As technology transforms the legal practice, electronically stored information (ESI) has replaced the paper evidence as the lawyer’s primary stock in trade. This is the future of the legal profession. Far more information is retained by a computer than most people realize. Without the right tools and techniques to preserve, examine and extract data, legal officers run the risk of losing something important, rendering what you find inadmissible, or even causing spoliation of evidence.
In this presentation to the Uganda Law Society Uganda members, Mustapha B Mugisa (www.mustaphamugisa.com) explores the skills prosecutors and investigators must master in order to perform their jobs effectively. You will learn a lot by reading this presentation to the end, than most people know about forensics and the new developments.
1. Digital forensics for investigators
& prosecutors in financial crimes
All you need to know…
Forensic. Advisory. Fraud.www.summitcl.com
Mustapha B. Mugisa, CFE, CHFI, MBA
President, Association of Certified Fraud Examiners
Uganda Chapter.
Uganda Law Society
CLE Seminar, 10 June 2013,
Imperial Royale Hotel.
2. Forensic. Advisory. Fraud
How much money do you
estimate [banks in Uganda]
lose annually to fraud?
In which ways is it lost?
Imagecredit,
ACFE.com
Why care?
3. Forensic. Advisory. Fraud
“An average
organization loses
about 5% of its
annual revenue to
fraud”, ACFE Report
to The Nations 2012.
Total annual revenue (all
Uganda banks) in 2011
1.94/- Trillion
Ugx. 291
billion annually!
ACFE Uganda survey in
2011 revealed banks &
telecoms lose 15-25% of
annual revenue to fraud!
About 90% of financial
crime is aided by ICT!
Total cost of fraud to
banks in Uganda
#1: Lots of fraud in banking…
Or Ugx. 11.6bn per bank
4. #2: Cyber threat & ICT
security risks
Banks
Virus & Hacker
Attack
Data Leakage &
Network Abuse
Cyber Crime
Combat
Quality
Demand from
Clients
35%
65%
For Banks
65% of security
breaches are internal
35% of security breaches
are external.
You need tools to ensure real
time network monitoring?
6. Forensic. Advisory. Fraud.www.summitcl.com
#3: The people risks…
a) IP theft
b) DOS of key applications
– lots of downtime
c) About 2/3 leaving
employees steal data
d) Internet banking, credit
card and system frauds
e) Money laundering
7. Digital forensic
essentials
Forensic. Advisory. Fraud.www.summitcl.com
“Fraud will continue as long
as fraudsters know they
will not be caught, and if
caught, they will not be
prosecuted.” ACFE, 2012.
10. Forensic. Advisory. Fraud.www.summitcl.com
ESI examples
• Email (all kinds);
• Internet, intranet, blogs,
(plus cache files, slack
space data, cookies)
• Data on PDAs,
cellphones
• Hardware and software;
including data storage
media and cloud hosting
11. Forensic. Advisory. Fraud.www.summitcl.com
Why a forensic analysis?
a) ID the perpetrator.
b) ID the method/ vulnerability
c) Conduct a damage
assessment
d) Preserve the evidence for
legal action
e) What, when, where, who,
how and why.
12. Suspects Hide Evidence
1.Delete their files and
emails
2.Hide their files by
encryption, password
protection, or
embedding them in
unrelated files (jpg, os
etc.)
3.Use Wi-Fi networks and
cyber cafes to cover
their tracks
Forensic uncover it
1.Restore deleted files
and emails
2.Find the hidden files
through complex
password, encryption
programs, and
searching techniques
3.Track them down
through the digital trail
- IP addresses to ISPs
to the offender
How it works?
13. o Similar to traditional crime scenes
o Must acquire the evidence while
preserving its integrity
No damage during collection,
transportation, or storage
Document everything
Collect everything the first
time; photograph scene
o Establish a chain of custody
o Clear investigation process
The computer crime scene…
14. Criminalization of ICT crimes
The Computer Misuse Act, 2011
o Sec.12 – Unauthorized Access (hacking,
interception, Man-In-The-Middle)
o Sec.14 – Unauthorized modification of
electronic content
o Sec.16 – Unauthorized obstruction of use
of computer System (Denial of Service)
o Sec.17 – Unauthorized disclosure of access
code (password leakage)
o Sec.18 – Unauthorized disclosure of
Information (breach of confidentiality)
o Sec. 26 – cyber stalking.
15. The tools you need
Forensic. Advisory. Fraud.www.summitcl.com
16. Forensic. Advisory. Fraud.www.summitcl.com
Lawful interception…
1) Total network traffic monitoring
2) Application(s) consuming most bandwidth
3) Network user(s) consuming most bandwidth
4) Packets, which slow down network
5) Content, which involves in business conduct
6) 360o audit of your enterprise IT governance
7) Location, where target user is
8) Interception of any inbound and outbound traffic
#1: Network Forensic Investigation &
incident reporting…
IM/Chat
(Yahoo,
MSN, ICQ,
QQ, IRC,
Google Talk
Etc.)
Email
Webmail
HTTP
(Link, Content,
Upload
Download,
Video FLV)
File Transfer
FTP, P2P
Others
Online Games
Telnet, VoIP,
Social Media etc.
19. The skills you need
Forensic. Advisory. Fraud.www.summitcl.com
“It is doesn’t matter how
much resources you’ve, if
you don’t know how to use
them they still won’t be
enough.”
20. Forensic. Advisory. Fraud.www.summitcl.com
Digital forensic skills…
#1. Computer Hacking Forensic
Investigator
95% of all documents are first
created using computers. Only
10% get printed out. Good
prosecutors and investigators need
Computer Hacking Forensic
Investigator (CHFI)
www.eccouncil.org
22. Forensic. Advisory. Fraud.www.summitcl.com
Next steps…
You should:
1. Recommend implementation of the local
whistleblower solution…
2. Become CFE and CHFI
3. Work with Summit Consulting for your
expert support and tools
23. Forensic. Advisory. Fraud.www.summitcl.com
Q&A
We take pride in
doing the right
thing, rather than
what is right for
the profitability
of SCL.
Thank you!
For more information:
www.summitcl.com or www.iifft.org or www.mustaphamugisa.com