ICT 03 : FORENSIC INFORMATION SYSTEMS
DURATION: 3 DAYS
COST: Kshs. 36,000
DATES: 8-10 Nov. 2010
COURSE ABSTRACT:
Computer forensics is an "investigation of situations where there is computer-based (digital) or electronic evidence of a crime or suspicious behaviour, but the crime or behaviour may be of any type". It is also "the process of identifying, preserving, analysing, and presenting digital evidence in a manner that is legally acceptable". The two definitions highlight three important aspects of computer forensics: crime behaviour, computer-based evidence, and potential use of evidence in court.
The collapse of major corporations in the last decade, such as Enron and WorldCom, shocked the world. To understand what happened and who was responsible for the corporate frauds, investigators employed computer forensics and recovered numerous deleted e-mails and other documents from computers used by the involved parties. The rising importance of computer forensics in crime investigations is not surprising in light of the increasing usage of computers in the last several decades. Governments worldwide emphasize the importance of computer forensics in national security after the September 11, 2001 attack in the United States and London, England bomb attacks, Nairobi and Mombasa terror attacks. More organizations require computer forensic specialists to conduct non-criminal internal investigations because of employee misbehaviours or intrusions to organizations' computer systems.
As computers now play an important role in both computer crime and computer-related crime, computer forensic specialists are in demand world wide. This trend is expected to pick up in Kenya as the country gears up to pass the Electronic Transactions Bill and the Kenya Communications Amendment Bill that will recognize electronic evidence. There are also a number of initiatives such as promotion of e-commerce (with the subsequent increase in electronic transactions), Business Process Outsourcing (BPO) and the general desire by the government of Kenya to provide services electronically. Hence, a need exists for universities to provide courses that can address issues related to electronic evidence that are likely to increase as the country embraces knowledge society practices.
In view of the need for universities to train computer forensic specialists, the objective of this proposal is to suggest a short 5-day course in Forensic Information Systems at the University of Nairobi. A course on computer forensics should provide participants the opportunity to learn forensic collection guidelines, laws of evidence, and basic tools used in the forensic examination of computers. Computer forensics is part of traditional forensic science as well as information systems (IS) security. While many universities offer programs on forensic science or courses on IS security, to date only limited tertiary Institutions offer programs on pure computer forensics
COURSE OUTLINE:
The objective of the course is to give students an overview of the fundamental concepts related to computer forensics with an emphasis on the overall investigation process. A computer forensic investigation process generally comprises the identifying, preserving, analyzing, and presenting of digital evidence that is admissible in judicial proceedings. The course is based on the investigation process.
At the beginning of the course, students are introduced to the concept of computer forensics and digital evidence. To understand the important role computers play in cyber crime, students are also introduced to different types of computer crime and computer-related crime.
As legislation is a major component of computer forensics, major computer crime legislation, as well as other legal issues salient to computer forensics is also covered. The remaining parts of the course cover the major steps of computer forensics, from discovery of crime to evidence collection, to evidence analysis, and finally to documentation and presentation of evidence. Students are required to do practical work in order to obtain the necessary skills and knowledge of investigation tools. The course will cover six areas of knowledge:
1. Categories of crime: Investigators need to understand how computers are being used in different types of computer crime and computer-related crime.
2. Computer technology: Investigators need to know how data are stored in computers so that they know where to search for evidence.
3. Security: Investigators need to know how security measures, such as encryption, can protect individuals/organizations as well as hinder investigations.
4. Legislation: Investigators should always assume the investigation would go to criminal proceedings. Hence they should be aware of the legislative requirements.
5. Investigation process: Investigators must be fully aware of the appropriate procedures of handling evidence so that they do not run the risk of contaminating evidence during the investigation process.
6. Forensic tools: Investigators need to know what tools are available for forensic investigations. They also should be aware of the strengths and limitations of each tool.
TARGET AUDIENCE:
The program is designed for Anti-corruption officers of KACA and Parliamentary Watchdog Committees. police, lawyers, managers, executives and officials of public and non-public entities with an interest in Information Systems Security management, management consultants, ICT specialists, researchers and teachers are also welcome in the program.
INSTRUCTORS:
Mr. Nixon Muganda Department of Management Science, University of Nairobi
