Digital evidence will in future form part of most crime scenes, yet there is still widespread ignorance amongst law enforcement officials in the gathering of digital evidence.
This is according to Piet Pieterse, head of the electronic crime unit at the South African Police Service (SAPS).
Sharing his insights at on the state of cyber security in SA at the ITWeb Security Summit 2014, Pieterse stated that there is a need for cyber crime investigators to address cyber-related investigations and be exposed to testimony in the criminal courts.
"Digital evidence is often highly volatile and easily compromised by poor handling. The chances of success in litigation or successful criminal prosecution by law enforcement agencies depend heavily on the availability of prima facie evidence," he said. "There's an urgent need for more trained experts to analyse and to testify about digital evidence."
Pieterse noted that attempts at investigation involving computers often fail because of mistakes made at a very early stage; essential digital evidence is ignored, destroyed, compromised or inappropriately handled.
"The very fact of having to start such an investigation can create a crisis within a crisis that needs to be managed," he added. "Law enforcement is increasingly turning to proactive investigations where undercover agents seek out the individuals who are already engaging in computer crimes - attempting to record, in real-time, computer criminals while they are involved in the criminal act."
This proactive approach, he noted, bypasses some of the investigatory hurdles of anonymity, lack of records, and the under-reporting inherent in computer cases. It also has the added benefit of potentially stopping the criminal before the damage is done.
"In order to do proactive investigations you need a task team that is 24/7 available to be operational. From a training perspective it is time for a uniform South African version of a digital practice field guide that would enable all law enforcement officials to search, seize, secure (acquisition) and protect the evidential integrity of digital evidence (data storage devices)."
It's Pieterse's view that technology, crime and methodology are interlinked, and it makes sense to adopt a wide, generic approach to investigating information- and communication technology-related crimes.
"One of the measures SAPS will be implementing is the establishment of a SAPS Cyber Centre, in accordance with the national cyber-security policy conceptual framework and the draft SA government's cybercrime policy," he said. "Also, we'll look to implement a cybercrime reporting mechanism, which will enhance the understanding of the scope, threat, trends and collation of data to detect pattern of organised criminality."
Additionally, there should be a development and implementation of a SAPS cyber-crime consumer awareness and education programme to inform consumers about the risks associated with cybercrime and encourage reporting of suspicious cybercrime activities, according to Pieterse.
He concluded that measures against cybercrime would have to follow a criminal justice rationale, linked to broader crime prevention and criminal justice policies, and ultimately aimed at contributing to the rule of law and the promotion of human rights.
Share