An examination of validation practices in relation to the forensic acquisition of digital evidence in South Africa
- Authors: Jordaan, Jason
- Date: 2014
- Subjects: Electronic evidence , Evidence, Criminal , Forensic sciences , Evidence, Criminal -- South Africa -- Law and legislation
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4706 , http://hdl.handle.net/10962/d1016361
- Description: The acquisition of digital evidence is the most crucial part of the entire digital forensics process. During this process, digital evidence is acquired in a forensically sound manner to ensure the legal admissibility and reliability of that evidence in court. In the acquisition process various hardware or software tools are used to acquire the digital evidence. All of the digital forensic standards relating to the acquisition of digital evidence require that the hardware and software tools used in the acquisition process are validated as functioning correctly and reliably, as this lends credibility to the evidence in court. In fact the Electronic Communications and Transactions Act 25 of 2002 in South Africa specifically requires courts to consider issues such as reliability and the manner in which the integrity of digital evidence is ensured when assessing the evidential weight of digital evidence. Previous research into quality assurance in the practice of digital forensics in South Africa identified that in general, tool validation was not performed, and as such a hypothesis was proposed that digital forensic practitioners in South Africa make use of hardware and/or software tools for the forensic acquisition of digital evidence, whose validity and/or reliability cannot be objectively proven. As such the reliability of any digital evidence preserved using those tools is potentially unreliable. This hypothesis was tested in the research through the use of a survey of digital forensic practitioners in South Africa. The research established that the majority of digital forensic practitioners do not use tools in the forensic acquisition of digital evidence that can be proven to be validated and/or reliable. While just under a fifth of digital forensic practitioners can provide some proof of validation and/or reliability, the proof of validation does not meet formal international standards. In essence this means that digital evidence, which is preserved through the use of specific hardware and/or software tools for subsequent presentation and reliance upon as evidence in a court of law, is preserved by tools where the objective and scientific validity thereof has not been determined. Since South African courts must consider reliability in terms of Section 15(3) of the Electronic Communications and Transactions Act 25 of 2002 in assessing the weight of digital evidence, this is undermined through the current state of practice in South Africa by digital forensic practitioners.
- Full Text:
- Date Issued: 2014
Digital forensic model for computer networks
- Authors: Sanyamahwe, Tendai
- Date: 2011
- Subjects: Computer crimes -- Investigation , Evidence, Criminal , Computer networks -- Security measures , Electronic evidence , Forensic sciences , Internet -- Security measures
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11127 , http://hdl.handle.net/10353/d1000968 , Computer crimes -- Investigation , Evidence, Criminal , Computer networks -- Security measures , Electronic evidence , Forensic sciences , Internet -- Security measures
- Description: The Internet has become important since information is now stored in digital form and is transported both within and between organisations in large amounts through computer networks. Nevertheless, there are those individuals or groups of people who utilise the Internet to harm other businesses because they can remain relatively anonymous. To prosecute such criminals, forensic practitioners have to follow a well-defined procedure to convict responsible cyber-criminals in a court of law. Log files provide significant digital evidence in computer networks when tracing cyber-criminals. Network log mining is an evolution of typical digital forensics utilising evidence from network devices such as firewalls, switches and routers. Network log mining is a process supported by presiding South African laws such as the Computer Evidence Act, 57 of 1983; the Electronic Communications and Transactions (ECT) Act, 25 of 2002; and the Electronic Communications Act, 36 of 2005. Nevertheless, international laws and regulations supporting network log mining include the Sarbanes-Oxley Act; the Foreign Corrupt Practices Act (FCPA) and the Bribery Act of the USA. A digital forensic model for computer networks focusing on network log mining has been developed based on the literature reviewed and critical thought. The development of the model followed the Design Science methodology. However, this research project argues that there are some important aspects which are not fully addressed by South African presiding legislation supporting digital forensic investigations. With that in mind, this research project proposes some Forensic Investigation Precautions. These precautions were developed as part of the proposed model. The Diffusion of Innovations (DOI) Theory is the framework underpinning the development of the model and how it can be assimilated into the community. The model was sent to IT experts for validation and this provided the qualitative element and the primary data of this research project. From these experts, this study found out that the proposed model is very unique, very comprehensive and has added new knowledge into the field of Information Technology. Also, a paper was written out of this research project.
- Full Text:
- Date Issued: 2011