The Forensic Laboratory at the Directorate of Criminal Investigation (DCI) is identified as one of the security flagships projects.
According to DCI’s boss George Kinoti, the lab is a critical and significant acquisition which will go a long way to enhance its services in fighting crime in the country.
The DCI’S Digital Forensic Lab overall function is to identify, seize, acquire and analyse all electronic devices related to all cyber-enabled offences reported so as to collect digital evidence which is presented in a court of law for prosecution purposes.
The lab is divided into the following sub unit each outlining specific the roles and responsibilities of the Digital Forensics Analysts.
DFL Analysts performs the analysis of computer hard drives (workstations, servers, laptops etc.).
With an aim of looking for everything from ex-filtration of data, retrieving data that is deleted or otherwise destroyed by a user. Recovery of evidence from computer storage media.
Mobile Device Forensics
The unit deals with forensic analysis of smartphones, tablets and other portable devices, retrieval of deleted text messages, call logs, documents, mobile browser history. Retrieval of data from GPS units, phone system, iPod, mp3 players, USB sticks and flash drives, SD cards.
Malware analysis sub unit deals with the study of how malware functions and about the possible outcomes of infection of a given specific malware. Finding any suspicious malware activity in a network, Identify the source and type of malware and to know what would be the impact it might have in an organization/environment affected. Perform an intense malware analysis to comprehend the indicators and signs of compromise of a system when a need arises.
Computer Incidents Response Team (CIRT)
DFL CIRT is a team that responds to Cyber security incidents when they occur. Key responsibilities of a CIRT include: Investigating and analysing security breaches and intrusion incidents, managing internal communications and updates during or immediately after incidents, mitigating incidents, recommending technology, policy and training changes after cyber security incidents Responding to attacks that employs brute force methods to compromise, degrade, or destroy systems, networks, or services.
The unit deals with E-mail and Social media investigations; Tracking email and/or authenticating that messages are not tampered with or forged, recovering deleted messages from servers, laptops, desktops, Websites etc.
Deals with Database Forensics and eDiscovery; Examination and recovery of data from mainframe and networked database systems.
Research, Training and Development
Identify and coordinate research on emerging issues within the digital forensics field. Identify and assessing training needs within the unit. Coordinating internal and external training programs.
Other functions include; forensic examination of computer and mobile phones, maintenance of lab processes of acquisition, archival and analysis, maintenance of inventories of digital evidence as per standards/ ISO, analysis of deleted and active files, location and analysis of data in ambient data sources and recovery of deleted or encrypted data/emails, SMS, MMS, videos, internet sites.
Additionally, uncovering passwords, forensic sim card analysis, extraction of data from mobile phones and presentation of expert forensic evidence in court
Crime Scene Investigations Unit
This is a core forensic unit entrusted with carrying out Forensic Scene Investigations to interrogate a scene of crime scientifically.
It is done to discover evidential ingredients and any other investigative information that may be realized from the analytical processes at a scene of crime.
The experts under this unit are capable of placing criminals to scenes of crime scientifically, through hidden fingerprint search development and recovery. They analyse the mode of operation of criminals through crime scene pattern analysis, which is essential in identifying similar crimes committed by a specific suspect and linking them to those crimes.
The unit plays a critical role in carrying out analytical procedures and processes pertaining to interrogation of samples extracted at a scene of crime, by exploiting their chemical properties.
The unit has a capacity to carry out toxicological analysis of bloodstains, urine and blood gases for traces of poison or drugs in one’s body.
It also does microscopy of gunshot powder residue on clothes and human skin to determine whether or not a suspected shooter may have fired a firearm or estimate the range of the fire from the muzzle to the target.
The forensic document examiners often deal with the question of documents authenticity. To determine whether a document is genuine, an examiner may attempt to confirm who created the document, determine the timeframe in which it was created, identify the materials used in its preparation or uncover modifications to the original text.
The experts play vital role in analysing forged travel documents such as visas and passports, indented writing, financial related documents, counterfeit currencies, seals and stamps impressions as well as forensic ink paper analysis.
The lab examines physical evidence and performs DNA testing on a range of biological materials gathered in respect to a specific case, before adducing their scientifically proven findings in court.
The unit has been on the forefront of gathering, processing and analysing biological samples originating from crime and incident scenes.
Imaging and Acoustics Unit
The unit is a section within the lab that supports Forensic investigations by processing images, retrieval and analysis of CCTV footages, audio-visual recording, crime scene re-enactment through videography, confession video recording and analysis of acoustic evidence.
This section analyses CCTV exhibits and produces scientific reports to be presented before the court.
Detectives in this section receive, process and analyse biometric voice recognition and image exhibits from crime scene.
The unit is entrusted with examination and identification of firearms, ammunition and their component parts from all over the country and across the region.
The unit also conducts shooting incident reconstruction, gunshot residue and shot pattern analysis.
Ballistics experts are responsible for restoring erased firearms serial numbers, unravelling obliterated numbers.