Cybercrime continues to ravage the world second to the Coronavirus pandemic worsened by the corrupt public officials. Cyberwarfare, cyber weaponry, cyber espionage, cyber identity theft, and cyber privacy breaches, and a plethora of crimes by governments against their citizens and governments against other sovereign states is on the rise by the day.
The digital revolution has sparked creativity and innovation by decentralizing broadcasting and or self-publishing rights. If you have anything novel, unique, and interesting, all you need is a basic mobile phone camera to record your act and broadcast to the world via YouTube, Twitter, Facebook, or any other social media of your choice. We have seen instant celebrities who have made a fortune that would be unheard of in the traditional Television broadcasting model where it is tough to get an opportunity to show your act.
The Internet is a regulator’s nightmare. How do you police the Internet without affecting free speech, stifling innovation, privacy, and people’s freedoms to explore?
One of the ways is to invest in digital forensics capabilities and global strategic partnerships to collaborate in cyber and digital investigations. The premise of any digital forensics’ assignment is that matters may end up in court. This means the forensic investigator must be though and respect the rules of evidence because the opposing counsel shall carefully study the report and the evidence with the objective of punching holes in the quality of the process, exercise, and procedures.
To have a strong case, a forensic examiner must follow the three As of digital forensic – acquire, authenticate, and analyze.
Acquire – you must acquire evidence without modification or corruption. Do not tamper or spoil or contaminate the original evidence. Once you introduce any foreign object into the original evidence, it loses meaning. The opposing counsel could use such mishandling of the original evidence to cause its dismissal from the court records for lack of substance. Contaminated evidence cannot pin anyone. When working with the defense counsel, the strategy is to examine whether the best process for evidence preservation was followed or not. For example, if a write-protector is not used while making a forensic image of the original evidence, that could be a good reason to disqualify any evidence collected based on spoilation or contamination!
Authenticate -the examiner must make sure the recovered evidence is the replica or the same as the originally seized data. No forensic evidence recovery is complete without first authenticating it using such tools as MD5 to compare the original evidence with the recovered evidence. One time during a mobile phone examination, the phone was seized from a suspect in Mbarara but transported to Kampala without having first stored it in a forensically sound storage device. By the time the police officer arrived with the evidence in Kampala to the forensic lab, it had been contaminated several times that the police officer could not prove that the suspect was the last user of the said phone. If the police officer was well trained with the right tools, they would have stored the phone in the faraday bad, which automatically disables network signal and keeps the phone in the same state as at the point of seizure.
Analyze – the data and evidence without any alterations. The forensic investigator’s work is to examine what is on the seized devices and to map relationships with other facts collected to aid the solving of the case. You cannot alter any data as such would be a biased action.
Are you or do you know of anyone who is a victim of cybercrime? Do contact us. We might help. Once in a while, we take on free cases to help people recover their lives. Your case could meet our criteria and receive our free support. Remember, to come to us only if you are an innocent victim.
Copyright Mustapha B Mugisa, 2020. All rights reserved.