George Njoroge hoped to become a pharmacist. Before joining university to study pharmacy however, he enrolled for a short-term course in ICT to gain basic skills.
At the time, studies in ICT were the in-thing. He was quickly absorbed by the intricacies of computer technology, and what started as an engagement to while away time before joining university soon became his newfound passion, and eventually, future career in data forensics.
Today, George is one of Kenya’s leading data or digital forensics experts, with experience spanning more than 10 years. In 2007, he founded the East African Data Handlers, a computer forensics and data handling company.
So, what exactly do digital forensics specialists do?
“Digital forensics experts are computing professionals who collect, preserve, document and present evidence relating to various kinds of cybercrimes,” George explains.
“To do this, data analysts examine information derived from computer systems such as text, audio and video files that may have been erased to clear traces,” he adds.
A digital forensics expert must have an intimate understanding of file system operations and how applications, network communications and operating systems collect, represent and store all kinds of data, he explains.
“In the corporate world, a digital forensics expert is charged with protecting the company’s computer systems, recovering lost, hidden, encrypted or deleted files and analysing data found on various disks,” he says.
George is a senior member of the International Society of Forensic Computer Examiners (ISFCE) and the International Association of Computer Investigative Specialists (IACIS). He holds an MBA in Global Business and Sustainability from Catholic University of Rome, bachelor of Information Communication Technology from International University of Professional Studies, (then know as Inoorero University), and a bachelor’s of Information Technology from Jomo Kenyatta University of Agriculture and Technology (JKUAT).
According to him, criminal justice and data forensics complement each other.
“Findings from data forensic examinations are used in cases involving criminal, civil and commercial litigation in courts of law,” he says.
“Economic cyber espionage is the trend now. Today, cybercrime is a huge catastrophe and by far the largest transfer of wealth and intellectual property in history. In the last five years, major global brands lost close to USD 20 billion (Sh2 trillion) through hackings and cyber thefts. Lack of computer forensics and security experts could be likened to a national disaster,” he says, arguing that expertise in digital forensics has never been more crucial to the economy.
George makes a living from the fees paid to investigate cybercrimes at the corporate level.
“I’m involved in sometimes very complex cases, some involving the state and dealing with highly classified information, not to mention closely watched high-profile murder cases.”
The Jomo Kenyatta International Airport fire in 2013 and a series of bank frauds are some of the high-profile inquests where George has lent his expertise.
Whereas his clientele are mostly commercial banks and private companies that have lost important information through cyber-attacks, law enforcement agencies such as the Anti-Banking Fraud Unit occasionally rope him in in their investigations.
In the fight against modern day terrorism, digital forensics comes in handy, he explains.
“This involves decoding encrypted files and complex data from hard drives or mobile devices obtained from terror suspects. After extracting such data, a digital forensics team then analyses the metadata to construct important clues,” he says. He adds,
“This examination often involves following a “digital trail,” by tracing e-mails as they move from one Internet Service Provider (ISP) to another to unmask the terrorists, to determine who they communicated with and gather hints on possible future assault.”
Some of the emerging issues in data forensics include system hackings, identity thefts and use of Ransomware. Decrypting Ransomware, he explains, is a complex process that involves transforming unreadable data back to its readable format.
“Ransomware is a type of malware (usually a software) that prevents, limits or disrupts a user from accessing their system, by locking the computer user’s files unless a ransom is paid. Cybercriminals are now using this tactic to extort money from their victims, mostly large corporations,” he explains.
Whereas it is a fairly new profession in Kenya, skills in data forensics, he says, are now the most sought after within the banking sector and the intelligence community.
“Tiptop talent is rare, while mobility among highly-skilled specialists is high. Organisations are, therefore, unable to keep their experts without having to incur heavy retention costs – once you lose your key digital forensics experts, you risk losing massive company wealth,” he says.
A degree course in digital forensics is required for practice. Most local experts, including George, however, trained abroad.
“I attended ACE Labs in Russia for one year before moving to China for further training. Until two years ago, no Kenyan institutions offered digital forensics as a full package. Masinde Muliro University and United States University (USIU-Africa) are now offering digital forensics as a degree course,” he says.
Accomplished digital forensics experts earn between Sh250, 000 and Sh1 million a month, he says.
With many “self-declared” data forensics experts taking over the local scene, regulation is key to preserve quality in the profession, he observes.
“You must be a Certified Forensic Computer Examiner (CFCE) at minimum. CFCE is offered by the International Association of Computer Investigative Specialists (IACIS). Quacks cost organisations money, time and information with many cybercrimes ending up unresolved,” he says.
George points out that if passed to become law, the Cyber Security and Protection Bill would create a safer ICT space in Kenya.
“Admissibility of digital evidence has always been a challenge in prosecution of cybercrime suspects in Kenya. This legislation would help to convict criminals and encourage responsible use of technology.”
His contributions to the ICT Sector in Kenya has earned him several accolades, including the ICT Lifetime Award by Computer Society of Kenya and the ICT CEO of year in 2016 by the ICT Authority.
Adequate resources, he says, should be allocated to train cyber experts, to construct defensive architecture and to increase situational awareness in Kenya before it is too late.
Besides education, what does one need to flourish as a data forensics expert?
One shouldn’t have a criminal record. Credibility is also vital since you’ll occasionally work with the police and testify in court. Attention to nuances is also key. Organisation skills are critical since you’ll be dealing with a lot of information, from which you must observe patterns and correlations to arrive at deductions. You must be objective such that your conclusions aren’t influenced by preconceptions.
What are your tools of trade?
These include hard drives and software, depending on the nature of the job. The most common ones though include disk and data capture tools, file viewers, file analysis tools, network and database forensics tools.
How is the job market for digital forensics experts?
The employment outlook for digital forensics examiners and investigators is favourable. The Central Bank of Kenya, for instance, requires all commercial banks to have a certified Chief Information Security Officer (CISO). At the moment, there is a serious shortfall of these experts.
According to estimates, the profession of digital forensics is expected to bulge by more than 50 per cent between 2018 and 2024 due to rapidly increasing cybercrimes.