Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | colin-jacob-bell |
View: | 212 times |
Download: | 0 times |
IMPROVING LIVES THROUGH ICT
THE 2ND INTERNATIONAL CONFERENCE ON EMERGING AND FUTURE COMMUNICATION TECHNOLOGIES(ICEFICT)
OBWAYA MOGIRESOUTH EASTERN KENYA UNIVERSITY
ICTAK
Mobile Wireless Transactions: A Framework for Secure Funds Transfer Services
DIGITAL FORENSICS FRAMEWORK FOR KENYAN
COURTS OF LAWS.
Biros and Weiser (2006) defines Digital Forensics as “scientific knowledge and methods applied to the Identification,
Collection, Preservation, Examination, and Analysis of information stored or
transmitted in binary form in a manner acceptable for application in legal
matters”.
DEFINITION
Abstract
Technological progress in computing in the last few years has seen a sporadic increase of digital crime.
DF has become a vehicle that organizations can use to provide good and trustworthy evidence and processes.
In this research, we have proposed a framework for DF services.
The methodology employed was mainly survey. This was facilitated by use of research tools such as questionnaires, interviews and documents review
Background
Good DF is becoming a business enabler and a vehicle that organizations can use to provide good and trustworthy evidence and processes for legal cases, civil cases, dispute resolution etc
The use of DF for Legal proceedings is an emerging and interesting area of research.
In our research, we investigated some existing frameworks. It is from the identified gaps that we have proposed a generic framework for DF services for Kenyan courts of laws, tailored to meet the needs of developing countries like Kenya.
Problem StatementICT has seen organizations spend a lot of time,
money in planning for incidents, natural disasters or security breaches by drafting incident response, disaster recovery and business continuity plans. However very little thought is given to the identification and preservation of digital evidence and the correct structuring of processes for possible prosecution of digital criminals (Sommer, 2008). According to Aljazeera (2005), validated frameworks and techniques to acquire e-evidence are virtually non-existent.
KACC Director –we lack Forensics lab Daily Nation Newspaper(2011).
Research Objectives-were;
1. Establish the current technologies, regulatory policies, processes, procedures, practices, laws and governance on DFs and how they can be improved to meet the growing demand of digital forensics in Kenya.
2. Identify existing gaps on the DFs and suggest best practices toward an efficient DFs processes.
3.Propose appropriate framework for DF services.
4.Test validity of the proposed framework
Research Questions
1. Do the existing frameworks sufficiently address the issues of digital forensics?
2. Do the existing acts like evidence Act, Penal Code Act, Criminal Procedures act and Communication Bill Act 2007 sufficiently address the issues of digital forensics?
3. Do we have the capacity in terms technologies, regulatory policies, procedures, practices and staff to meet the expected levels of DFs?
4. What are the weakness and challenges facing DFs in Kenyan courts of laws?
Why is it important to solve it?
Project JustificationThe increase of criminal activity places a
strain on law enforcement and governments. Courts no longer require only document-based evidence but also e-based evidence. However Law enforcement and DFs still lag behind when it comes to dealing with e-evidence obtained from digital devices (Ayers, 2007).For example in 2010,CCK ordered SIM card registration as a measure to curb growing e-crime(www.cck.go.ke).
KACC Director-DFs LABs-Daily Nation (2011)Motivation!This concern by CCK,KACC and the emerging
rise in crime are the motivating factors in our research.
Literature ReviewTechnological progress ICT has seen a sporadic
increase in equipments/devices(mobile/PC/PDA) and users.
As a result, digital systems are driving e-economy translating to convenience, efficiency and reduced operational cost.
However as the popularity of these digital systems grows,(pervasive computing) there is great concern of the security of the information systems.
Criminals exploit any loopholes in current security architectures and control structures to commit digital crimes.(eg.Hague hacking; PWC-DN article on mobile banking)
In this research, we reviewed existing DFs infrastructures and frameworks. Based on the information on related works, identified weakness, we developed Generic Framework For Sound DFs For Kenyan Courts Of Laws.
Existing Frameworks
So far there is no universally standardized framework for DFs. The following are some generic and proprietary frameworks:-
1. Sommer Digital Forensics; (Sommer, 2008)
2. DF Legal framework for USA (Undated)
3. An Extended Model of Cyber Crime Investigation; (Ciardhuáin, S. O. 2004).
4. DF Framework that incorporates legal issues (FORZA, 2006)
Summary of DFs Frameworks Reviewed
Model Dimensions Source
Sommer Digital Forensics
People, Processes & Technology Sommer, 2008
Integrated Digital Forensics in Information Assurance
People, Technology, Policies, Processes and Stages/Phases McCumber, 2005
Legal Requirements for DF
Policies/ Processes Technology/Tools, Research, Education/Training
U.S.A undated
Cyber crime Investigation Model
Phases, Policies, Regulation, Control, Training awareness Ciardhium 2004
DF Audit Audit Gordon 2006
DF E-evidenceRequirements
Reliability, Relevance, Complete Biros and Waiser 2006
Criminal Procedure
Admissibility, Authentic, Reliable, Complete and Convincing Evidence Act Cap 80 of 2007-Kenya
Dimensions of Sommer Digital Forensics; (Sommer, 2008)
Dimensions of Integrated Digital Forensics in Information Assurance (McCumber, 2005)
Dimensions of Digital Forensics (USA, undated)
: An Extended Model of Cyber Crime Investigation; (Ciardhuáin, S. O. 2004); www.ijde.org
Research design
The methodology employed in our research was mainly survey. Through stratified random sampling approach on clustered regions, our sample was drawn CID,KACC,HIGH COURT of Kenya and PWC.
Research Instruments In our survey we mainly used questionnaires and interview. A total of 96 questionnaire were distributed (CID-20, KACC-15, HIGH COURT-20 and PWHC-25, CBK-26. 80 were valid.
Research Methodology
Through statistical analysis using SPSS, the computed Cronbach alpha coefficient for on the seven-point Likert-type perception questions is 0.8432 which is above the recommended 0.7 as shown below.
******Method 2(covariance matrix)will be used for this analysis***** R E L I A B I L I T Y A N A L Y S I S - S C A L E (A L P H A) N of Cases = 80.0 N ofStatistics for Mean Variance Std Dev
Variables Scale 23.3125 32.6986 5.7183 5
Reliability Coefficients 5 itemsAlpha = .8432 Standardized item alpha = .8467
Test of validity
ANALYSIS OF DIGITAL FORENSICSRESPONSES
64%=disagree
Existence of Modern and Equipped DF Lab
Existence of Modern and Equipped DF Lab
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
40
30
20
10
0
80%=agree
Technology Determines Reliability of DFservices
Technology Determines Reliability of DFservices
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Pe
rce
nt
40
30
20
10
0
67%=disagree
Availability of Trained and Qualified staff on DF
Availability of Enough Trained and Qualified staff on DF
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
40
30
20
10
0
80%=agree
Training key component to DF
Training key to DF services
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
50
40
30
20
10
0
75%=disagree
Training and Awareness of staff on DF issues
Regular training and awaress of staff on DF issues
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
40
30
20
10
0
50%
DF Legal Awareness
DF Legal and ethical, policies & procedures awareness
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
30
20
10
0
50%
Current legal/policies on DF
current legal framework addresses DF
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
40
30
20
10
0
85% =agree
Good Legal Framework Enhances DF
Proper legal framework will enhances DF
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Pe
rce
nt
50
40
30
20
10
0
75%=agree
Impact of Proper Governance
Adoption, Proliferation and Maturation of DF Depend on Governance
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Strongly disagree
Pe
rce
nt
40
30
20
10
0
50%
Proper Processes of DF
scientifically sound procedures on DF
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Pe
rce
nt
40
30
20
10
0
75%=agree
Processes on Admissibility of DF
Good processes guarantee admissibility of DF
Strongly agree
Agree
somehow agree
Not sure
somehow disagree
Disagree
Pe
rce
nt
50
40
30
20
10
0
THE PROPOSED DF FRAMEWORKFOR KENYAN COURTS OF LAWS
see hyperlink-30
Origins of the Proposed Framework
To mitigate DF inadmissibility , the framework is a carefully thought product of :-
1.Strengths from the existing DFI frameworks
2.Analysis of data collected from our field survey
3.Three components of a good DF framework; people, technology, and process (sommer, 2008)
4.InfoSec audit i.e. COBIT frameworks and ISO/IEC 27002: 2005 code of practice.
5.Legal requirements DF framework in USA (undated)
6. Dimensions of Integrated Digital Forensics in Information Assurance (McCumber, 2005)
Attributes of a Good DF Processes
Authenticity
Completeness
Reliability
Admissibility
Credible to juries
Digital Forensics What are the enabling technologies/tools, policies, legal ,standards,governance,resources,procedures and training/education?
What are the attributes of a good DF?
What are the regulatory policies, standards?
What DF technologies are used?
What are the processes, procedures?
What are the tools, technology used?
What are the legal requirements?
VALIDATED DF FRAMEWORK FOR KENYAN COURTS OF LAWS.
See hyperlink 69+ components
Components –see hyperlink
1. DEVELOPING A QUESTIONNAIRE BASED ON THE FRAMEWORK ELEMENTS.=SEE
2. REGRESSION ANALYSIS=SEE
3. AMOS=APPENDIX D4. DETAILED AMOS
Validation
Application of the framework
After adequate testing of the framework, we are satisfied that it adequately covers most of the admissibility aspects of DFs services. This will tone down the inadmissibility of e-evidence in our courts of laws.
Therefore, we highly recommend this framework that will serve as a blueprint for DFs processes for the legal proceedings in Kenyan courts of laws to comprehend digital criminals since the rate of e-crime increasing day by day replacing traditional crime.
CONCLUSIONS
The primary objective of the study was to
develop a Digital Forensics Framework for
Kenyan Courts of laws that will enhance growth
in DF by producing forensically sound e-evidence
before a court of law for legal proceedings.
Secondary Objectives;
1.Investigate the state of existing technologies, regulatory policies and legal frameworks regarding Digital Forensics in key government and private agencies involved in DF services in Kenya.
2.Investigate which factors contribute towards reliability, admissibility and authenticity of Digital Forensics.
3.Test validity of the proposed framework
1.
Of the 80 responses received 60% agree that no modern and well equipped labs existing meaning technologically we are ill prepared to handle DF services, 70 % admits that we lack trained and qualified staff to handle DF, 75% admit that we lack training and awareness to our staff on DF issues, 50% are for the opinion that current legal framework addresses DF issues, and 75 % agrees that adoption and proliferation of DF services depends on governance which we lack. These findings indicate that DF adoption in Kenya has not fully matured despite that digital crime is increasing day by day.
2.
The findings indicates that of the 80 responses
received, 80% agrees that proper technology
means reliability of DF services, 80% are for the
opinion that training and DF awareness are key to
DF services, 80 % consider that proper legal
frameworks contributes to proper DF services and
75% consider that governance and processes are
key to adoption, proliferation and maturity of DF
services.
Recommendations
From the findings, we note that as a country in terms of technologies, training/education awareness and regulations in compliance DF services, we are in-adequately prepared. we need to;-
Restructuring of relevant processes to be forensically sound;
Prepare our criminal justice system to deal with the emerging situation in DF;
DF laboratories must be strengthened with skilled manpower and latest Equipments and software to handle increasing digital crime;
The public prosecutors must be trained to present e-evidences in a sound manner;
DF staff should be trained and DF processes, policies and procedures;
Increase funding for training to meet the growing demand of DF.
THEREFORE!
The proposed framework is therefore a blueprint for continuous assessment and monitoring DF services in Kenyan courts of laws legal proceedings to realize admissibility of e-evidence.
We further recommend more thorough nationwide research in order to explore further DF issues in relation to technologies/tools, legal and ethical issues, regulations, and training/education/research.
Limitations of the study
Trouble in finding necessary data-due to the nature of research ,it was very hard and time consuming to convince the relevant agencies like CID/KACC that the research is purely academic and that Confidentiality of their data will be guaranteed.
Also Digital Forensics is still young and in its tender stages-meaning research in the area is still scanty.
Thank UC&Q