criminal departments for example homicide (flying squad), tribal clashes, terrorism, rape, kidnappings, financial fraud, drugs, murder among others. Funds are required to finance computer forensic labs, train officers, purchase software and hardware equipment, logistics and finance computer crime legislation. This problem is global and is evident in the fact that only a small proportion of computer crime ever gets to be investigated and prosecuted by forensic investigators. A 10,000 dollar threshold is placed by most computer crime units in America. This means that if complaints are lower than this threshold then they are not investigated and instead manpower and financial resources are concentrated on computer crimes targeting banks, critical infrastructure, government facilities and high-impact sites. This situation puts the computer crime victim(s) at risk because they are forced to do most of the investigations and leg-work themselves. This is evident in most victims of online identity theft who are forced to launch investigations using their own resources. Financial institutions are also adversely affected by this state of affairs. Considerable resources are used to hire private forensic investigators to unearth fraud and criminal activities in these organizations. It is imperative that the Kenyan Police force establish a fully funded High-Tech Crime Unit. In as much as basic security provision is a problem that we are perennially grappling with in Kenya; I contend that cyber crime should be accorded its due attention and funding by our law enforcement agencies and the central government.

Another related challenge is the dynamic nature of information technology where software and hardware advances demand constant re-training and re-acquaintance. This can put a strain on a cyber crime unit that would want its officers to spend more time investigating cases than been in continuous training sessions.

In the next part of this series I will discuss the various benefits that Kenya would accrue from having an efficient and effective cyber forensic capacity.


Anonymous said...

Its been a while since I paid a visit to your blog.I have just finished reading the 2nd part of your series on forensic computing and I must its quite incisive. I look forward to reading the next part of the series. Keep up the good work!

B.K.Muthoga said...

Thanks anonymous, I will continue trying to provide an objective analysis of this crucial sector in Kenya.

Rechtsberatung said...

Its a really helpful tool to examine the criminal situations. In kenya their are need to be more and more security tools to find out the criminal background and clear the situation.

Nightlionsecurity said...

I just read through the entire article of yours and it was quite good. This is a great article thanks for sharing this informative information. I will visit your blog regularly for some latest post. Great post!

Computer Forensics