Subscribe
  • Home
  • /
  • Security
  • /
  • Failure to follow procedures scuppers cybercrime prosecutions

Failure to follow procedures scuppers cybercrime prosecutions

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 17 May 2017
Yusuph Kileo: Digital forensics require diligence.
Yusuph Kileo: Digital forensics require diligence.

Digital forensics requires diligence if perpetrators of cyber crime are to be brought to book.

That was the message from Yusuph Kileo, a cyber security and digital forensics expert from Tanzania, and MD and board member, Africa ICT Alliance (AfICTA). He was speaking yesterday at the ITWeb Security Summit 2017 at Vodacom World in Midrand.

The majority of cyber crimes go unpunished because investigators fail to follow the proper procedures, said Kileo.

Digital forensics is a process of recovering, interpreting and investigating electronic data. "All this is done by preserving the original evidence in its most original form."

Before starting the investigation, he said organisations must make sure they have skilled professionals; have a work station and data recovery lab; enter into alliance with a local district attorney; and define the methodology that they will use.

Digital forensics investigators also need to obtain a search warrant - a written authorisation to carry out an investigation. "Who should issues a search warrant? This depends on the country where the investigation is conducted," said Kileo.

When collecting the evidence, investigators must strictly adhere to the guidelines and privacy policies of the organisation they are working with, as well as the legal jurisdiction, he added.

Another important document in digital forensics is the final report, which must contain specific files related to the request, including deleted files that support the findings, as well as string searches, keyword searches, and text string searches.

"The final report must also have Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity. Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions and file name anomalies are also required."

As judges usually do not understand computing language and procedures, it's vital that the report

explains the computer and network processes, he added. "The investigators should provide explanation for various processes and the inner working of the system and its various interrelated components."

Finally, professional conduct determines credibility, ethics, morals and standards of behaviour, Kileo concluded.

Share