Deploying Forensics Science & Technology for Resolving National Cyber-security Challenges

© Journal of Mathematics and Technology, ISSN: 2078-0257, No.3, August, 2010

21 | www.ijar.lit.az

DEPLOYING FORENSICS SCIENCE & TECHNOLOGY FOR RESOLVING NATIONAL CYBER-SECURITY CHALLENGES

Prof. Oliver E. Osuagwu1, a, Prof. Tony Ogiemien 2, b, Dr. Samuel Okide3

1 IP Vice-President/Vice-Chairman, Computer Professionals Registration Council of Nigeria (CPN) Department of Information Management Technology, Federal University of Technology, (NIGERIA)

2 President, American Heritage University of Southern California, San Bernardino (USA) 3 Department of Computer Science, Nnamdi Azikiwe University, Awka (NIGERIA)

E-mails: a [email protected], b [email protected]

ABSTRACT

This paper looks at the problem of cyber criminality as a colossal economic catastrophe which has

discouraged the growth of e-commerce, digital economy in Nigeria and the rest of the African continent and calls for immediate solution to reduce the chance of turning Africa into a digital colony and impoverished continent. The paper assessed the mondus operandi of these criminals, identifies government and industry efforts to fight the menace which has proved only palliative, as the rogues continue their successful global ride on the super highway virtually unabated. To some extent, cyber-criminals’ successes have been attributed to the failure of our conventional pass-wording and encryption security systems, dynamic development of malware such as phising software, misplaced social values which worships money and not the intellect, a society that organizes chieftaincy titles for pen robbers in the civil service of the federation and people of doubtful character. The paper introduces the new science and technology frontiers to the rescue – the Forensic sciences and related technology as a solution to this menace and suggests the way forward for Africa to leapfrog the digital divide gap chasm. Specific issues considered include the scope of the pandemic, motivation for cyber criminality and its concomitant impediments to e-commerce growth, actions taken by governments and industry to control the menace, industry security initiatives so far which has proved to be only palliative. An exposition was presented on the solution trust via the new Computer Forensics frontier with stimulating recommendations to government and industry on the way forward. Three hypotheses were tested to give the paper scientific proof. The results of the hypothesis suggest that the Nigerian Police force is yet to acquire advanced techniques, particularly the forensic techniques to tackle the present menace. This gap demands new human development strategy by government to curb this growing menace. The result of the second hypothesis suggests that Nigeria need urgent value re-orientation. The third suggests the enactment of an enabling Act to fight cyber crime.

Key words: cyber crime, national cyber security, terrorism technology for resolving cyber-criminality

1. INTRODUCTION - GLOBAL CYBER CRIME AND TERRORISM

Scale of the pandemic; Motivation for cyber-criminality Osuagwu (2008)[1,2,3] has cited Security intelligence reports on cyber crime wave around the world are

worrisome. According to industry analysts, there are currently 657 million people online world-wide. That figure is expected to rise to 794 million by 2009. This represents a lot of data interchange. Unfortunately many small businesses, and even large organizations, do not know how to properly protect their sensitive data, thus leaving the door open to criminals. More hit is the developing countries like Nigeria who are yet to develop new skills in computer forensics to tackle the menace. According to the U.S. Federal Trade Commission (FTC)[2], credit card fraud costs cardholders and issuers hundreds of millions of dollars each year. There is evidence to show that identity-theft is the fastest growing crime in America; 9.9 million victims were reported in 2007 according to a Federal Trade Commission survey.

Creditcards.com (a compiler of credit card statistics) stated that in 2005, approximately 9.2 million U.S. citizens reported loss of credit card information. Furthermore, the FTC noted that 42% of all identity theft cases in 2004 involved credit card fraud. A 2005 study estimates that 1.15% of the U.S. adult population has experienced a misuse of existing non-credit card accounts or account numbers within the past year-estimates that include deposit accounts. In addition, for all internet-related fraud complaints received in 2004, 19% of cases involved a bank account debit. A U.S. FTC survey released in September 2003[2] also stated that over 27.3 million individuals became victims of identity theft between 1998 and 2003 in the U.S., with 67% of all identity theft.

The 2002/03 British Crime Survey [9] showed that 18% of households with internet access said their home computer had been affected by a virus. This had increased to 27% in 2003/04. One-third said the virus had damaged their computer. The biennial Department of Trade and Industry (DTI) Security Breaches survey reports that 62% of UK businesses had a computer security incident in the 2006. These statistics may underestimate the real situation as many organizations or individuals may be unaware that the security of their computer has been compromised.

One important case study which illustrates how dangerous cyber-criminality can be is the United States Anthrax Crime. Though the anthrax Crime was traditionally physical in its outlook (through the chemical Labs and delivery through the post offices the US), but the crime – which later became a monstrous Cyber security to the


22 | Baku, Azerbaijan

United States – was indeed originated in the Cyber space using the Computer as the major tool. Later investigations reveled that all the planning of the Anthrax phenomena took place on the Internet and collaborative Local Area Networks (LAN). According to an FBI Investigation Officer on the Anthrax episode, computers played a major role in perpetuating the crime:

Based on the foregoing, I submit that there is probable cause to believe that a search of the aforementioned computers may result in, and obstruction of, the investigation into the dissemination of a weapon of mass destruction (anthrax) through the U.S. mail system in September and October 2001 in violation of 18 U.S.C., Sections 1512(a)(20, 2332a and 1114. Specifically, there is probable cause to believe that a search of the computers may reveal electronic data identifying a plan to kill witnesses, names of intended victims, photographs, suicide letters and other relevant information.[26]

Sophisticated crimes can be almost impossible to trace to their true source using current practices. The

anonymity enjoyed by today’s cybercrime perpetrators poses a grave security threat to national development and indeed, the global information system.

Before we loose tract of the subject, Forensic Technology is the art of sourcing, collecting, extracting and applying forensic evidence to resolve sophisticated crimes at all levels of occurrence – especially those that related to national security and often of complex nature. Perhaps the greatest threat to the Internet today is the abysmal state of security of so many of the systems connected to it. There are many contributing factors, including commercial off-the-shelf (COTS) software, in which the number of features and rapid time to market outweigh a thoughtful security design.

New vulnerabilities are continually being discovered in such software. The widespread use of many COTS products means that once vulnerability is discovered, it can be exploited by attackers who target many of the thousands or even millions of systems that have the vulnerable product installed. A lack of security expertise by most Internet users means that vendor security patches to remove the vulnerabilities will not be applied promptly, if at all. As a result, systems with un-patched vulnerabilities can be easily compromised, in large numbers, by motivated attackers, who will then use these systems as launching points to concentrate an attack against better-protected systems and to hide the tracks of the attacker. Though the sophistication of Internet attacks has increased over time, the technical knowledge of the average attacker is declining, in the same manner that the technical knowledge of the average user has declined.

The new emerging facts reveal that sophisticated attackers routinely build attack scripts and toolkits that the novice attacker can use with the click of mouse, with devastating effects. Hiding the tracks of the attacker and expunging or concealing any related evidence has become an integral part of many attacker toolkits today.

There are various reasons for the increase in cyber criminality and terrorism. One of the major motivations is the increase and spread of computers around the world:

Spread of computers Computers are becoming more accessible as their cost decreases, leading to a marked growth in their

use, particularly in personal and mobile computing. Studies suggest that many home users are typically unaware of the potential threats from computer crime or may not possess the technical skills to ensure their own security

Types of attack

There are different types of attacks on computers which may: Attempt to access information stored on a computer. Information may have a sale value (corporate

espionage), may be valuable to the owner (ransom opportunity) or may be useful for further illegal activity such as fraud.

Try to impede or alter the functioning of the computer itself. Also, if a computer can be controlled it can be used to send spam, host illegal content, or conduct further attacks.

Malicious software types (‘malware’) the uses of malicious software range from placing excessive

demand on a computer’s resources, to destruction of data or even hardware. In some cases the user is made aware of the presence of the malware, for example when it sends a message to the user or deletes the contents of a hard drive. Recent forms of malware may operate without the user’s knowledge, steal financial information such as credit card details, or convert infected computers into an asset for the attacker. Common types of malware work as follows:

Viruses infect computers or other electronic devices and are passed on by user activity, for example by opening an email attachment.

Worms self-propagate using an internet connection to access vulnerabilities on other computers and to install copies of them. They are often used as a conduit to grant attackers access to the computer.

Trojans are malware masquerading as something the user may want to download or install, that may then perform hidden or unexpected actions, such as allowing external access to the computer.

Spyware transmits information gathered from a computer, such as bank details, back to an attacker. For example ‘key-logging’ software records anything entered using the keyboard, such as passwords. As an example of a network breach, in January 2007, hackers accessed the computer systems at the TJX Companies (the parent company of retailers such as T.J. Maxx and Marshalls). These hackers were able to steal approximately 45.7



million credit and debit card numbers. The TJX Companies believe that unauthorized software placed on its computer systems was the cause of the breach.[7]

Targets Of Computer Crime Some attacks do not have a specific target. However, attacks against specific computers or groups of

computers are becoming more common. Home computer users, organizations with large networks of computers, or entire infrastructures may be targeted. Attackers using computers may also attempt to damage the functioning of the Critical National Infrastructure (CNI) which includes emergency services, telecommunications, energy [8] distribution and finance, all of which rely on IT. Many CNI systems which were once isolated are now connected to the Internet, increasing their vulnerability. There has been speculation over the prospect of terrorists using electronic attacks to target computer systems and networks. According to the National Infrastructure Security Coordination Centre (NISCC), the probability of terrorists carrying out an electronic attack against the CNI is currently low compared with other risks such as using explosive devices, although the NISCC points out that threats can change quickly.

The Problem Of Cyber Crime Policing Although all UK and American forces (unlike Nigeria) have some form of specialist computer crime

forensic and investigation capability, police forces face challenges in tackling computer crime: • The international nature of computer crime means that determining jurisdictional responsibility can be

difficult, for example if crimes are committed in Nigeria by criminals overseas. • Data can be stored on a range of devices and in large volumes that require time and expertise to access. • Computer crime training has been made available to all officers, but uptake has been low. This may

result in potential evidence of computer crime being lost. • Specialist investigative staff is costly: they need up-to-date equipment and continuous training, due to the

rapid pace of technological development, crime techniques and terrorism refinements. Motivation for Cyber-Criminality And Terrorism In Nigeria, a wrong value system is being promoted. There is a negative psyche that money is the most

important thing in the world. Youths observe when rogues are promoted and given high chieftaincy titles and these youths know the source of wealth of these people. They also know that in most cases people who are punished for crimes are the poor and under-privileged. The rich always go free from police net. So why be poor and be down trodden? These youths also know that most rogues have been made Traditional Rulers, given ministerial appointments once huge sum of money can be deposited into the campaign accounts of prospective governors and presidents-to-be. They know that most of these side supporters of policies who eventually get lucrative board appointments, become commissioners and ministers are indeed, to large extent, key economic saboteurs! So to them, the best option is not to continue bordering themselves about higher education but to seek quicker means of getting rich so that they can be counted among those who matter in society, drive on expensive cars and own magnificent edifices which counts for recognition!. The easiest option is 419, armed robbery, ritual murder, kidnapping and gansterism. This evil psyche could have been better controlled if there were jobs for graduates of our tertiary institutions. Cyber crime has less risk for Nigerian youths – Nigeria is yet to develop forensic capability to track them. Most Police and law enforcement officers are not computer literate. Nigeria has no law enacted and operational for cyber-criminality.

Those who have made it through 419 have escaped unhurt and are enjoying their wealth. The type of money that comes through cyber crime is huge, sometimes in millions of US$. These rogues use such money which have spelt death sentence to most people who are duped to chase women, enjoy in expensive hotels and suppress the poor in society. They never care for any form of investment to promote national gross domestic product! Consequently many youths think cyber crime is a profession and many are training to become members of the evil club! So, you can now see that the solution to this menace does not lie on procedural legal policing but on attending to the negative social psyche, providing good employment, family retraining of children and readjustment of social values in Nigeria and the rest of the African continent.

Cyber-Criminals’ Mondus Operandi – Some Case Study Examples: Credit Card Fraud: USA A diabolically gifted hacker had obtained of copy of Forbes magazine which featured America’s 400

richest people. This is his target group. The names had social security numbers, birth dates and some credit card information. He further obtained additional information from the Internet and from credit bureaus Equifax, Experian and Trans Union by sending queries on the forged letterhead of several top investment banks (Jain & Pankanti 2006). Equipped with all the necessary information, the fraudster went into action, using a computer in a public library to order merchandise online, withdrew money from brokerage accounts, and applied for credit cards in other people’s names. The bubble got burst when the same fraudster tried to transfer US$10 million from the Merril Lynch account of software entrepreneur, Thomas Siebel. Someone at Merril Lynch observed that the same two Yahoo email addresses, both Abdallah’s had been used in connection with the five clients! On March 2001, two New York City detectives wrestled Abdallah out of his car. This ended one of the most sensational identity theft sprees in human history!! Osuagwu et.al.(2007) [1,4]:

Fraud - Network Breach: USA In January 2007, hackers accessed the computer systems at the TJX Companies (the parent company of

retailers such as T.J. Maxx and Marshalls). These hackers were able to steal approximately 45.7 million credit



and debit card numbers. The TJX Companies believe that unauthorized software placed on its computer systems was the cause of the breach.[7]

1.1 Research questions This paper will at the end answer the following questions: What factors are responsible for the increasing crime wave in the super highway in Nigeria? Is the Nigeria Police ready with the right training and skill to arrest cyber crime? What can be done to control the menace? Is an Enabling Act of parliament necessary to accelerate the ability of Nigerian Police to tackle cyber

crime? 1.2 Hypothesis Ho1: Nigerian Police has adequate computer and forensic training to tackle the Present cyber crime

menace. Ha1: Nigerian Police has NO adequate computer and forensic training to tackle the present cyber crime

menace. Ho2: Negative Social Values has NO impact on the increasing trend in cyber criminality in Nigeria. Ha2: Negative Social Values has IMPACT on the increasing tend in cyber criminality in Nigeria. Ho3: Legislative backing (by Act of Parliament) is UNNECESSARY to enhance Police capability to police

cyber crime. Ha3: Legislative backing (by Act of Parliament) is NECESSARY to enhance Police Capability to police

cyber crime. Population Sample 60 questionnaires randomly distributed amongst various levels of Police Hierarchy. Mathematical & Analysis Tool The responses will be collated, arranged and subjected to Analysis of Variance, Multiple Regression and if

need be Discriminant Analysis. The results will deployed to testing the Hypothesis and to answer the research questions posed in this research paper. This will lead to conclusions and recommendations.

Sample questionnaire for the three clusters are found in Appendix A The questions and hypothesis are handled in section 5.0. We need however lay some pedagogical

foundations and knowledge elicitation to provide the desired ontology for the knowledge domain. These are provided in the following sections:

2. CYBER CRIME AS IMPEDIMENT TO E-COMMERCE GROWTH Electronic fund transfer e-payment system in Nigeria and Africa Cyber Criminals Mondus Operandi Osuagwu (2008) [2] has referred to Internet terrorism and fraud as the new pandemic that has shaken the

world economy and has even brought down large corporations to ultimate collapse. Some criminals who have learnt the trick of using spam (uninvited letters written as a prey to greedy people) to lure them into bogus transaction via the Internet. Many businesses have been duped several million US$ and this has led to the untimely death of victims. Other related cyber crimes relate to stealing valuable information through phising software which makes a computer systems belonging to an individual vulnerable to access by unauthorized intruder.

A criminal who has planted phishing software via an email will have the software automatically installed on your system as soon as you open the email and he will thenceforth have access to every key stroke on your PC including password and critical information. Criminals can also have access to your data bases and steal vital information of sellable value to your competitors, or plant unsavory message on your website which may cause loss of customer loyalty. On the national economy of countries, lots of money has been lost to these criminals which could not be added to the Gross Domestic Product (GDP) and has led to the backwardness of many economies.

The situation has become worrisome that every nation is now devising new techniques to police the cyberspace against these agents of the Devil and economic saboteurs. It has discouraged prospective investors from establishing trust in e-payment system. This has consequently led to loss of interest in e-commerce whose market potential runs into billions of US Dollars. Effective participation in e-commerce is expected to expand the economies of developing nations by three fold by the year 2010. The projected expectation that by the year 2020 Nigeria would have become one of the largest and strongest economies in the world would become a mirage if the current cyber criminality is not halted and ecommerce and internet diffusion in Nigeria and Africa encouraged. The reason for this assertion is that the new world economic order will continue to be technology driven. This assertion is supported by the conclusions draw by the former UNESCO scribe some three decades ago: …



3. EFFORTS OF GOVERNMENT AND INDUSTRY TO POLICE THE CYBER SPACE: e.g. EFCC and the Nigerian Police Force, Cyber-crime/Information Technology Bill 2004 To refresh our memory of what is happening in the cyber space, the U.S. Federal Trade Commission

(FTC) recently reported that credit card fraud costs cardholders and issuers hundreds of millions of dollars each year. Creditcards.com (a compiler of credit card statistics) stated that in 2005, approximately 9.2 million U.S. citizens reported loss of credit card information. Furthermore, the FTC noted that 42% of all identity theft cases in 2004 involved credit card fraud. A 2005 study estimates that 1.15% of the U.S. adult population has experienced a misuse of existing non-credit card accounts or account numbers within the past year—estimates that include deposit accounts. In addition, for all internet-related fraud complaints received in 2004, 19% of cases involved a bank account debit. A U.S. FTC survey released in September 2003 also stated that over 27.3 million individuals became victims of identity theft between 1998 and 2003 in the U.S., with 67% of all identity theft.

Because of the terrible image this has created against Nigeria, the National Assembly recently adopted the first IT Bill to deal with Cyber-crime. It is titled: The information technology bill 2004 [18] The IT bill is the initiative of the Nigeria Computer Society (NCS), Computer Professionals Registration Council of Nigeria (CPN) and the Information Technology Association of Nigeria (ITAN) which is a member of NCS. The IT Bill is intended as A Legal Framework for the Establishment of Information Technology Infrastructure, The National Information Technology Commission, And the National Information Technology Development Fund. This is further supported by the Cyber-crime Bill which has passed the second reading in the national assembly.

The IT Bill seeks to: Make provisions or, as the case may be, review existing provisions in the laws of the country, to cater for

developments in the field of Information Technology; Facilitate, and promote the confidence of the public in, communication that is based on, supported by or

pertaining to information represented in or on data media wherefrom it is retrievable, and where or on retrieval from where, the information can be read or perceived;

Foster and facilitate employing modern techniques and technologies to perform information activities, and communicate information in various types of circumstances;

Confer legal effect, validity and enforceability on information represented in or on data media regardless of the technologies employed to obtain the representations, and the media in or on which the representations are made;

Confer equality in value and function on information represented on paper and in or on other data media, regardless of the technologies employed to obtain the representations, and the media in or on which the representations are made;

Enable interoperability or interchangeability between different data media and information representation technologies;

Confer equality in value and function on unique identification or association of an entity and, as appropriate to the entity, the concurrence or approval of the entity, with or of the information represented on paper or other data media, regardless of the technology employed to create the information representation, the medium in or which the representation is made and the representation that determines the identification;

Create cyber crimes and make penal, investigative and prosecutorial provisions to regress and or combat them;

Establish the National Information Technology Commission; Establish the National Information Technology Development Fund. Every executive and professional who is to be protected from the legal intricacies of IT application today

need to be conversant with the IT and Cyber-crime Bill for Ignorantia juris non-excusat! What the United States of America Has Done The United States of America has preferred National Strategy to Secure Cyberspace and the National

Strategy for the Physical Protection of Critical Infrastructures and Key Assets (see http://www.iwar.org.uk/cip/resources/pcipb/cyberstrategy.htm).[11] The US President opined that this would help America protect herself and citizens from those who would do us harm, whether through physical destruction or by attacking our infrastructures through cyberspace. These strategies recognize that the majority of our critical assets and infrastructures, such as those in the banking, Telecommunications, energy, and transportation sectors, are privately owned and operated. The strategies outline Federal efforts and State and local roles in securing the Nation's critical infrastructures, and identify opportunities for partnership with the private sector. The Department of Homeland Security will take the lead in accomplishing many of the objectives of these strategies. Other departments and agencies also have important roles to play. The President encouraged everyone, government at all levels, industry, and private citizens to continue to work together to make America secure. The document is made up of the following components:

Letter from the President Executive Summary Introduction Cyberspace Threats and Vulnerabilities: A Case for Action National Policy and Guiding Principles Priority I: A National Cyberspace Security Response System Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program



Priority III: A National Cyberspace Security Awareness and Training Program Priority IV: Securing Governments. Cyberspace Priority V: National Security and International Cyberspace Security Cooperation Conclusion: The Way Forward Appendix: Actions and Recommendations Summary Other countries like Britain, France and members of the European Union have taken identical initiatives.

Nigeria should borrow a leaf from the United States by developing identical functional strategy for the protection of Critical National Infrastructure from Cyber attack and Terrorists. Whatever disaster affects critical national infrastructure will affect corporations and their employees. All hands must therefore be on deck to safeguard the asset of the nation and those of her industries.

4. Industry Security Initiatives For The Cyber Space: Firewalls, Antivirus, Anti-Malware, Pass-Wording, Encryption, Biometric Authentication Systems, Etc. Some Tested Palliative solutions in place If correctly installed, the following technologies can help to block attacks: (These will be explained further

in the following pages). • Firewalls are hardware or software devices that block certain network traffic according to their security

policy. • Software solutions exist to identify and remove malware and to help manage spam email. Many must

be paid for but free versions are also available. • Authentication involves determining that a particular user is authorized to use a particular computer.

This can include simple mechanisms such as passwords, to more complex methods using biometric technology. • Hardware cryptography uses computer chips with cryptographic capabilities intended to protect against

arrange of security threats. • Patches are programs designed by software manufacturers to fix software security flaws. Patching is

often installed automatically. This reduces end-user participation and increases ease of use Biometric Authentification Systems (Bas) According to Osuagwu [4] BAS refers to a brand new technology to reliably indicate whether people are

actually who they say they are using traits unique to them. These traits include fingerprint patterns, the arrangement of tissue in the eye’s iris, and the timbre of a person’s voice.

Factors Used To Authenticate An Individual

Table 2.1. Factors used to authenticate an individual

Source: FFIEC Guidance for Authentication in an Internet Banking Environment

Something a person knows Commonly a password or PIN. If the user types in the correct password or pin, access is granted.

Something a person has Most commonly a physical device, referred to as a token. Tokens include self-contained devices that must be physically connected to a computer, or devices that have a small screen where an OTP is displayed, which the user must enter into an interface to be authenticated by the backend server.

Something a person is Most commonly a physical character, such as a fingerprint, voice pattern, hand geometry, or pattern of veins in the user’s eye. This type of authentication is referred to as biometrics and often requires the installation of specific hardware on the system to be accessed.

Table 2.2. Characteristics of authentication technologies Source: Crystal Research Associates, LLC.



Fig. 2.1. Samples of biometric authentication technologies

Businesses, schools, and apartment buildings are using vascular recognition for physical access control.

Large organizations are also beginning to deploy the technology to manage access to their information technology infrastructure. Vein pattern recognition has been adopted to screen passengers at South Korea’s International Airport and to control access to the tarmac at several Canadian airports. Vascular recognition already has won wide acceptance in banking. More than a dozen Japanese banks and credit unions have made hundreds of ATMs featuring vascular sensors available for everyday use. In the vascular recognition systems developed by Fujitsu and TechSphere after inserting a banking card in a cash machine, the user is prompted to hold a hand near an infrared light source. The light source is paired with a charge-coupled device similar to the one used in standard digital photography. As the near-infrared light passes through the body tissue, it is reflected by the hemoglobin in the blood. This reflected light picked up by the CCD reveals an image of the blood vessels. Within a second or two, the system filters the digitized image, creates a template that it can compare with the encrypted image template associated with the authorized user, and decides whether they match.

The template data can be stored either directly on the chip in a smart card or in a central database. At the commencement of a credit card transaction, you would present your smart credit card to a point-of-sale terminal. The terminal would establish secure communications channels between itself and your card via communications chips embedded in the card and with the credit card company’s central database via Ethernet. The terminal then would verify that your card has not been reported lost or stolen, by exchanging encrypted information with the card in a predetermined sequence and checking its responses against the credit card database.

Early adopters of the technology chose smart card to allow customers maintain possession of their digitized records and free the service provider from having to maintain databases. Vascular pattern sensing has been preferred over fingerprint scanners because users do not have to tough the sensors in order to do transactions which are of concern in some Asian countries where hygiene is an exceptionally important cultural value.

The only criticism against BAS is the invasion of privacy [4]. Critics say that biometric data gathered for one purpose, e.g. Fingerprints taken from non-citizens who enter the US under the US VISIT program can be easily repurposed for application such as criminal identification. Proponents say that current best practices such as not storing the fingerprint or iris scan, but only its data template, are adequate for protecting personal privacy. All we know is that Biometric Authentication is here to stay and should be encouraged in Nigeria to infuse some confidence in electronic fund transfer and e-commerce delivery.

Variants of BAS(see Fig. 2. 4 on market growth) a. Finger Prints: This technique of biometric authentication have been used to secure commercial

transactions since the days of ancient Babylon, where fingerprints have been found among the ruins on clay scale attached to business documents. Each fingerprint contains global features, which can be seen with the naked eye, and local features, also called minutia points, the tiny unique characteristics of fingerprint ridges. Fingerprint scanners can be attached to USB ports as an external peripheral or they can be embedded within device.

b. Iris Scans: This technique analyze vein pattern and has the potential to be more accurate than fingerprints because the iris has about 260 degrees of freedom with regard to its vein patterns. Using an iris scanner requires aligning the eye with a coloured LED inside the camera, then moving the person’s head forward or back until the LED changes colour, signaling that the distance is correct for proper imaging. The system then makes the scan, analyzes the image, and stores the template.

c. Biometric Sensors: This is the new proposal for enhancement of the existing BAS systems posited by Jain and Pankanti [16,17]. This new techniques uses fingerprint sensors and a combination of other BAS techniques could be incorporated. It is going to be economical, protect privacy, and guarantee the validity of all kinds of credit card transactions, including ones that take place at a store, over the telephone, or with an Internet-based retailer. By preventing identity thieves from entering the transaction look, credit card companies could quickly recoup their infrastructure investments and save businesses, consumers, and themselves billions of dollars annually.

d. Smart Cards: A smart card is another example of an authentication method. The size of a credit card, a smart card contains a microprocessor that enables it to store and process data. To be used, a smart card must be inserted into a compatible reader attached to either a computer or some type of electronic reading device. If the smart card is recognized as valid (first factor), the customer is prompted to enter his or her pass-code (second factor) to complete the authentication process. Smart cards are difficult to duplicate and have demonstrated to be tamper resistant, creating a relatively secure vehicle for storing sensitive data and credentials. Some limitations of



smart cards are that they can only be used in the presence of a smart card reader, which has limited portability, and they require additional software to run on most computers. Illustrations of some of the typical types of smart cards are provided in Figure 1.2.

Fig. 2.2 Examples of smart cards Source: Versatile Card Technology, Inc

All the above measures are palliative. However, the most reliable authentication and integrity system today

is the biometric frontiers. This assertion was confirmed by the International Biometric Group in New York City who gave the statistic in Fig. 2.3 which displays the Biometric market breakdown. It is however strongly believed that if perpetrators of cyber crime can be caught and punished, it will further diminish the motivation to commit cyber crime. A combination of BAS and Forensic Technology is likely to produce the desired solution to the cyber criminality conundrum. This brings up the issue of cyber crime policing and law enforcement.

Fig. 2.3. Pin pads

4. FORENSICS SCIENCE & TECHNOLOGY FRONTIER FOR RESOLVING THE LABYRINTH Forensic sciences cover a broad spectrum

of activities ranging from forensic accounting, computer forensics, Chemical, Pharmacological and DNA Analysis etc: Our emphasis in this lecture is Computer Forensics with smartly references to other forensics landscape.

Forensic Accounting Accountants look at the numbers. Fo-

rensic accountants look behind the numbers. If you are concerned about financial discre-pancies and financial fraud, you need more than an accountant. You need a certified forensic accountant (CrFA) who specializes in forensic accounting. Forensic accountants are certified fraud examiners, certified public accountants, investigators and researchers thoroughly trained and will not only find financial discrepancies—they will find out who, what, where, why, when and how—all during the course of forensic accounting financial investigation. More importantly, these experts will help you put together and implement systems and controls to prevent internal or external fraud from happening again.

CrFAs, CPAs, and CFEs specialize in the following areas: Fraud Detection

Fig. 2.4. Projected Biometrics market growth 2003-2008 Source: IEEE Spectrum, March 2004



Expert Witness Testimony Discovery Assistance Royalty Audits Damage Computation Claims Analysis Determination of Compliance If you decide to pursue legal recourse, these experts will be by your side, ready to stand as expert

witnesses to testify about the specifics of the crime uncovered during the forensic accounting investigation. They will also educate the court as to the nature of forensic accounting and fraud examinations, which shows the credibility in the field of forensic accounting. If you feel that your company is, or has been, a victim of financial fraud and you need a certified forensic accountant or CFE, or if you would like to fraud-proof your business and implement proven safeguards, contact Forensic Accountants. Forensic Accountants will show you how certified fraud examiners and forensic accountants can get—and keep—your business on sound financial footing

Computer Forensics Electronic evidence and information gathering have become central issues in an increasing number of

conflicts and crimes. Electronic or computer evidence used to mean the regular print-out from a computer—and a great deal of computer exhibits in court is just that. However, for many years, law enforcement officers have been seizing data media and computers themselves, as they have become smaller and more ubiquitous. In the very recent past, investigators generated their own printouts, sometimes using the original application program, sometimes specialist analytic and examination tools. More recently, investigators have found ways of collecting evidence from remote computers to which they do not have immediate physical access, provided such computers are accessible via a phone line or network connection. It is even possible to track activities across a computer network, including the Internet. The foregoing procedures form part of what is called computer forensics, though some people also use the term to include the use of computers to analyze complex data (for example, connections between individuals by examination of telephone logs or bank account transactions). Another use of the term is when computers are employed in the court itself, in the form of computer graphics, to illustrate a complex situation such as a fraud or as a replacement for large volumes of paper-based exhibits and statements.

The FBI uses computer forensics to retrieve information from a computer’s storage media such as hard drives, chips, boards, central processing units, monitors and printers. After research, the FBI developed techniques to restore even deleted information. When a file is deleted from one’s computer, the information still remains on the hard drive because the operating system only consider the file open to being overwritten. Information on one’s computer is only truly deleted when the sector on the hard drive is overwritten. Thus, the FBI scans the hard drive for all the information stored on servers or networks on a user’s computer in order to create timelines of crimes or whereabouts.[19]

Today, large organizations generate and store hundreds of email boxes with backup data running into terabytes. Forensic tools now exist with capability to mine and allow owners to process and search data of this magnitude, forensically searching mailboxes and user files through a simple interface. This process eliminates duplicate emails and user files, while maintaining an audit trail of the entire process - and ensuring accountability for all material that has been subject to review. For example, there are e-review tools that can be used on many types of electronic documentation which work equally well, regardless of whether the data sets are in English, Chinese, French or any other character sets.

So, how can computer forensics be defined? The scientific collection; recovery preservation, legal analysis and presentation of data held or

retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.

Application of computer investigation and analysis techniques in the interests of determining potential legal evidence[ 20]

Taking an autopsy of the computer using specialized software and techniques to analyze exactly what actions the computer has taken and what data is stored. It does not prove causality. The evidence obtained may then be explained and presented to those who will make the ultimate decision about how to proceed in the criminal investigation.

The origin of Computer Forensics Science can be traced to the first training session held by the

International Association of Computer Specialists (IACIS) in 1991[21]. By the way it was originally conceived; it refers to the application of law in the field of computing and deals with the preservation, identification, extraction and documentation of computer evidence. Computer evidence can be anything from entire copies of hard drives to individual files on a desktop [21]. The field of computer forensics has grown rapidly in the past decade as the amount of computer-related crime has risen. Corporations are using the techniques not only to investigate computer crimes within a company, but also as a preventative measure to deter future crimes. Law enforcement agencies are learning to use computer forensics to gain evidence in crimes not computer related. As Thomas Rude of CISSP recently posited: “The Science of Computer Forensics is fast becoming a very necessary skill-set for law enforcement departments, government entities and corporations worldwide. As society becomes more digitized, the need for skilled personnel in this arena becomes more and more pressing.”[22]



Thus, Computer Forensics is the application of scientifically proven methods to gather, process, interpret, and to use digital evidence to provide a conclusive description of cyber rime activities. It is the use of specialized techniques for recovery, authentication and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, and authentication of data by technical analysis or explanation of technical features of data and computer usage. It includes the act of making digital data suitable for inclusion into a criminal investigation.[11]. Today cyber forensics is a term used in conjunction with law enforcement and is offered as courses at many colleges and universities around the world [11]. Computer forensics is about evidence from computers that is sufficiently reliable to stand up in court and be convincing. Computer forensics, also referred to as computer forensic analysis, electronic discovery, electronic evidence discovery, digital discovery, data recovery, data discovery, computer analysis, and computer examination, is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence. A thorough analysis by a skilled examiner can result in the reconstruction of the activities of a computer user. Computer forensics is thus the collection, preservation, analysis, and presentation of computer-related evidence. Computer evidence can be useful in criminal cases, civil disputes, and human resources/employment proceedings. Computer forensics can often find evidence of, or even completely recover, lost or deleted information, even if the information was intentionally deleted. Computer Forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. You might employ a computer forensics specialist to acquire evidence from computers on your behalf. On the other hand, you may want one to criticize the work of others. The field is a rapidly growing one, with a solid core but with many controversies at its edges. There are few specializations in computer forensics. Below is a sample curriculum for a four- semester MS degree program in Forensics Science:

Core Curriculum FSS 605 Forensic Digital Imaging 3 FSS 609 Introduction to Cyber-crime 3 FSS 676 Advanced Digital Evidence Detection & Recovery 3 ISS 631 Information Security 3 FSS 604 Genetics and DNA Technology 3 FSS 606 Crime Scene & Death Investigation 2 FSS 612 Introduction to Forensic Microscopy 3 FSS 618 Forensic Comparative Science 3 FSS 622 Forensic Analytical Chemistry I 3 FSS 624 Biochemistry: Forensics 4 FSS 630 Forensic Internship 5 FSS 632 Foundation & Fundamentals in Digital Evidence 3 FSS 665 Forensic Science Legal Issues 3 FSS 680 Forensic Science Seminar: Semester 1 1 FSS 680 Forensic Science Seminar: Semester II 1 FSS 680 Forensic Science Seminar: Semester III 1 FSS 680 Forensic Science Seminar: Semester IV 1 MTH 519 Statistics for Forensic Science Electives FSS 609 Introduction to Cyber-crime 3 FSS 610 Bioterrorism 3 FSS 681 Thesis 6 FSS 685 Research Methods 6 FSS 620 Principles of Medical Microbiology 6 MCB 642 Graduate Microbiology I 4 MCB 643 Principles of Immunology 3 MCB 660 Graduate Virology 3 PMC 625 Drug Metabolism 3 PMC 630 Chemical Aspects of Pharmacology 3 PMC 633 Vistas in Pharmacology 3 PMC 650 General Toxicology 3 BIC 638 Nucleic Acids and Protein Synthesis 3 MBS 670 Basic Methods in Molecular Cloning 2 Emphasis On Dna Analysis These courses must be taken: FSS 603 Genetics & DNA Laboratory I 2 BMS 600 Cellular/Molecular Biology 3 BMS 614 Human Genetics 2 TOTAL CREDIT HOURS REQUIRED TO GRADUATE 44



Emphasis On Computer Forensics FSS 605 Forensic Digital Imaging 3 FSS 609 Introduction to Cyber-crime 3 FSS 576 Advanced Digital Evidence Detection & Recovery 3 ISS 631 Information Security 3 TOTAL CREDIT HOURS REQUIRED TO GRADUATE 49 From the sample core and elective courses above, you may have observed varied specializations in

forensic science – Computer Forensics, Microbiology forensics, Pharmacology Forensics, DNA Analysis, and Forensic Chemistry etc. However the crucial courses for Computer Forensics specialization include:

Crime Scene and Death Investigation Forensic Comparative Science Forensic Analytical Chemistry I Genetics & DNA Technologies Introduction to Forensic Microscopy Foundations and Fundamentals in Digital Evidence Forensic Science Legal Issues. Key Elements Of Computer Forensics Investigation A Forensic examiner is impartial. His job is to analyze the media and report findings with no presumption

of guilt or innocence The media used in forensic examinations must be sterilized before each use A true image of the original media must be made and used for the analysis The integrity of the original media must be maintained throughout the entire investigation [22] Criteria For Acceptance Of Evidentiary Techniques In The Courts In the United States, for example, there was a precedent setting case in 1993; Daubert v. Merrel

Dow Pharmaceuticals (92-102), 509 U.S. 579(1993). That case lays out a set of five elements that must be achieved in order for evidence gathered by an unproven technique to be accepted. These include:

Whether the theory or technique can be and has been tested Whether it has been subjected to peer review and publication The known or potential error The general acceptance of the theory in the scientific community Whether the proffered testimony is based upon the expert’s special skill. Other countries have their own precedents that validate electronic forensics evidence gathering methods.

The tools, techniques and methodologies of electronic investigation, gathering and analysis have been tried and proven and are accepted in many countries of the world [23]

Forensic Techniques Computer forensics although employing some of the same skills and software as data recovery, is a much

more complex undertaking. In data recovery, the goal is to retrieve the lost data. In computer forensics, the goal is to retrieve the data and interpret as much information about it as possible. The continuing technological revolution in communications and information Exchange has created an entirely new form of crime: cyber crime or computer crime. Computer crime has forced the computer and law enforcement professions to develop new areas of expertise and avenues of collecting and analyzing evidence. This is what has developed into the science of computer forensics. The process of acquiring, examining, and applying digital evidence is crucial to the success of prosecuting a cyber criminal. With the continuous evolution of technology, it is difficult for law enforcement and computer professionals to stay one step ahead of technologically savvy criminals. To effectively combat cyber crime, greater emphasis must be placed on the computer forensic field of study, including but not limited to financial support, international guidelines and laws, and training of the professionals involved in the process, as well as the following subject matter:

The Computer Forensic Objective The Computer Forensic Priority The accuracy versus speed conflict The need for computer forensics The double tier approach Requirements for the double tier approach The computer forensics specialist Forensic Tools, Techniques And Technologies There are rules of what to do where forensic skills are required.



Before the investigation starts, handle the computer with care so that no evidence is destroyed or damaged, no computer virus may infect the system, and no evidence is destroyed by mechanical or electro-magnetical influences. It is also crucial that the evidence is always kept in custody and that none of the confidential information on the suspect’s computer system is misused. After the expert discovers all hidden files, recovers all deleted files and access all encrypted files, they create an overall analysis in which an overview of the computer system is given and every conspicuous pattern is displayed. The electronic investigations also show which files have been deleted or protected. The Computer forensic expert will then assist in the investigation or litigation as a consultant.

On arrival at the investigation scene, they first unplug the computer in case it is running a file-erasure program that could potentially destroy evidence. An image backup of the hard drive is made and used for all examination of the data so that there is no chance of damage to the original drive. The backup will include all active and deleted files, fragments of data not completely overwritten; swap files, embedded data and metadata, and much more. Because of the volatile nature of electronic evidence, simple tasks such as booting up a computer or saving a document can alter data or other files. He is able to make an image backup without damaging or tampering with potential evidence, which is critical in the legal system.

Next, the mirror image is taken to the lab for retrieval and analysis. Some criminals use encryption programs to make their files unreadable. Experts use specialist software to recover encrypted or password protected documents during the retrieval process. A forensics expert can also recover deleted computer files and email, identify what websites have been visited and what files have been downloaded, and find any attempts to conceal or destroy evidence.

The biggest challenge for the Forensics Expert is the size of the hard disk today which goes up to

100GB of space. The bigger the hard drive, the longer the investigation takes. Sources Of Useful Computer Evidence Cell phones Personal Digital Assistants (PDA) Digital Cameras Desktop and Laptop Computers Servers (web, email, file, database, and more) Network Storage Devices External hard Drives Tape Devices Specialty Devices (JAZ, ZIP, REV, LS120 etc.) Digital Camcorders Ethical Challenges Ethics are standards for thought, word, and deed that constrain a person to do what is right and good

(rather than simply what is easy, comfortable, or self-serving). Ethics as used here refer primarily to an individual’s inner standards based on orientation, intention, and motivation. In order to apply this definition to practical decision making it is necessary to specify the nature of the moral obligations considered intrinsic to ethical behaviour. First, the ability to discern right from wrong, good from evil and propriety from impropriety. The second involves the commitment to do what is right, good and proper. Ethics is an action concept; it is not simply an idea to think and argue about. The terms “values” and “ethics” are not interchangeable. Ethics is concerned with how a moral person should behave, whereas values simply concern the various beliefs and attitude that determine how a person actually behaves. Some values concern ethics when they pertain to beliefs as to what is right and wrong most; most values do not. Ethical commitment refers to a strong desire to do the right thing, especially when ethical behaviour imposes financial, social or emotional costs. It has been proven almost all people believe that they are or should be ethical. People need to understand that ethical principles are ground rules of decision making – not just factors to consider. Ethics has a price and sometimes people must choose between what they want and what they want to be. Ethics also has a value, which makes self-restraint and sacrifice, service and charity, worthwhile. Some examples of ethical values include:

Trustworthiness: honesty, integrity, promise-keeping, loyalty Respect: autonomy, privacy, dignity, courtesy, tolerance, acceptance Responsibility: accountability, pursuit of excellence Caring: compassion, consideration, giving, sharing, kindness, loving Justice and fairness: procedural fairness, impartiality, consistency, equity, equality, due process Civic virtue and citizenship: law abiding, community service, protection of environment. The integrity of forensic process requires the implied guarantee that the seizure and capture of digital data

is performed in a forensically sound manner. The processes and software tools we use are specialized for this purpose, and consistent with those utilized by international law enforcement agencies and accepted by the courts in most countries.

In order to enhance the integrity of data and forensic application results, it is necessary to apply world-class computer forensic and electronic evidence recovery services. This implies, ability to organize search for high-tech intrusive incidents including hacking/cracking, threatening e-mail, piracy, Virus/Worms and other internet borne incidents



Roles of a Computer in Crime - The Investigation Proper A computer can play one of three roles in a computer crime. A computer can be the target of the crime, it

can be the instrument of the crime, or it can serve as an evidence repository storing valuable information about the crime. In some cases, the computer can have multiple roles. It can be the “smoking gun” serving as the instrument of the crime. It can also serve as a file cabinet storing critical evidence. For example, a hacker may use the computer as the tool to break into another computer and steal files, then store them on the computer. When investigating a case, it is important to know what roles the computer played in the crime and then tailor the investigative process to that particular role.

Applying information about how the computer was used in the crime also helps when searching the system for evidence. If the computer was used to hack into a network password file, the investigator will know how to look for password cracking software and password files. If the computer was the target of the crime, such as an intrusion, audit logs and unfamiliar programs should be checked. Knowing how the computer was used will help narrow down the evidence collection process. With the size of hard drives these days, it can take a very long time to check and analyze every piece of data a computer contains. Often law enforcement officials need the information quickly, and having a general idea of what to look for will speed the evidence collection process.

The Computer Forensic Objective The objective of a computer forensics examination is to recover, analyze, and present computer-based

material in such a way that it is useable as evidence in a court of law. The key phrase here is useable as evidence in a court of law. It is essential that none of the equipment or procedures used during the examination of the computer omit this particular objective.

The Computer Forensic Priority

Computer forensics is concerned primarily with forensic procedures, rules of evidence, and legal processes. It is only secondarily concerned with computers. There fore, in contrast to all other areas of computing, where speed is the main concern, in computer forensics the absolute priority is accuracy. One talks of completing work as efficiently as possible, that is, as fast as possible without sacrificing accuracy.

Accuracy versus Speed

In our world full of daily pressures, precious resource of time is usually at a premium; pressure is heaped upon you to work as fast as possible. Working under such pressure to achieve deadlines may induce you to take shortcuts in order to save time leading sometimes to poor performance. In computer forensics, as in any branch of forensic science, the emphasis must be on evidential integrity and security. In observing this priority, every forensic practitioner must adhere to stringent guidelines. Such guidelines do not encompass the taking of shortcuts, and the forensic practitioner accepts that the precious resource of time must be expended in order to maintain the highest standards of work.

The Role of Computer Forensics Specialist

A computer forensics specialist is the person responsible for doing computer forensics. The computer forensics specialist will take several careful steps to identify and attempt to retrieve possible evidence that may exist on a subject computer system:

1. Protect the subject computer system during the forensic examination from any possible alteration, damage, data corruption, or virus introduction.

2. Discover all files on the subject system. This includes existing normal files, deleted yet remaining files, hidden files, password-protected files, and en-crypted files.

3. Recover all (or as much as possible) of discovered deleted files. 4. Reveal (to the extent possible) the contents of hidden files as well as temporary or swap files used by

both the application programs and the operating system. 5. Accesses (if possible and if legally appropriate) the contents of protected or

encrypted files. 6. Analyze all possibly relevant data found in special (and typically inaccessible) areas of a disk. This

includes but is not limited to what is called unallocated space on a disk (currently unused, but possibly the repository of previous data that is relevant evidence), as well as slack space in a file (the remnant area at the end of a file, in the last assigned disk cluster, that is unused by current file data but once again may be a possible site for previously created and relevant evidence).

7. Print out an overall analysis of the subject computer system, as well as a listing of all possibly relevant files and discovered file data. Further, provide an opinion of the system layout; the file structures discovered; any discovered data and authorship information; any attempts to hide, delete, protect, or encrypt information; and anything else that has been discovered and appears to be relevant to the overall computer system examination.

8. Provide expert consultation and/or testimony, as required [11,14]

Users of Computer Forensic Evidence Many types of criminal and civil proceedings can and do make use of evidence revealed by computer

forensics specialists. Criminal Prosecutors use computer evidence in a variety of crimes where incriminating documents can be found: homicides, financial fraud, drug and embezzlement record-keeping, and child pornography. Civil litigations can readily make use of personal and business records found on computer systems that bear on fraud, divorce, discrimination, and harassment cases. Insurance companies may be able to mitigate costs by using discovered computer evidence of possible fraud in accident, arson, and workman’s compensation



cases. Corporations often hire computer forensics specialists to find evidence relating to sexual harassment, embezzlement, theft or misappropriation of trade secrets, and other internal/confidential information. Law enforcement officials frequently require assistance in pre-search warrant preparations and post-seizure handling of the computer equipment. Individuals sometimes hire computer forensics specialists in support of possible claims of wrongful termination, sexual harassment, or age discrimination [11].

If there is a computer on the premises of a crime scene, the chances are very good that there is valuable evidence on that computer. If the computer and its contents are examined (even if very briefly) by anyone other than a trained and experienced computer forensics specialist, the usefulness and credibility of that evidence will be tainted. Choosing a Computer Forensics Specialist for a Criminal Case is therefore crucial. When you require the services of a computer forensics specialist, do not be afraid to shop around. There are an increasing number of people who claim to be experts in the field. Look very carefully at the level of experience of the individuals involved. There is far more to proper computer forensic analysis than the ability to retrieve data, especially when a criminal case is involved. Think about computer forensics just as you would any other forensic science and look for a corresponding level of expertise. The bottom line is that you will be retaining the services of an individual who will likely be called to testify in court to explain what he or she did to the computer and its data. The court will want to know that individual’s own level of training and experience, not the experience of his or her employer. Make sure you find someone who not only has the expertise and experience, but also the ability to stand up to the scrutiny and pressure of cross-examination.

Employer Safeguard Program As computers become more prevalent in businesses, employers must safeguard critical business

information. An unfortunate concern today is the possibility that data could be damaged, destroyed, or misappropriated by a discontented individual. Before an individual is informed of their termination, a computer forensic specialist should come on-site and create an exact duplicate of the data on the individual’s computer. In this way, should the employee choose to do anything to that data before leaving, the employer is protected. Damaged or deleted data can be replaced, and evidence can be recovered to show what occurred. This method can also be used to bolster an employer’s case by showing the removal of proprietary information or to protect the employer from false charges made by the employee. Whether you are looking for evidence in a criminal prosecution or civil suit or determining exactly what an employee has been up to, you should be equipped to find and interpret the clues that have been left behind. This includes situations where files have been deleted, disks have been reformatted, or other steps have been taken to conceal or destroy the evidence. For example, did you know

What Web sites have been visited what files have been downloaded when files were last accessed of attempts to conceal or destroy evidence of attempts to fabricate evidence

That the electronic copy of a document can contain text that was removed from the final printed version

that some fax machines can contain exact duplicates of the last several hundred pages received. That faxes sent or received via computer may remain on the computer indefinitely. That email is rapidly becoming the communications medium of choice for businesses .That people tend to write things in email that they would never consider writing in a memorandum or letter That email has been used successfully in criminal cases as well as in civil litigation. That email is often backed up on tapes that are generally kept for months or years. That many people keep their financial records, including investments, on computers [15]

Computer Forensics Services No matter how careful they are, when people attempt to steal electronic information (everything from

customer databases to blueprints), they leave behind traces of their activities. Likewise, when people try to destroy incriminating evidence contained on a computer (from harassing memos to stolen technology), they leave behind vital clues. In both cases, those traces can prove to be the smoking gun that successfully wins a court case. Thus, computer data evidence is quickly becoming a reliable and essential form of evidence that should not be overlooked. A computer forensics professional does more than turn on a computer, make a directory listing, and search through files. Your forensics professionals should be able to successfully perform complex evidence recovery procedures with the skill and expertise that lends credibility to your case. For example, they should be able to perform the following services:

Data seizure Data duplication and preservation Data recovery Document searches Media conversion Expert witness services Computer evidence service options E-Discovery Litigation support Other miscellaneous services



Other Extended Services Include: o Analysis of computers and data in criminal investigations o On-site seizure of computer data in criminal investigations o Analysis of computers and data in civil litigation. o On-site seizure of computer data in civil litigation o Analysis of company computers to determine employee activity o Assistance in preparing electronic discovery requests o Reporting in a comprehensive and readily understandable manner o Court-recognized computer expert witness testimony o Computer forensics on both PC and Mac platforms o Fast turnaround time o Locating, identifying and securing all forms of electronic data; o Providing specialized computer forensic analysis and expert report; o Consolidating terabytes of data for easy and accountable review; o Providing forensic electronic review environments for corporate email and user files; o Providing electronic review environments for global languages; o Interrogating data from large financial systems and ERP environments for fraud and fraud-related and

regulatory compliance issues; and o Reviewing high-tech intrusive incidents including unlawful access to a computer network, threatening

e-mail, privacy and other internet borne incidents. o

Working Tools of The Trade Deployed In Field Forensics Some of the field tools used by Forensics Professionals are presented below. They include:

(a) Image Capture ICS Image Master forensic duplication systems are deployed for image acquisition. As an extra precaution,

forensic experts use the ICS Image Master Drive Lock hardware write blocker to prevent data from being written to the evidence source drive. Because ICS image acquisition tools are designed for portability, professionals can take forensic lab to where the evidence is. Experience has shown that courts are more willing to grant access to digital evidence when the acquisition process is done onsite with a minimum amount of system down time. ICS products are the state of the art in computer forensics acquisition. Forensics professionals also use Digital Intelligence Firefly write protection devices to capture images from SATA and SCSI hard drives.

Fig. 2.3. ICS Image MASSter Solo Fig. 2.4. ICS Image MASSter 550i

Fig. 2.5. ICS Drive Lock (b) Forensic Examination Forensic Professionals use Access Data Corporation's Forensic Tool Kit (FTK) and Password Recovery

Tool Kit (PRTK) for all forensic examinations. Access Data has the best forensic tools on the market. They allow much faster and more thorough examination than any other forensics analysis software product. With this tool, professionals are able to complete forensic examinations in hours, not days, as was the case with previous forensics tools.



Fig. 2.6. Access Data Corp. FTK Fig.2.7. Access Data Corp. PRTK

Fig. 2.8. Access Data Corp. DNA Source: www.AbramsForensics.com

Raman Spectrometer For Analysis Of Solids, Liquids, Pastes And Slurries. The Inspector Raman™ is a robust, portable Raman spectrometer that fits in your hand for analysis of

solids, liquids, pastes, and slurries. This lightweight, dispersive spectrometer has no moving parts and may be used in any position. Raman spectroscopy offers the advantage of identifying various substances by their unique fingerprint, based on the chemical structure of the unknown, and can do so through walls of sealed bags, transparent bottles, flasks, vials, and ampoules without opening the container. Data is retrieved remotely with Blue Tooth technology or USB with a Fujitsu laptop and NuSpec™ software. Spectral libraries are developed using DeltaNu’s library development software for identification of unknown substances and quantification of various compounds.

Applications Reaction monitoring Authentication of historical works of art Raw material identification Analysis of organ metallic compounds in a glove box Botanical research Octane number in fuels Edible oil analysis Features and Specifications Solids: Point and shoot attachment Liquids: Sample cell attachment for 8mm vials, NMR tubes, or MP tubes Microscopy: Optional microscope attachment (NuScope™) Portability

o weighs under 5 lbs o remote trigger o wireless Blue Tooth connectivity (or USB) o battery powered with 5 hours of continuous use

Instrument specifications: o laser: 120mW 785 nm o resolution: 8 cm-1 o spectral range: 200 – 2000 cm-1

PC and software o Laptop PC o NuSpec™ software and library development software

One year parts and labour warranty



5. DATA PRESENTATION ANALYSIS AND HYPOTHESIS TESTING Total number of questionnaires administered 60 100% Total respondents 50 83.3% For purposes of clarity, the research questions and hypothesis are re-presented here: Research questions This paper will at the end answer the following questions: What factors are responsible for the increasing crime wave in the super highway in Nigeria? Is the Nigeria Police ready with the right training and skill to arrest cyber crime? What can be done to control the menace? Is an Enabling Act of parliament necessary to accelerate the ability of Nigerian Police to tackle cyber

crime? Hypothesis Ho1: Nigerian Police has adequate computer and forensic training to tackle the Present cyber crime

menace. Ha1: Nigerian Police has NO adequate computer and forensic training to tackle the present cyber crime

menace. Ho2: Negative Social Values has NO impact on the increasing trend in cyber criminality in Nigeria. Ha2: Negative Social Values has IMPACT on the increasing trend in cyber criminality in Nigeria. Ho3: Legislative backing (by Act of Parliament) is UNNECESSARY to enhance Police capability to police

cyber crime. Ha3: Legislative backing (by Act of Parliament) is NECESSARY to enhance Police Capability to police

cyber crime. Population Sample 60 questionnaires randomly distributed amongst various levels of Police Hierarchy. Mathematical & Analysis Tool The responses will be collated, arranged and subjected to Analysis of Variance, Multiple Regression and if

need be Discriminant Analysis. The results will deployed to testing the Hypothesis and to answer the research questions posed in this research paper. This will lead to conclusions and recommendations.

CLUSTER I: POLICE COMPUTER AND FORENSIC TRAINING

LIKERT KEY: [1] Do not Agree [2] Fairly agree [3] Averagely agree [4] agree to a large extend [5] Fully agree

Sample Questionnaire Response

Respondents Q1 Q2 Q3 Q4

Q5 1 1 1 1 1

2 2 2 2 1 1

2 3 1 1 1 1

2 4 1 1 1 1

2 5 1 1 2 1

2 6 1 1 1 1

2 7 1 1 1 1

2 8 1 1 1 1

2 9 1 1 1 1

2 10 1 2 1

1 2 11 1 1 1

1 2 12 1 1 1

3 2 13 1 1 1

1 2 14 2 1 1

1 2 15 1 1 1

1 2 16 1 1 3

2 3 17 1 1 1

1 2



18 1 1 1 1 2

19 1 1 1 1 2

20 1 1 4 1 2

21 1 1 1 1 2

22 1 1 1 1 2

23 3 1 1 1 2

24 1 1 4 1 2

25 1 1 1 1 2

26 1 1 1 1 2

27 1 1 1 1 2

28 1 1 1 1 2

29 1 4 1 1 2

30 1 1 1 1 2

31 2 1 3 1 2

32 2 2 1 1 2

33 1 1 1 1 2

34 1 1 1 1 2

35 1 1 1 1 2

36 1 1 1 1 2

37 1 1 3 1 2

38 1 1 1 1 2

39 1 1 1 1 2

40 1 2 1 1 2

41 1 1 1 1 2

42 1 1 1 1 2

43 1 1 1 5 2

44 1 1 1 1 2

45 1 1 1 1 2

46 1 1 1 1 2

47 1 1 1 1 2

48 1 1 1 1 2

49 2 1 3 1 2

50 1 2 1 4 2

Anova: Single Factor on Cluster I SUMMARY

Groups Count Sum Average Variance Column 1 50 57 1.14 0.163673 Column 2 50 58 1.16 0.259592 Column 3 50 65 1.3 0.622449 Column 4 50 60 1.2 0.571429 Column 5 50 101 2.02 0.02 ANOVA Source of Variation SS df MS F P-value F crit

Between Groups 27.656 4 6.914 21.11606 5.65E-15 2.408488 Within Groups 80.22 245 0.327429 Total 107.876 249



DECISION: Reject Ho1 since Fcal at α = 0.05 (95% c.l.) at 49 df .> fcrit at α = 0.05 = 2.408 This implies that Nigerian Police is yet to acquire adequate computer and forensics training to couple with

the cyber crime scourge. This is further buttressed by a mean score 2.02 which falls on the Likert scale of 2 (fairly agree which is very low) which is the second on the scale of priorities on a 5-point scale.

CLUSTER II: IMPACT OF BAD SOCIAL VALUES

Anova: Single Factor

SUMMARY Groups Count Sum Average Variance

Column 1 50 235 4.7 0.214286 Column 2 50 166 3.32 1.038367 Column 3 50 177 3.54 0.865714 Column 4 50 177 3.54 0.865714 Column 5 50 236 4.72 0.287347

ANOVA Source of Variation SS df MS F P-value F crit

Between Groups 94.376 4 23.594 36.0607 1.09E-23 2.408488 Within Groups 160.3 245 0.654286

Total 254.676 249

DECISION: Reject Ho1 since Fcal at α = 0.05 (95% c.l.) at 249 df = 36.061.> fcrit at α = 0.05 = 2.408 This implies that bad social values have very serious influence on why Nigerian youths are joining 419

and cyber crime scourge.

CLUSTER III: ENACTMENT OF CYBER CRIME AND 419 ACT

Anova: Single Factor SUMMARY

Groups Count Sum Average Variance Column 1 50 235 4.7 0.214286 Column 2 50 168 3.36 0.969796 Column 3 50 187 3.74 0.686122 Column 4 50 190 3.8 0.77551

ANOVA

Source of Variation SS df MS F P-value F crit Between Groups 48.36 3 16.12 24.37149 1.9E-13 2.650677 Within Groups 129.64 196 0.661429

Total 178 199

DECISION: Reject Ho1 since Fcal at α = 0.05 (95% c.l.) at 249 df = 24.37.> fcrit at α = 0.05 = 2.65 This implies that there is urgent need to enact the cyber crime Act promptly enable Nigerian Police battle

with cyber crime policing and 419.

6. SUMMARY, CONCLUSIONS AND RECOMMENDATIONS All the three null hypothesis tested were rejected implying that there is urgent need for retraining of

security operatives, re-orientation of our social value system and urgent enactment and enforcement of Cyber Crime Act. Computer forensics has been around for a while and is rapidly becoming a specialized and accepted investigative technique (in a court of law) with its own tools and legal precedents that validate the discipline. Basically it is a computing profession dedicated to finding the truth.[23]. The domain of computer forensics is not to assign guilt or innocence but rather to find facts in the form of electronic evidence that can be presented in a coherent way so that others may weight the evidence and then assign guilt or innocence where appropriate.

Given the enormity of task in cyber crime control and policing, the absence or dearth of trained and qualified computer forensics law enforcement officers, there is urgent need for the Federal Government to pay attention to the training of adequate EFCC and police officers in the computer forensic sciences to enhance effective policing of the ever increasing cyber criminals. The problem is serious, particularly now that the Federal Government has passed the Information Technology Bill for this purpose. A law made but cannot be enforced is no law. Cyber criminals will be forced to retreat if a large percentage of fraudsters are arrested, prosecuted and punished at first attempt. It is strongly recommended that Polytechnics and Universities should establish advanced computer and Computer Forensics training at Certificate, Diploma and degree courses to meet the ever-increasing demand for this type of urgently needed personnel. The provision of adequately qualified experts will beef their deployment in the Police and Military. This may well be the antidote to the fast eroding confidence in e-commerce and international trade in Nigeria. No nation can ignore the threat of cyber criminality and terrorism.



As A M’bow, for UNESCO Scribe, rightly pointed out three decades ago: “Information Technology has opened up such tremendous vista for modern societies that any failure to master it would mean a life of permanent sub-ordination. For information technology is more than a form of power, it is a power system. The technology which it involves is not just one form of technology among others but an ability to make use of other techniques to give or refuse access to a whole range of scientific data and knowledge and thus to design new models of development”.[25]

REFERENCES

1. Osuagwu O.E. (2007, 2008) Global Internet Terrorism & Fraud Pandemic: E-Commerce

Bottlenecks and the Challenge of Computer Forensics, M.S/PhD Dissertation, American Heritage University of Southern California, San Bernardino, California.

2. Osuagwu O.E. (2008) Software Engineering: A Pragmatic and Technical Perspective, Olliverson Industrial Publishing House, (OIPH) Owerri, Nigeria, pp.478-499

3. Osuagwu O.E. (2008) Insight into the New Frontiers of Computer Forensics & Cyber-Criminality ( with Case Studies), OIPH, Owerri, Nigeria.

4. Osuagwu O.E. et.al. (2007) Blocking Credit Card Fraud via Biometric Authentication Systems, Proceedings of the International Conference of the Nigeria Computer Society, Concord Owerri June 2007

5. U.S. Federal Trade Commission (FTC) 6. A U.S. FTC survey released in September 2003 7. URL: www.Incardtechnologies.com 8. Computer crime, October 2006 Number 271 Page 2 9. 2002/03 British Crime Survey 10. Osuagwu O.E. et.al. (2007) Blocking Credit Card Fraud via Biometric Authentication Systems,

Proceedings of the International Conference of the Nigeria Computer Society, Concord Owerri June 2007

11. URL: http://www.webopedia.com/term/c/cyber_FORENSICS.htm http://www.iwar.org.uk/cip/resources/pcipb/cyberstrategy.htm “2003 Computer Crime and Security Survey,” Federal Bureau of Investigation, J. Edgar Hoover Building, 935 Pennsylvania Avenue, NW, Washington, D.C. 20535-0001, 2003.

12. [Ken Baiman (2006). 13. Robbins, Judd,(20040) “An Explanation of Computer Forensics,” National Forensics Center, 774

Mays Blvd. #10 143, Incline Village, NV 89451, 2004 [The Computer Forensics Expert Expert Witness Network, 472 Scenic Drive, Ashland,OR] (©2004, National Forensics Center. All rights reserved), 2001.

14. Vacca, John R.(2002), The Essential Guide to Storage Area Networks, Prentice Hall, New York, 2002

15. Alfred C. Weaver (2006) Biometric authentication, Computer Feb 2006. 16. Anil K. Jain & Sharathchandra Pankanti (2006) A Touch of Money, IEEE Spectrum July 2006. 17. Willie D. Jones (2006) Blood Test – Vascular Patterns Provide New Means of Identification and

Authentication. IEEE Spectrum 18. Federal Ministry of Justice (2004) IT Bill 2004 19. Noblett, Michael G., Pollitt, Mark M., and presley, Lawrence A. (2002) Recovering and Examining

computer Forensic Evidence, US. Department of Justice, Federal Bureau of Investigation, Forensic Science Communications, Vol. 2, No. 4 (www.Fbi.gov).

20. Nelson, Bill, Phillips, Amelia, Enfinger, Frank, and Steward, Chris (2004), Guide to Computer Forensics and Investigations Thomson, Course Technology, Boston.

21. New Technologies, Inc (Forensics-intl.com). 22. Rude, Thomas, (2000) Guidance Seizure Methodology for Computer Forensics, http://www.crazy

nights.com/seizure.html. 23. Wolfe, Henry B., (2003). Computers and Security, El Servier Science, Ltd., pp. 26-28

(www.sciencedirect.com). 24. URL: http://www.protegga.com/services.html. 25. Osuagwu O.E., Anyanwu E. (2003) Management of Information Technology at Periods of

Technological Discontinuity, OIPH, Owerri, Nigeria, p.23. 26. FIB Anthrax Report (2001)



APPENDIX A1: Letter for questionnaire administration

Department of I.M.T Federal University of Technology

Owerri

May 24, 2009 Dear sir,

The attached questionnaire is intended to test the need to deploy Forensic Science & Technology for

resolving National Cyber-Security Challenges. This has become necessary given the negative impact 419 and cyber crime have created for Nigeria. We feel there is urgent need for massive IT training for the Nigerian Police, particularly in the field of Forensics, Re-orientation of national psyche where knowledge, intellect, honesty, piety are encouraged instead of ill-gotten wealth and promotion of kidnapping, ritual murder, and armed gangsterism.

This questionnaire is being randomly distributed amongst various levels of Police hierarchy. The data

collected will be subjected to scientific analysis for the purpose of proving or disproving our research questions and hypothesis.

We shall be grateful for your cooperation. Yours sincerely

Prof. O. E. |Osuagwu, D.Sc, PhD, FNCS, FCPN, FBCS, CITP, MACM, MIEEE Professor of Information Technology, FUTO Research Team Leader

APPENDIX A2: Cluster I: police computer and forensic training

LIKERT KEY: [1] Do not Agree [2] Fairly agree [3] Averagely agree

[4] agree to a large extend [5] Fully agree

1. Have you had Computer training? [1] [2][3][4][5] 2. Do you know how to write computer program or interprete it? [1] [2][3][4][5] 3. Have you been trained in Computer Forensics and e-discovery? [1] [2][3][4][5] 4. Have you used the following tools in your crime investigation? Raman Spectrometer For Analysis Of Solids, Liquids, [1] [2][3][4][5]

Pastes And Slurries Access Data Corp. PRTK [1] [2][3][4][5] Access Data Corp. FTK [1] [2][3][4][5] Access Data Corp. DNA [1] [2][3][4][5] ICS Image MASSter Solo [1] [2][3][4][5] Digital Media Exploitation Kit [MEK] [1] [2][3][4][5] Odyssey [1] [2][3][4][5] Advanced Forensic Format (AFF) [1] [2][3][4][5] 5. What major did you specialize at HND/B.Sc?

Computing/IT = 5 others =2

APPENDIX A3: Cluster II: impact of bad social values LIKERT KEY: [1] Do not Agree [2] Fairly agree [3] Averagely agree

[4] agree to a large extend [5] Fully agree

1. Do you believe that the promotion of wealth no matter how ill-gotten Has led to a social milieu which worships money, rather than good Behavior, piety, culture and intellect has led the youth to line up for the Evil practice called 419 and cyber criminality [1] [2][3][4][5]

2. Do you believe that unemployment is the key motivator for the ascendance Of 419 and cybercrime other than (1) above? [1] [2][3][4][5]



3. Do you think the introduction of Social Security as obtains in the US and Europe will help to steam the 419 and cyber crime syndrome? [1] [2][3][4][5]

4. Do you believe that mass creation of jobs for Nigeria youths Will better do the miracle than question 3 above? [1] [2][3][4][5]

5. Do you believe the general spirit of corruption in the civil service Has influence on the behaviour of the youths which have joined

The 419 and cyber crime . [1] [2][3][4][5]

APPENDIX A3: Cluster II: enactment of an enabling act

LIKERT KEY: [1] Do not Agree [2] Fairly agree [3] Averagely agree [4] agree to a large extend [5] Fully agree

1. Do you think the absence of Enabling Act to tackle cyber crime is responsible for the rising incidence of cyber crime and 419? [1] [2][3][4][5] 2. Do you feel such a law should be deployed urgently? [1] [2][3][4][5] 3. Do you think the Enabling Act should give Police the Authority to Arrest any suspect, seize the computers And prosecute the suspect in the court of law? [1] [2][3][4][5] 3. Do you believe that the 419 and the cyber crime syndrome Has negatively affected Nigeria’s image in the comity of nations And has led to absence of confidence in the e-payment system And e-commerce and you believe this situation has to be arrested Promptly? [1] [2][3][4][5]

APPENDIX B: Output of questionnaire analysis of variance

Respondents Q1 Q2 Q3 Q4 Q5 1 1 1 1 1 2 2 2 2 1 1 2 3 1 1 1 1 2

4 1 1 1 1 2 5 1 1 2 1 2 6 1 1 1 1 2 Sum Average Variance 7 1 1 1 1 2 57 1.14 0.163673 8 1 1 1 1 2 58 1.16 0.259592 9 1 1 1 1 2 65 1.3 0.622449

10 1 2 1 1 2 60 1.2 0.571429 11 1 1 1 1 2 101 2.02 0.02

12 1 1 1 3 2 13 1 1 1 1 2 14 2 1 1 1 2 15 1 1 1 1 2 df MS F P-value F crit 16 1 1 3 2 3 4 6.914 21.11606 5.65E-15 2.408488 17 1 1 1 1 2 245 0.327429 18 1 1 1 1 2 19 1 1 1 1 2 249 20 1 1 4 1 2 21 1 1 1 1 2 22 1 1 1 1 2 23 3 1 1 1 2 24 1 1 4 1 2 25 1 1 1 1 2 26 1 1 1 1 2 27 1 1 1 1 2 28 1 1 1 1 2 29 1 4 1 1 2 30 1 1 1 1 2 31 2 1 3 1 2 32 2 2 1 1 2 33 1 1 1 1 2 34 1 1 1 1 2



35 1 1 1 1 2 36 1 1 1 1 2 37 1 1 3 1 2 38 1 1 1 1 2 39 1 1 1 1 2 40 1 2 1 1 2 41 1 1 1 1 2 42 1 1 1 1 2 43 1 1 1 5 2 44 1 1 1 1 2 45 1 1 1 1 2 46 1 1 1 1 2 47 1 1 1 1 2 48 1 1 1 1 2 49 2 1 3 1 2 50 1 2 1 4 2

CLUSTER 2: SOCIAL VALUE

Respondents Q1 Q2 Q3 Q4 Q5 Anova: Single Factor 1 5 2 3 3 5 2 4 3 3 3 5 SUMMARY 3 5 3 4 4 5 Groups Count Sum Average Variance 4 5 4 4 4 5 Column 1 50 235 4.7 0.214286 5 4 5 2 2 5 Column 2 50 168 3.36 0.969796 6 5 2 3 3 5 Column 3 50 187 3.74 0.686122 7 5 4 4 4 5 Column 4 50 190 3.8 0.77551 8 4 5 4 4 5 9 5 3 3 3 5

10 5 3 2 2 5 ANOVA

11 4 3 3 3 5 Source of Variation SS df MS F P-value F crit

12 5 4 4 4 4 Between Groups 48.36 3 16.12 24.37149 1.9E-13 2.650677

13 5 4 4 4 4 Within Groups 129.64 196 0.661429

14 5 3 4 4 5 15 5 2 4 4 5 Total 178 199 16 5 2 3 3 5 Total 254.676 249 17 5 5 5 5 5 18 5 2 5 5 5 19 4 3 5 5 4 20 5 3 3 3 4 21 4 4 4 4 4 22 5 5 5 5 3 23 4 2 2 2 5 24 5 4 3 3 5 25 5 5 3 3 5 26 5 3 3 3 5 27 5 3 4 4 5 28 5 3 4 4 5 29 5 4 2 2 5 30 5 4 3 3 5 31 4 3 4 4 5 32 5 2 4 4 5 33 4 2 3 3 5 34 5 5 2 2 4 35 4 2 3 3 4 36 5 3 4 4 5 37 5 3 4 4 5 38 5 4 4 4 5 39 5 5 4 4 5 40 5 2 3 3 5 41 5 4 5 5 4 42 5 5 5 5 4 43 4 3 5 5 4 44 5 3 3 3 3 45 4 3 4 4 5 46 5 4 5 5 5 47 4 4 2 2 5 48 4 3 3 3 5 49 5 2 3 3 5

50 4 2 2 2 5



CLUSTER III: ENACTMENT OF CYBERCRIME BILL

Respondents Q1 Q2 Q3 Q4 1 5 3 4 4 2 4 3 3 3 3 5 3 4 4 Sum Average Variance 4 5 4 4 4 235 4.7 0.214286 5 4 5 2 2 168 3.36 0.969796 6 5 2 3 3 187 3.74 0.686122 7 5 4 4 4 190 3.8 0.77551 8 4 5 4 4 9 5 3 3 3

10 5 3 5 5 11 4 3 3 3 MS F P-value F crit 12 5 4 4 4 16.12 24.37149 1.9E-13 2.650677 13 5 4 4 4 0.661429 14 5 3 4 4 15 5 2 4 4 16 5 2 3 3 17 5 5 5 5 18 5 2 5 5 19 4 3 5 5 20 5 3 3 3 21 4 4 4 4 22 5 5 5 5 23 4 2 4 5 24 5 4 3 3 25 5 5 3 3 26 5 3 3 3 27 5 3 4 4 28 5 3 4 4 29 5 4 4 5 30 5 4 3 3 31 4 3 4 4 32 5 2 4 4 33 4 2 3 3 34 5 5 2 2 35 4 2 3 3 36 5 3 4 4 37 5 3 4 4 38 5 4 4 4 39 5 5 4 4 40 5 2 3 3 41 5 4 5 5 42 5 5 5 5 43 4 3 5 5 44 5 3 3 3 45 4 3 4 4 46 5 4 5 5 47 4 4 2 2 48 4 3 3 3 49 5 2 3 3 50 4 3 4 5

RESULTS:

Anova: Single Factor On Cluster I: Computer Training

SUMMARY

Groups Count Sum Average Variance Column 1 50 57 1.14 0.163673 Column 2 50 58 1.16 0.259592 Column 3 50 65 1.3 0.622449 Column 4 50 60 1.2 0.571429 Column 5 50 101 2.02 0.02

ANOVA Source of Variation SS Df MS F P-value F crit




Total 107.876 249

DECISION: Reject Ho1 since Fcal at α = 0.05 (95% c.l.) at 49 df .> fcrit at α = 0.05 = 2.408 This implies that Nigerian Police is yet to acquire adequate computer and forensics training to couple with

the cyber crime scourge.

Cluster II: Impact of bad social values


SUMMARY

Groups Count Sum Average Variance Column 1 50 235 4.7 0.214286 Column 2 50 166 3.32 1.038367 Column 3 50 177 3.54 0.865714 Column 4 50 177 3.54 0.865714 Column 5 50 236 4.72 0.287347

ANOVA Source of Variation SS df MS F P-value F crit


Total 254.676 249

DECISION: Reject Ho1 since Fcal at α = 0.05 (95% c.l.) at 249 df = 36.061.> fcrit at α = 0.05 = 2.408 This implies that bad social values have very serious influence on why Nigerian youths are joining 419

and cyber crime scourge.

Cluster III: enactment of cyber crime and 419 act


SUMMARY

Groups Count Sum Average Variance Column 1 50 235 4.7 0.214286 Column 2 50 168 3.36 0.969796 Column 3 50 187 3.74 0.686122 Column 4 50 190 3.8 0.77551

ANOVA

Source of Variation SS df MS F P-value F crit

Between Groups 48.36 3 16.12 24.37149 1.9E-13 2.650677

Within Groups 129.64 196 0.661429

Total 178 199

Copyright of Journal of Mathematics & Technology is the property of International Journal of Academic

Research and its content may not be copied or emailed to multiple sites or posted to a listserv without the

copyright holder's express written permission. However, users may print, download, or email articles for

individual use.

Deploying Forensics Science & Technology for Resolving National Cyber-security Challenges

Documents

Transcript of Deploying Forensics Science & Technology for Resolving National Cyber-security Challenges