Uganda lawsociety v2digitalforensics


Published on

As technology transforms the legal practice, electronically stored information (ESI) has replaced the paper evidence as the lawyer’s primary stock in trade. This is the future of the legal profession. Far more information is retained by a computer than most people realize. Without the right tools and techniques to preserve, examine and extract data, legal officers run the risk of losing something important, rendering what you find inadmissible, or even causing spoliation of evidence.

In this presentation to the Uganda Law Society Uganda members, Mustapha B Mugisa ( explores the skills prosecutors and investigators must master in order to perform their jobs effectively. You will learn a lot by reading this presentation to the end, than most people know about forensics and the new developments.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Uganda lawsociety v2digitalforensics

  1. 1. Digital forensics for investigators& prosecutors in financial crimesAll you need to know…Forensic. Advisory. Fraud.www.summitcl.comMustapha B. Mugisa, CFE, CHFI, MBAPresident, Association of Certified Fraud ExaminersUganda Chapter.Uganda Law SocietyCLE Seminar, 10 June 2013,Imperial Royale Hotel.
  2. 2. Forensic. Advisory. FraudHow much money do youestimate [banks in Uganda]lose annually to fraud?In which ways is it lost?Imagecredit,ACFE.comWhy care?
  3. 3. Forensic. Advisory. Fraud“An averageorganization losesabout 5% of itsannual revenue tofraud”, ACFE Reportto The Nations 2012.Total annual revenue (allUganda banks) in 20111.94/- TrillionUgx. 291billion annually!ACFE Uganda survey in2011 revealed banks &telecoms lose 15-25% ofannual revenue to fraud!About 90% of financialcrime is aided by ICT!Total cost of fraud tobanks in Uganda#1: Lots of fraud in banking…Or Ugx. 11.6bn per bank
  4. 4. #2: Cyber threat & ICTsecurity risksBanksVirus & HackerAttackData Leakage &Network AbuseCyber CrimeCombatQualityDemand fromClients35%65%For Banks65% of securitybreaches are internal35% of security breachesare external.You need tools to ensure realtime network monitoring?
  5. 5. Financial crimes increasing…Credit/ debitCard FraudInsurancefraudMoneylaunderingBankingFraudsCyberCrimesLoan FraudsOrganizedFinancialCrimeCorruptionFinancialData Theft
  6. 6. Forensic. Advisory. The people risks…a) IP theftb) DOS of key applications– lots of downtimec) About 2/3 leavingemployees steal datad) Internet banking, creditcard and system fraudse) Money laundering
  7. 7. Digital forensicessentialsForensic. Advisory.“Fraud will continue as longas fraudsters know theywill not be caught, and ifcaught, they will not beprosecuted.” ACFE, 2012.
  8. 8. Forensic. Advisory. Fraud.www.summitcl.comAnswer questionsabout digital eventsso the results areadmissible in court.Digital forensic investigation
  9. 9. Forensic. Advisory. Fraud.www.summitcl.comElectronically stored info (ESI)e-Discovery:The legal discovery(disclosure) of allelectronic documents anddata relevant to a case.
  10. 10. Forensic. Advisory. Fraud.www.summitcl.comESI examples• Email (all kinds);• Internet, intranet, blogs,(plus cache files, slackspace data, cookies)• Data on PDAs,cellphones• Hardware and software;including data storagemedia and cloud hosting
  11. 11. Forensic. Advisory. Fraud.www.summitcl.comWhy a forensic analysis?a) ID the perpetrator.b) ID the method/ vulnerabilityc) Conduct a damageassessmentd) Preserve the evidence forlegal actione) What, when, where, who,how and why.
  12. 12. Suspects Hide Evidence1.Delete their files andemails2.Hide their files byencryption, passwordprotection, orembedding them inunrelated files (jpg, osetc.)3.Use Wi-Fi networks andcyber cafes to covertheir tracksForensic uncover it1.Restore deleted filesand emails2.Find the hidden filesthrough complexpassword, encryptionprograms, andsearching techniques3.Track them downthrough the digital trail- IP addresses to ISPsto the offenderHow it works?
  13. 13. o Similar to traditional crime sceneso Must acquire the evidence whilepreserving its integrity No damage during collection,transportation, or storage Document everything Collect everything the firsttime; photograph sceneo Establish a chain of custodyo Clear investigation processThe computer crime scene…
  14. 14. Criminalization of ICT crimesThe Computer Misuse Act, 2011o Sec.12 – Unauthorized Access (hacking,interception, Man-In-The-Middle)o Sec.14 – Unauthorized modification ofelectronic contento Sec.16 – Unauthorized obstruction of useof computer System (Denial of Service)o Sec.17 – Unauthorized disclosure of accesscode (password leakage)o Sec.18 – Unauthorized disclosure ofInformation (breach of confidentiality)o Sec. 26 – cyber stalking.
  15. 15. The tools you needForensic. Advisory.
  16. 16. Forensic. Advisory. Fraud.www.summitcl.comLawful interception…1) Total network traffic monitoring2) Application(s) consuming most bandwidth3) Network user(s) consuming most bandwidth4) Packets, which slow down network5) Content, which involves in business conduct6) 360o audit of your enterprise IT governance7) Location, where target user is8) Interception of any inbound and outbound traffic#1: Network Forensic Investigation &incident reporting…IM/Chat(Yahoo,MSN, ICQ,QQ, IRC,Google TalkEtc.)EmailWebmailHTTP(Link, Content,UploadDownload,Video FLV)File TransferFTP, P2POthersOnline GamesTelnet, VoIP,Social Media etc.
  17. 17. Forensic. Advisory. Fraud.www.summitcl.comDigital forensic tools…#2. Computer forensic labYou need the right tools…
  18. 18. Forensic. Advisory. Fraud.www.summitcl.comFraud detection & prevention tool#3. Empower people to blow the whistle…Effective web-based localwhistleblower solution
  19. 19. The skills you needForensic. Advisory.“It is doesn’t matter howmuch resources you’ve, ifyou don’t know how to usethem they still won’t beenough.”
  20. 20. Forensic. Advisory. Fraud.www.summitcl.comDigital forensic skills…#1. Computer Hacking ForensicInvestigator95% of all documents are firstcreated using computers. Only10% get printed out. Goodprosecutors and investigators needComputer Hacking ForensicInvestigator (CHFI)
  21. 21. Forensic. Advisory. Fraud.www.summitcl.comYou need investigation Certified Fraud Examiner (CFE)
  22. 22. Forensic. Advisory. Fraud.www.summitcl.comNext steps…You should:1. Recommend implementation of the localwhistleblower solution…2. Become CFE and CHFI3. Work with Summit Consulting for yourexpert support and tools
  23. 23. Forensic. Advisory. Fraud.www.summitcl.comQ&AWe take pride indoing the rightthing, rather thanwhat is right forthe profitabilityof SCL.Thank you!For more or or