KENYA INSTITUTE OF SECURITY AND CRIMINAL JUSTICE

NAIROBI CAMPUS
DIPLOMA IN COMPUTER FORENSIC

RESEARCH PROPASAL

Students Name: Mutinda Grace Mukeni

Instructor: Evalyne kemuma
Admin:15347
Module Title:Research Methods
list of devices
Digital
Devices forensics
that Generate
thatin can
law generate
enforcement
Digital Evidence
digital
is used
evidence,
Digitalto gather
data
as can
follows:
extra
be proof
found
- Digital
after
in astill
a
crimevideo
considerable
and has beencamerasnumber
done (including
to
of help
digitalsupport
CCTV),
devices charges
and different
againstpresentations.
a suspect or avoid
INTRODUCTION
any
The
- Cell
other
huge
phones,
incidents
amount - offromdigital
occurring.
data from Data
digital
stored
devices
on a that
gadget
cancould
be locate
a suspect computers
extracted,
Standard at
analyzed,
the crime andscene,
processed;
laptops,
aid in uncovering
and can become aims, or digital
highlight
evidence
links to
other
in
- Mobile
lawcases.
enforcement
devices,It couldrepresent
also be utilized
a challenge
to checkfor digital
on alibiforensic
and prove an
Criminals
individual’s
practitioners. now
- Game consoles, get
innocence. a new
The abilityDigitalapproach
of these to
forensics carry
devicesisto out
also their
produce
used ascrimes withdigital
anda store
componentthe useof
of computers.
organizations’
data
- Filecreates
storagethe Since
media
incidenttechnology
need(hard
for
response
diverse is more
drive, protocol,
thumb
and morelike
drive,a
aidingmurder
sophisticated
optical mystery
in identifying
and tools than
magneto-
and
catching
occurrences
procedures
optical the
media, bad
toand guy
address
or data in
isolating the
devices
thetheact,
analysisa new
responsible discipline
with similar
of suchparty of
functions),forensics
a considerable
for prosecution needed
variety of to
purposes
be
or putdevices,
digital
- IoT
mereinto
devices.place.information
internal This is known as computer forensics.
Computer
- Wearables, forensics is a branch of forensic science that focuses on
Encompassed
identifying,
- Unmannedacquiring, with Systems
Aerial theprocessing,
technological
(drones). changes,
analysing,
However, andseveral digital
reporting
this list ison
notforensic
data
disciplines
stored have developed
electronically. in the past years.
is a Computer forensics: Itall is
exhaustive and any Electronic
other device evidence
with similar component
functionsofasalmostthe ones
commonly used as
criminal activities a synonym
and for digital
digital forensics forensics
support and covers
is crucial for lawthe
previously
investigation
mentioned can also hold digital evidence.
enforcement of digital evidence
investigations. Thefrom desktopcan
information computers,
be collectedlaptops,
fromand
server
variouscomputers.
sources, such as computers, remote storage, smartphone, and
Software
unmanned forensics:
aerial system. Concern Thewith uncovering
primary objective evidence by examining
is to extract the
software.
information from an electronic gadget or device, process it into useful
Database forensics:
intelligence, and present Related to the analysis
the prosecution of data and metadata
results.
existing within a database.
Multimedia forensics: Used to uncover the authenticity of the information
provided by images, videos, and audio files.
Device forensics: With a focus on the digital evidence from diverse
types of devices from small to large-scale.

IoT forensics: Where the sources of evidence could be more wide-

ranging than in the case of device forensics, for instance, infant or
patient monitoring systems, medical implants in humans and
animals, In-Vehicle Infotainment (IVI) systems, traffic lights, and so
on.

Network forensics: That deals with the process of collecting and

analyzing network data and tracking network traffic to figure out the
occurrence of security incidents.

BACKGROUND OF THE PROBLEM

The two research questions considered in this work are defined as
follows:
PURPOSE
RQ1: Which areOFtheTHE STUDY
success factors of digital forensics in law
enforcement?
RQ2:
In thisWhich
dynamicarecontext,
the challenges
the aim of
of digital forensics
this work in law enforcement?
is to acknowledge the
success factors as well as to identify the main challenges in digital
forensics for law enforcement. This is done by analyzing the success
factors and challenges that are the object of study in the research
community, and by contrasting them with the ones identified by digital
forensic practitioners. The main purpose is to distinguish gaps between
them

RESEARCH QUESTIONS

DELIMITATION AND LIMITATION

Delimitations and limitations in the context of digital forensics in law
enforcement refer to the boundaries and constraints that affect the
scope, applicability, and effectiveness of digital forensic investigations.
Here are some key delimitations and limitations:

Legal and Ethical Constraints:

Delimitation: Digital forensic investigators must operate within the

boundaries of local and international laws. They are restricted by legal
frameworks that dictate what types of evidence are admissible in court.

Limitation: Privacy concerns and ethical considerations may limit the

extent to which investigators can access and analyze digital data.
Balancing the need for investigation with the protection of individual
rights is a constant challenge.
Technology Evolution:

Delimitation: Digital forensic tools and techniques are constantly

evolving, but investigators may be limited by the availability of resources
and the capacity to keep up with rapid technological advancements.

Limitation: New encryption methods, secure communication channels, or

emerging technologies can present challenges in extracting and
interpreting digital evidence.

Resource Limitations:

Delimitation: Law enforcement agencies may have budgetary

constraints, affecting the acquisition of cutting-edge tools and the
training of personnel.

Limitation: Limited resources can impact the thoroughness and speed of

investigations, potentially hindering the ability to uncover and analyze
digital evidence effectively.

Global Nature of Cybercrime:

Delimitation: Cybercrime often transcends international borders,

requiring cooperation between law enforcement agencies from different
countries.

Limitation: Jurisdictional issues, conflicting legal systems, and varying

levels of cooperation between nations can impede the seamless pursuit
and prosecution of cybercriminals.

Data Encryption:

Delimitation: Encryption is an essential security measure, protecting

sensitive data from unauthorized access.

Limitation: Strong encryption can impede digital forensic efforts, making

it difficult or impossible to access and interpret data even with advanced
tools.
Volatility of Digital Evidence:

Delimitation: Digital evidence is susceptible to alteration or destruction,

necessitating quick and efficient forensic processes.

Limitation: The volatile nature of digital evidence means that delays in

investigation can result in the loss or degradation of crucial data.

Skill and Training Gaps:

Delimitation: Digital forensic investigators require specialized skills and

training to keep pace with evolving technologies.

Limitation: Shortages of qualified personnel and inadequate training

programs can limit the effectiveness of digital forensic units within law
enforcement agencies.

Intricacies of Cyber Attribution:

Delimitation: Attributing cybercrimes to specific individuals or groups is

challenging and may require significant time and resources.

Limitation: The difficulty in accurately attributing cybercrimes may lead to

challenges in building airtight legal cases against suspects.

Understanding these delimitations and limitations is crucial for law

enforcement agencies to develop realistic expectations, allocate
resources effectively, and continually adapt to the evolving landscape of
digital forensics.
LITEREATURE REVIEW

INTRODUCTION
In our days, all digital devices such as cell phones, tablets, laptops and
desktop computers can be used for criminal activities such as fraud,
drug trafficking, homicide, hacking, forgery, terrorism,against these
criminal activities, digital forensics is used to help investigate
cybercrimes and to identify the device-assisted crime and the
authors.There are many definitions of digital forensics but, the one that
describe it properly is “Digital forensics is the discipline that combines
elements of law and computer science to collect and analyze data from
computer systems, networks, wireless communications, and storage
devices in a way that is admissible as evidence in a court of law.

BRANCHES OF DIGITAL FORENSIC

Disk Forensics:
It deals with extracting data from storage media by searching active,
modified, or deleted files.

Network Forensics:
It is a sub-branch of digital forensics. It is related to monitoring and
analysis of computer network traffic to collect important information and
legal evidence.

Wireless Forensics:
It is a division of network forensics. The main aim of wireless forensics is
to offers the tools need to collect and analyze the data from wireless
network traffic.

Database Forensics:
It is a branch of digital forensics relating to the study and examination of
databases and their related metadata.

Malware Forensics:
This branch deals with the identification of malicious code, to study their
payload, viruses, worms.

Email Forensics:Deals with recovery and analysis of emails, including

deleted emails, calendars, and contacts.

Memory Forensics:
It deals with collecting data from system memory (system registers,
cache, RAM) in raw form and then carving the data from Raw dump.

Mobile Phone Forensics:

It mainly deals with the examination and analysis of mobile devices. It
helps to retrieve phone and SIM contacts, call logs, incoming, and
outgoing SMS/MMS, Audio and videos
Objectives of computer forensics
DIGITAL FORENSIC TOOLS
1. Itforensics
Digital helps to recover,
tools areanalyze,
hardware andandpreserve
softwarecomputer
tools thatand canrelated
be used
to aid materials in such
in the recovery anda manner that itof
preservation helps theevidence.
digital investigation
Law agency to
presentcan
enforcement them use asdigital
evidence in a court
forensics toolsoftolaw.
collect and preserve digital
ETHICAL
2. It helps
evidence CONSIDERATIONS
and to postulate
support the motive
or refute behindbefore
hypotheses the crime andDigital
courts. identity of the
main culprit.
Evidence.The main types of digital forensics tools include disk/data
In recent
3. Designing
capture time,file
tools, commercial
procedures organizations
viewing tools, at anetwork
suspected have
and crimeused
scene
database digital
which
forensics
forensics helps in
you
tools,
following
and to ensure
a type that
specialized of cases:
the digital
analysis evidence
tools for obtained
file, registry, is not
web, corrupted.
Email, and mobile
The4.digital
device Data forensics
acquisition
analysis. investigator
and duplication:
must adopt
Recovering
procedures
deletedthat files
adhere
and to
the standards
deleted partitions
of admissibility
from digital
for evidence
media to in extract
a court the
of law;
evidence
properand
contentvalidate
inspection
them.of a computer system, proper analysis documentation
and5.professional
Helps you to court
identify
representation
the evidence to quickly,
ensure aand successful
also allows outcome.
you to
Here are
estimate
somethe ethical
potential
considerations
impact of the in computer
maliciousforensics:
activity onRespect
the victim
for
privacy:
6. Producing
Forensicainvestigators
computer forensic shouldreport
respectwhich
the offers
privacya ofcomplete
individuals
and organizations
report on thethey investigation
are investigating.
process. This includes obtaining legal
authorization
7. Preserving before
the conducting
evidence bya following
search, and the ensuring
chain of custody.
that any data
col.

1. Intellectual Property theft

2. IndustrialOF
PRINCIPLES espionage
DIGITAL FORENSIC
3. Employment disputes
4. Fraud
These investigations
five rules are—admissible, authentic, complete, reliable, and
5. Inappropriate
believable. use of the Internet and email in the workplace
6. Forgeries related matters
7. Admissible. This is the most basic rule and a measure of evidence
Bankruptcy investigations
8. validity and importance.
Issues concern ...
with the regulatory compliance
 Authentic. The evidence must be tied to the incident in a relevant
way to prove something. ...
 Complete. ...
 Reliable. ...
 Believable.
CYBER CRIMES TRENDS AND PATTERNS
Cybercrimes in general can be classified into four categories:
 Individual Cyber Crimes: This type is targeting individuals. ...
 Organisation Cyber Crimes: The main target here is
organizations. ...
 Property Cybercrimes: This type targets property like credit cards
or even intellectual property rights.
 Society Cybercrimes:This type targets the society in large.

GLOBAL COLLABORATIONS & FUTURE EMERGING TECH

Governments, global industry, and experts from academia and civil

society should work together to prevent cyberwar, restrict offensive
cyber operations by nonstate actors, and mitigate the daily economic
threats that ICTs pose to the global economy.
Artificial Intelligence and Machine Learning: Artificial Intelligence (AI) and
Machine Learning (ML) are revolutionizing the field of digital forensics.
These technologies enable software to process vast amounts of data,
detect patterns, and predict potential threats with greater accuracy and
speed.

RESEARCH DESIGN AND METHODOLOGY

Qualitative research can include multiple forms of data collection

methods, such as document studies, surveys, interviews, and
observations . This study is designed to combine two different
techniques to explore the research questions, a systematic literature
review and a online research. The purpose of using these two methods
is to rely on data from diverse sources to triangulate the findings.

Population & sample

Challenges in Digital Forensics for Law Enforcement

A. Resource-related challenges: This category considers the assets the

organizations require for their normal operations, including the personnel
as a key asset.

B.Technical challenges: This includes the challenges caused by new

devices, software, tools, protocols, or any technological solution.
Technical challenges have a broad coverage due to the growing number
of seized devices, increasing data storage, and the complexity of
environments like cloud systems.

C. Organizational challenges: Those challenges are related to

institutions, their internal structure, their management, and their
interaction with others.