ANATOMY OF DIGITAL EVIDENCE AND CYBER FORENSICS VIS-A-VIS INTERNATIONAL PERSPECTIVES 


1.0 INTRODUCTION 

The rapid digital transformation in Nigeria and the world at large has brought about significant opportunities for growth and innovation. However, it has equally ushered in a new wave of cyber threats. Cybercrimes, ranging from financial fraud and identity theft to more complex attacks on critical infrastructure, are becoming increasingly common. The rise in these crimes necessitates a robust response from law enforcement and security professionals, placing digital evidence and cyber forensics at the forefront of the battle against cybercrimes.

When the Evidence Act 1945 was introduced, no provision was made for the use of electronic evidence in litigation because electronic devices were virtually non-existent. Electronic evidence has since assumed a prominent global position in the adjudication of disputes. Despite its merits, unlike traditional paper evidence whose alteration or manipulation is easily noticeable, electronic evidence can be altered or manipulated with ease. Generally, section 84 of the Evidence Act, 2011 was introduced to regulate the authentication and admissibility of electronic evidence. The Evidence (amendment) Act, 2023 aims to bring the provisions of the subsisting Evidence Act to align with global technological advancements. The notable amendments to the Evidence Act, 2011 includes the expansion of admissible electronic records, proof of digital signature, amendment of the interpretation section with the inclusion of definitions of terms such as “audio-visual communications”, “cloud computing”, “Electronic Gazette”, Optical Media, Magnet Media, etc.
The focus of this study is the examination of the concept digital evidence and cyber forensics, the history and evolution of both digital evidence and cyber forensics, the principles for admissibility of digital evidence and cyber forensics, judicial attitude of the Nigerian court toward digital evidence and cyber forensics and proposed guidelines to be adopted the future.


2.0 NATURE AND SCOPE OF DIGITAL EVIDENCE
Digital evidence is conceptually the same as any other evidence—it is information leveraged in an attempt to place people and events within time and space to establish causality for criminal incidents. However, digital evidence has a wider scope, can be more personally sensitive, is mobile, and requires different training and tools compared with physical evidence. Given our current digital society, the concept of digital evidence is expansive in scope. The most obvious example is the wide range of devices that can contain digital evidence. 

Digital evidence or electronic evidence is information stored or transmitted in binary form that may be relied on in court. It can be found on a computer hard drive, a mobile phone, among other places. Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. Digital Information that is stored electronically is said to be ‘digital’ because it has been broken down into digits; binary units of ones (1) and  zeros  (0),  that  are saved  and  retrieved  using  a  set  of  instructions  called  software  or  code.   Any kind of information—photographs, words, spreadsheet can be created and  saved  using  these  types  of  instructions.  Finding and  exploiting  evidence saved  in  this  way  is  a  growing  area  of  forensics  and constantly  changes  as the  technology evolves. Data (comprising output of analogue devices or data in digital format) that is manipulated, stored or communicated by any man-made device, computer or computer system or transmitted over a communication system, that has the potential to make the factual account of either party more probable or less probable or less probable than it would be without the evidence. Digital evidence exploitation is a relatively new tool for law enforcement investigations, law enforcement relies extensively on digital evidence for important information about both victims and suspects.

2.1 HISTORY AND EVOLUTION OF DIGITAL EVIDENCE AND CYBER FORENSICS
2.1.1 HISTORY OF DIGITAL EVIDENCE 
With the advent of technology in the Nigeria, Nigerian court faced some difficulties associated with the non-inclusion  of electronic evidence in the Act and there were arguments for and against its admissibility. The Nigerian Law of Evidence is substantially part of the received laws of Nigeria via Section 45 of the Miscellaneous Provision Act of 1945. The Ordinance was passed as Ordinance No. 27 of 1943. It did not take effect till 1st of June, 1945 by virtue of Number 618 of Gazette Number 33 of 1945. Since the 1st of June 1945, there pealed Evidence Act was consistently retained in character in the 1951, 1960, 1963, 1976 and 1990 amendments. It was referred to as Evidence Act Cap 112, 1990, Laws of the Federation. The Supreme Court in Yesufu v ACB, sounded a note of warning, emphasizing the need for legislative clarification before admitting documents generated from computers. The uncertain situation created chaos within the judicial landscape of Nigeria. The foremost decision was followed in Trade Bank v. Chami and Anyaebosi & Ors v R.T. Briscoe Nig. Ltd, amongst others, while the latter in Yesufu's case was followed in UBA v Sani Abacha Foundation for Peace and Unity (SAPFU). This prevailed until 2011, when the 6th National Assembly enacted Evidence Act, 2011 (Act No. 18). The enactment of the Act represented the response of the Legislature to the ceaseless clamour for the amendment of the old Evidence Act. Though the Legislature acted tardy, it surpassed expectations by repealing the entire Act. Significantly, the legislation aims to align the law with advancements in electronic and computer technology by explicitly providing for the admissibility of electronically generated evidence.
The Evidence (Amendment) Act 2023 also introduced notable changes in relation to digital evidence. Prior to the Amendment, documents produced by computers were regarded as computer generated evidence and are admissible as evidence of facts stated in them, provided that certain conditions are met. A party seeking to rely on such documents is required to show that the computer was generally in good order, and that the document was produced from information regularly supplied to the computer, as provided in Section 84(2) of the 2011 Act. The Amendment, however, introduces a new element which is  the admissibility of statements in “electronic records” which was previously not expressly provided for.

2.1.2 EVOLUTION OF CYBER FORENSICS
The history of digital forensics also known as cyber forensics dates back to the 1980s. It a relatively novel field in the grand scheme of things. Despite its comparatively recent beginnings, the field has come quite a long way.

a) 1980s and 1990s Evolution 
Early forms of digital data first emerged in the late 1970s, but it wasn't until the 1980s that the digital forensics field gained traction. During this time, more people began to purchase personal computers, and computer-related crimes started to occur. In its earliest stages, digital forensics strategies were used to analyze computer systems and collect evidence for criminal investigations. By the 1990s, the field established foundational techniques and formal methodologies for collecting evidence and investigating crimes. Later in the decade, Internet use became more widespread, resulting in a need for more robust digital forensic methods to address growing issues like identity theft and hacking.
b) 2000s Evolution 
By the early 2000s, more people were using the web globally, resulting in widespread cybercrime. In response, the digital forensics field began working toward standardizing its processes. During this time, the International Association of Computer Investigative Specialists (IACIS) and the National Institute of Standards and Technology (NIST) were founded and began guiding best practices. Through the remainder of the early 2000s, digital forensic investigators worked to refine these strategies while adapting to the changing digital landscape.

3.1 TYPES/SOURCES OF DIGITAL EVIDENCE
3.1.1 The following are the types of digital evidence:
1. Document Files: Perhaps one of the most common types of digital evidence, document files encompass everything from text documents (e.g., Word files) to spreadsheets, presentations, and PDFs. These files often contain a treasure trove of information, timestamps, and metadata that can be invaluable in investigations.
2. Emails: Emails are a rich source of digital evidence, especially in corporate cases. They reveal communication patterns and attachments and often contain vital information about transactions, agreements, or disputes.
3. Social Media Content: With the proliferation of social media, platforms like Facebook, Twitter, and Instagram have become goldmines for digital evidence. Posts, messages, images, and videos can all serve as critical evidence in various contexts.
4. Multimedia Files: Multimedia evidence includes images, videos, and audio recordings. These can be vital in cases involving intellectual property theft, cyberbullying, harassment, and more.
5. Web Browsing History: A person’s web browsing history can offer insights into their interests, activities, and intent. It’s often used in cases related to cybercrimes or harassment.
6. Database Records: For businesses and organizations, database records can be essential digital evidence. They contain transactional data, customer records, and more, making them invaluable in fraud investigations.
3.1.2 Here are some common sources of digital evidence:
1. Computers and Laptops: Personal computers and laptops are primary sources of digital evidence. They store documents, emails, browsing history, and even deleted files.
2. Mobile Devices: With the prevalence of smartphones and tablets, these devices have become prominent sources of digital evidence. Text messages, call logs, GPS data, and app usage can all be extracted and analyzed.
3. Cloud Services: Cloud storage and services like Google Drive, Dropbox, and iCloud can also hold valuable evidence. Information stored in the cloud might include documents, images, and backups of mobile devices.
4. Surveillance Cameras: In both public and private settings, surveillance cameras capture video evidence. Footage from these cameras can be pivotal in criminal investigations.
5. IoT Devices: The Internet of Things (IoT) has introduced a multitude of devices that can serve as sources of digital evidence. Smart home devices, wearables, and even connected appliances can offer insights into individuals’ actions and behaviors.


3.2  ADMISSIBILITY OF DIGITAL EVIDENCE 
The preconditions for admissibility of digital evidence also known as electronically generated evidence is contained in Section 84 of the Evidence Act. The section has five subsections streamlining the admissibility of electronic evidence while stipulating processes and conditions.Section 84(1) provides that: In any proceeding, a statement contained in a document produced by computer shall be admissible, if it is shown that the conditions in subsection (2) of this Section and satisfied in relation to the statement and computer in question.
So, while section 84 (1) renders electronic evidence admissible, section 84(2) prescribes four conditions to be fulfilled:
a) the statement sought to be tendered was produced by the computer during a period when it was in regular use, to store or process information for the purpose of any activity regularly
carried on over that period;
b) during that period of regular use, information of the kind contained in the document or
statement was supplied to the computer;
c) the computer was operating properly during that period of regular use or if not, the improper working of the computer at any time did not affect the production of the document or the accuracy of its contents; and
d)that the information contained in the statement was supplied to the computer in the ordinary course of its normal use.
The real essence of the conditions stipulated under section 84(2) is the requirement of the witness to lay proper foundation for admissibility of electronically generated evidence: See Kubor v Dickson, on the need to lay ‘necessary foundations for admissibility of e-documents.’ The rejection of the Internet Printouts, Exhibit “D” and “L” in Kubor & Anor v Dickson & Ors was on the basis that there was insufficient foundational evidence to render the document admissible. There was no fact in the deposition of the affected witness to fulfil the conditions in Section 84 (2)-facts required by section 84[2] must be contained in the Statement of Witness on Oath. In criminal cases facts must be stated. Fulfilment of section 84(2) is mandatory: This point is clear and evident from the cases of Kubor v Dickson & Ors; Akeredolu & Anor v Mimiko & Ors; Omisore & Anor v Aregbesola & Ors; and Dickson v Silva & Ors.  The preconditions in Section 84(2)  need not be proven by an expert: R v Shephard. Section 84(3) provides that where the function of storage or processing is performed by combination of computers or different computers, all the computers used for that purpose shall be treated as constituting a single computer. Section 84(4) requires the production of a certificate of authentication. This means that the party offering electronic evidence must adduce enough evidence to support a finding that the document or electronic record in question is what it purports to be. It must be genuine. Digital or electronic evidence require authentication because it is vulnerable to manipulation can easily be altered or manipulated, can be copied, forwarded, updated, intercepted or even deleted; changes to photographs and videos can easily be made by using Photoshop and graphic design programs. See Araka v Egbue. Section 84(4) requires the production of a certificate of authentication. No form of authentication is prescribed in the Act. In India, affidavit is required. Exceptions to Section 84(4) include where it becomes impossible to tender a certificate; and where the opponent is in control of the computer that produced the electronic document.
In summary, under the law, there are basically four evidence standards electronic document must satisfy to be admissible in evidence . They are as follows:
a) The document must be pleaded;
b) The document must be relevant to the fact in issue;
c) The document must be admissible in law
d) The document must satisfy the requirements of authentication.

4.0 MEANING OF CYBER FORENSICS
Cyber forensics also known as computer/digital forensics is a process of extracting data as proof for a crime (that involves electronic devices) while following proper investigation rules to nab the culprit by presenting the evidence to the court. It is a specialized field dedicated to investigating and analyzing cybersecurity incidents. Its aim is to discover the root cause of an incident, identify those responsible, and gather digital evidence that can be used in legal investigations and to prevent future attacks. The main aim of cyber forensics is to maintain the thread of evidence and documentation to find out who did the crime digitally. Cyber Forensics can assist to investigate the following ways:
It can recover deleted files, chat logs, and emails.
  It can retrieve deleted SMS messages and phone call records.
 It can access recorded audio of phone conversations.
 It can determine which user used which system and for how long.
 It can identify which user ran which program.
In the technological age, cyber forensics is an inevitable factor that is incredibly important. Technology combined with forensic forensics paves the way for quicker investigations and accurate results. 

4.1 RELEVANCE/IMPACT OF CYBER FORENSICS TO LAW
Digital forensics extends beyond computers and has a significant societal impact. In today’s connected world, digital evidence plays a crucial role in solving crimes and legal matters in both the digital and physical worlds. Below are the points depicting the importance of cyber forensics to law and how cyber forensics plays a crucial role in the justice system.
Immediate Criminal Investigations
When a cyberattack occurs, it’s essential for organizations to act swiftly. Cyber forensics enables an immediate investigation to determine the extent of the attack and how it was executed. This is crucial to stop malicious activity and prevent further intrusion into systems. Cyber forensics helps in collecting important digital evidence to trace the criminal. Cyber forensics assist in the investigation of the following crimes:
a) Data theft and network breaches—digital forensics is used to understand how a breach happened and who were the attackers.
b) Online fraud and identity theft—digital forensics is used to understand the impact of a breach on organizations and their customers.
c)Violent crimes like burglary, assault, and murder—digital forensics is used to capture digital evidence from mobile phones, cars, or other devices in the vicinity of the crime.
d) White collar crimes—digital forensics is used to collect evidence that can help identify and prosecute crimes like corporate fraud, embezzlement, and extortion.
e) It is not only used to solve digital crimes but also used to solve real-world crimes like theft cases, murder, etc.
    2.     Identification of Perpetrators
Attribution is a critical part of the response to cybersecurity incidents. Cyber forensics focuses on identifying those responsible for the attacks. This can include malicious individuals, cybercriminal groups, or even internal threats. With this information, companies can take appropriate legal action. With electronic equipment which stores massive amounts of data that a normal person fails to see, cyber forensics helps to identify criminals. For example: in a smart house, for every word we speak, actions performed by smart devices, collect huge data which is crucial in cyber forensics.
3.Legally Admissible Evidence
Collecting legally admissible digital evidence is fundamental in cases of cyberattacks. Cyber forensics adheres to rigorous practices to ensure the integrity and authenticity of the evidence. This is vital in legal investigations and can make the difference between a conviction or the impunity of cybercriminals.
4.Reputation Protection
An individual's reputation is a valuable asset. When a cyberattack occurs, a victim’s reputation can suffer significant damage if not handled properly. A practical example is crimes involving hacking of social media handles and virtual impersonation to defraud unsuspecting members of the public. Transparency and effective action, supported by findings from cybersecurity forensics, can help maintain the trust of customers and business partners. It is also helpful for innocent people to prove their innocence via the evidence collected online.
5.Minimizing Penalties
If a company falls victim to a cyberattack and it’s found that they didn’t have adequate safeguards or security measures in place, they could face significant penalties. Regulatory authorities and privacy laws can impose substantial fines. Cybersecurity forensics not only helps to avoid penalties by demonstrating that steps were taken to investigate and resolve the incident but also focuses on preventing future attacks.

4.2 CYBER FORENSICS TOOLS
Cyber forensics tools are specialized software and hardware used to collect, analyze, and preserve digital evidence in investigations related to cybercrimes, data breaches, and other digital misconduct. These tools are essential for forensic experts to ensure that evidence is handled properly and can be used in legal proceedings. Currently, there are various categories of cyber forensic tools used globally including but not limited to: disk and data capture forensic tools, network forensic tools, mobile device forensic tools, memory forensic tools etc. Echer cyber forensic tool fall under the above listed categories. Cyber forensics tools include:
Cellebrite UFED
Founded in Israel in 1999, Cellebrite specializes in mobile device forensics for law enforcement and enterprises. Their expertise lies in collecting, reviewing, analyzing, and managing data from mobile devices. The Digital Intelligence Investigative Platform offered by Cellebrite facilitates the unification of the investigative life cycle and the preservation of digital evidence.

       2.   Forensic Toolkit Imager (FTK)
FTK Imager, a free tool, ensures the integrity of digital evidence by analyzing drive images without modifying their original state. It supports all operating systems, recovers deleted files, parses XFS files, and generates file hashes for data integrity checks. Therefore, it is a crucial tool for forensic investigations.
3. Wireshark
Wireshark is the world’s most-used network protocol analysis tool, trusted by governments, corporations, and academic institutions worldwide. It provides microscopic-level visibility into network activity by capturing and analyzing network traffic. With a user-friendly interface available on multiple operating systems, Wireshark aids in detecting and investigating malicious activity. It supports various data sources and allows exporting of output in multiple formats. Wireshark helps to captures live network traffic and analyzes protocols. It supports deep inspection of hundreds of protocols. Used for investigating network security breaches and monitoring network traffic.
4. Autopsy
It is an open-source cyber forensic tool. It shows the deleted files and data on our computer. It can run on Windows, Linux, or Mac. It also detects the data of raw files or ASCII Strings. This tool is used in various fields such as corporate investigation, military, law, etc. Cyber forensic teams investigate the data involved in the crime make a digital copy of the evidence and mention it in the court as proof. Also, the cyber forensic team makes the ⁷presentation of the evidence found in data analysis. This tool gives 100% accurate results.
5. Volatility Framework
It is a tool that extracts the RAM information or memory information. It is implemented in Python. It supports Windows, Mac, or Linux. It works in a command line interface. It is used for malware analysis and investigating cyber-attacks. This tool helps work with large data sets. It also supports various types of file formats and extracts the data. It offers efficient algorithms that analyze the RAM dumps from complex data sets without the loss of memory.

4.3 CRITICAL TECHNIQUES IN CYBER FORENSICS
In cyber forensics, following established techniques and methodologies is crucial to ensure the integrity, accuracy, and admissibility of digital evidence. Here are the key techniques typically followed in cyber forensics:
 Identification: Identify the scope of the investigation, including the type of incident and the devices involved. Determine which data sources are most likely to contain relevant information. Identifying what evidence is present, where it is stored, how it is stored (in which format). Electronic devices can be personal computers, Mobile phones, PDAs, etc.
Preservation: Protect the scene of the investigation to prevent any tampering or alteration of evidence. Create a bit-by-bit copy of the storage media (hard drives, SSDs, mobile devices) to preserve the original data. Tools like FTK Imager and EnCase are commonly used. It uses hardware or software write-blockers to prevent any changes to the original storage media during the imaging process. Data is isolated, secured, and preserved. It includes prohibiting unauthorized personnel from using the digital device so that digital evidence, mistakenly or purposely, is not tampered with and making a copy of the original evidence.
 Analysis: Forensic lab personnel reconstruct fragment of data and draw conclusions based on evidence. Construct a timeline of events based on the collected data to understand the sequence of actions. Use keyword searches to find relevant information within the data.
 Documentation: A record of all the visible data is created. It helps in recreating and reviewing the crime scene. All the findings from the investigations are documented.
Presentation: Use charts, graphs, and other visual aids to make complex data more understandable. Explain the findings in a manner that can be understood by legal professionals and judges who may not have a technical background. All the documented findings are produced in a court of law for further investigations.

5.0 LEGAL REGULATORY FRAMEWORKS ON DIGITAL EVIDENCE AND CYBER FORENSICS IN NIGERIA 
 In Nigeria, the legal regulatory frameworks for digital evidence are derived from various statutes and regulations that establish the admissibility, collection, and handling of digital evidence in legal proceedings. Each of the laws addresses different aspects of digital evidence management and protection. These frameworks ensure that digital evidence is handled in a manner that respects constitutional rights, maintains data integrity, and meets the standards of admissibility in legal proceedings. Below are the key legal frameworks and regulatory provisions relevant to digital evidence in Nigeria:

Constitution of the Federal Republic of Nigeria 1999 (as amended)
The Constitution of the Federal Republic of Nigeria 1999 (as amended), does not directly address digital evidence or cyber forensics. However, being the ground norm from which every law derives force, it contains several provisions that indirectly impact the handling and admissibility of digital evidence and the conduct of cyber forensics.
The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected by the constitution." The implications for Digital Evidence and Cyber Forensics are that collection, interception, or analysis of digital data must respect the privacy rights of individuals. Law enforcement agencies and forensic investigators must obtain proper authorization (such as a warrant) to intercept or access private communications and data. Any search or seizure of digital evidence must respect these constitutional rights. Section 44 CFRN further provides protection against the compulsory acquisition of property without due process, which can be interpreted to include digital data.
The implication of section 36 CFRN is also relevant in digital evidence and cyber forensics. Digital evidence presented in court must be reliable, accurate, and obtained through legal means to ensure a fair trial. The procedures for collecting and presenting digital evidence must be transparent and adhere to due process to protect the rights of the accused. Where the principle of fair hearing is breached, the whole trial may become a nullity.
The general provisions on fundamental rights in Chapter IV of the Constitution reinforce the need to protect individual rights during forensic investigations. Any actions taken in the course of cyber forensics must not infringe upon these fundamental rights unless justified by law and due process.

2.  Evidence Act 2011
The Evidence Act 2011 provides a framework for the admissibility and handling of digital evidence in Nigeria. Sections 84 and 93 are particularly important as they establish the criteria for the admissibility of electronic records and the presumption of their authenticity.
Section 84 provides for the primary legal basis for the admissibility of electronic records and digital evidence. For electronic evidence to be admissible, it must be shown that the computer that produced the evidence was operating properly, and the information was fed into the computer in the ordinary course of business. It requires a certificate from a person occupying a responsible position in relation to the operation or management of the relevant device to confirm the accuracy of the data.
Section 93(1) Provides that electronic records, including data messages and information in electronic form, shall be presumed authentic if the electronic record was generated by a secure system. Section 93(2) further outlines the factors that determine the security of an electronic record system, such as reliability of hardware and software, adherence to standard procedures, and auditability of system operations.
The interpretation section of the Evidence Act 2011,defines key terms relevant to digital evidence and cyber forensics, such as "computer," "data," "electronic form," and "information in electronic form. "These definitions provide clarity and a broad understanding of what constitutes electronic evidence under the law.
3. Cybercrimes (Prohibition, Prevention, etc.) Act 2015
. The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 of Nigeria provides a comprehensive legal framework for combating cybercrimes and regulating the handling of digital evidence and cyber forensics. The key provisions of the Act relevant to digital evidence and cyber forensics are as follows: Section 38 provides for production order and by this, a court may order a person in possession or control of data or information stored in a computer or computer system to produce such data or information. This can be applied to compel individuals or organizations to produce digital evidence for an investigation or prosecution of cybercrimes.
 Section 39 ensures the preservation of digital evidence through the preservation order. Law enforcement agencies may request the preservation of data or information stored in a computer or computer system to prevent its modification, deletion, or destruction. This ensures that digital evidence is preserved intact during the course of an investigation.
 Section 40 allows for search and seizures. Law enforcement officers, with the proper warrant, are authorized to search and seize data, computers, and any related storage devices suspected of containing evidence of a cybercrime. This section outlines the procedures for conducting searches and seizures to ensure the integrity and admissibility of digital evidence.
By section 41 law enforcement agencies can access and inspect computerized data or information, and may also decrypt encrypted data. This access must be authorized by a warrant, ensuring that digital evidence is obtained legally.
Section 42 allows lawful interception of electronic communication with the appropriate warrant, to gather evidence for cybercrime investigations. This section provides a legal basis for monitoring and intercepting communications in the pursuit of cybercriminals. Section 43 empowers service providers to assist law enforcement agencies in the execution of search and seizure, interception, and preservation orders. Electronic evidence obtained under this Act is admissible in court, provided it meets the requirements of the Evidence Act 2011 on admissibility.This reinforces the legal standing of digital evidence collected during cybercrime investigations.
4. Nigerian Communications Act 2003
This Act regulates the telecommunications sector and provides guidelines on the interception and monitoring of communications for national security and crime prevention purposes. It stipulates the obligations of service providers to protect user data and maintain the confidentiality of communications. Service providers must comply with any lawful request or direction from the NCC or other authorized entities concerning the interception of communications. They are required to provide necessary technical assistance to facilitate lawful interceptions, including access to their networks and systems.
5. National Information Technology Development Agency (NITDA) Guidelines NITDA Data Protection Regulation 2019
Although the NDPR primarily focuses on data protection and privacy, it also has implications for digital evidence and cyber forensics, particularly in terms of how personal data should be handled during forensic investigations. It establishes guidelines for the processing of personal data to protect the privacy of Nigerian citizens. It outlines the principles of data protection, including data minimization, accuracy, and security, which are relevant in the context of digital evidence handling.

5.1 AGENCIES INVOLVED IN DIGITAL EVIDENCE AND CYBER FORENSICS IN NIGERIA
Economic and Financial Crimes Commission (EFCC).
Nigeria Police Force (NPF)- (National Cybercrime Center).
Office of the National Security Adviser (ONSA).
Private Sector and Academia

5.2  INNOVATIONS IN  THE EVIDENCE ACT 2011 ( AS AMENDED 2023) ON DIGITAL EVIDENCE.
On the 12th of June 2023, President Bola Ahmed Tinubu signed, the Evidence (Amendment) Act 2023 (‘the Act’) into law. This amendment ushers in radical changes to the practice and procedure of evidence taking in Nigerian courts.
The Act does not repeal the Evidence Act, 2011(the ‘Principal Act’). It, however, amended certain provisions of the Principal Act to bring them in conformity with global technological advancements in the practice and procedure of evidence taking. 
Below are notable changes in the Amended Evidence Act in relation to digital evidence in Nigeria:
Expansion of the Scope of Computer-Generated Evidence: 
The Act broadens the range of computer-generated evidence as outlined in section 84 of the Principal Act. This extension is facilitated by section 2 of the Act, which revises section 84 of the Principal Act by seamlessly adding the phrase “or electronic records” right after the term “document”. As a result, along with conventional documents, electronic records (as defined within the Act) are now permissible as evidence, granted they adhere to the stipulated conditions set forth by the Act.
2.  Introduction of Digital Signature and Electronic Authentication techniques
The Act introduces the utilization of digital and electronic signatures within court documents and other legal processes. According to section 10 of the Act, a digital signature is defined as “an electronically generated signature attached to an electronically transmitted document to verify its content and the sender’s identity.” On the other hand, an electronic signature is defined as “the authentication of any electronic record by a subscriber using the electronic technique specified in the Second Schedule, which also encompasses digital signatures.”
Section 3(1) of the Act incorporates the usage of these signature forms by inserting a new section 84 (a)-(d) immediately after section 84 of the Principal Act. Notably, the amended provision, section 84C (1), now empowers any individual to authenticate an electronic record by affixing their digital signature to it. Furthermore, the Act establishes specific provisions to uphold the integrity of digital signatures. It mandates that such digital signatures or other electronic authentication methods must be reliable and fulfill the conditions specified in the Statute.
3. Incorporation of Additional Terms in The Interpretation Section of the Principal Act
The Act also amends the Principal Act by inserting definitions for audio visual communications, cloud computing, computer, digital signature, electronic gazette, electronic record, electronic signature, magnetic media and optical media.


6.0 INTERNATIONAL LEGAL FRAMEWORK FOR DIGITAL EVIDENCE AND CYBER FORENSICS 
The international legal framework for digital evidence and cyber forensics is composed of treaties, conventions, guidelines, and agreements aimed at harmonizing the approach to cybercrime and the use of digital evidence across borders. Some of them include:
Convention on Cybercrime (2001)
Also known as the Budapest Convention, this is the first international agreement aimed at reducing computer-related crime by harmonizing national laws, improving investigative techniques, and increasing international cooperation. The Convention on Cybercrime of the Council of Europe was opened for signature in Budapest in November 2001. Twenty-two years later remains the most relevant international agreement on cybercrime and electronic evidence
The Budapest Convention is a criminal justice treaty that provides states with:
 (i) the criminalization of a list of attacks against and by means of computers; 
(ii) procedural law tools to make the investigation of cybercrime and the securing of electronic evidence in relation to any crime more effective and subject to rule of law safeguards; and
 (iii) international police and judicial cooperation on cybercrime and e-evidence. It is open for accession by any state prepared to implement it and engage in cooperation.
The key aspects to Budapest convention include:
Definitions and classifications of cybercrimes.
Procedural law tools for investigations, such as preservation orders, production orders, and search and seizure of computer data.
Provisions for international cooperation, including mutual legal assistance, extradition, and 24/7 contact points.
2.     Interpol and Europol Frameworks
INTERPOL and Europol both have dedicated units for cybercrime and digital forensics. They provide support to member countries through:
a) Coordination of cross-border investigations.
b) Training and capacity-building initiatives.
c)Development of best practices and standards for digital forensic.
   Specialized forensics assistance can be provided at the INTERPOL Digital Forensics Laboratory and in the field during Incident Response deployments. Interpol assist member countries in building and maintaining state-of-the-art laboratories compliant with internationally adopted procedures, to better support investigations and prosecutions. The framework has developed training programmes focusing on standard methodologies and solutions in digital forensics, in close cooperation with the INTERPOL Capacity Building Unit and with our partners from law enforcement, the private sector and academia. The INTERPOL Digital Forensic Lab connects experts all over the world to share their knowledge and discuss ways to improve their daily work.
3.ISO/IEC 27037 
ISO/IEC is an international standard providing guidelines for identifying, collecting, acquiring, and preserving electronic evidence, which is part of the digital evidence recovery process. This framework is crucial for ensuring the integrity and authenticity of digital evidence, which can be used in legal proceedings. It focuses on the specific needs of incident handling and forensics, providing guidance on the handling of potential evidence from the point of discovery until it is presented in court. The standard is developed and maintained by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). (IEC) have developed several standards relevant to digital evidence and cyber forensics, such as: ISO/IEC 27037: Guidelines for identification, collection, acquisition, and preservation of digital evidence. ISO/IEC 27041: Guidance on assuring suitability and adequacy of digital forensic tools. ISO/IEC 27042: Guidelines for the analysis and interpretation of digital evidence. ISO/IEC 27043: Incident investigation principles and processes.
4. G8 24/7 Network 
The G8 countries established a network of 24/7 contact points to provide immediate assistance in cybercrime investigations. This network helps facilitate rapid response to requests for assistance, particularly in urgent cases where digital evidence may be at risk of being lost or altered.
The G8 24/7 points of contact are provided for investigations involving electronic evidence that require urgent assistance from foreign law enforcement. High-tech crimes raise new challenges for law enforcement. In investigations involving computer networks, it is often important for technically literate investigators to move at unprecedented speeds to preserve electronic data and locate suspects, often by asking Internet Service Providers to assist by preserving data. Therefore, to enhance and supplement (but not replace) traditional methods of obtaining assistance, the G8 has created the Network as a new mechanism to expedite contacts between Participating States or other autonomous law enforcement jurisdictions of a State (hereinafter referred to as “Participants”). To use this Network, law enforcement agents seeking assistance from a foreign Participant may contact the 24-hour point of contact in their own state or autonomous law enforcement jurisdiction, and this individual or entity will, if appropriate, contact his or her counterpart in the foreign Participant. Participants in the Network have committed to make their best efforts to ensure that Internet Service Providers freeze the information sought by a requesting Participant as quickly as possible. Participants have further committed to make their best efforts to produce information expeditiously.

6.1 COMPARATIVE ANALYSIS OF APPROACHES TO DIGITAL EVIDENCE AND CYBER FORENSICS IN IN ADVANCED SYSTEMS (USA AND AUSTRALIA)
Several countries are recognized for having advanced cyber forensics systems for digital evidence due to their comprehensive legal frameworks, robust infrastructure, skilled workforce, and active participation in international cooperation. 

a) USA
The U.S. has a well-developed legal system for handling digital evidence, including the Computer Fraud and Abuse Act (CFAA) and the Electronic Communications Privacy Act (ECPA).  Agencies like the FBI, Secret Service, and Department of Homeland Security have specialized cybercrime units. Institutions like the National Institute of Standards and Technology (NIST) provide guidelines and standards for digital forensics. Numerous universities offer specialized programs in cyber forensics. A live matter demonstrating how US harnessed digital evidence and cyber forensic to investigate a crime is the case of Christian Aguilar, the facts are that:
" In September 2012, University of Florida freshman Christian Aguilar disappeared after last being seen with his friend, Pedro Bravo, at a local Best Buy (Burch, 2014). Aguilar’s remains were found about three weeks later more than 60 miles west in a shallow grave. Police suspected Bravo had something to do with the disappearance and death; searches found some blood in Bravo’s car and he was in possession of Aguilar’s backpack. Aguilar and Bravo had attended the same high school, and there was a potential motive in that Bravo had been upset that Aguilar had started a relationship with Bravo’s ex-girlfriend. However, digital evidence made this circumstantial case far stronger. Digital examiners had access to Bravo’s cell phone and found numerous key pieces of evidence. In the cache for the phone’s Facebook app, examiners found a screen shot of a Siri search made near the time of Aguilar’s disappearance that read, “I need to hide my roommate.” While Bravo’s phone did not have the Siri feature, the record was maintained because he used Facebook to access the option. Analysis of pings, or determining the tower that received a signal from the cell phone, showed that Bravo had headed far to the west after the disappearance. Finally, examiners were able to determine that the flashlight application on the phone had been used for over an hour just after the disappearance. As a result of this evidence, Bravo was brought to trial in August 2014 and convicted of first-degree murder."
The brief fact above demonstrates the proactive nature of digital evidence framework in US and her expertise in cyber forensic in the investigation of crimes.

b) Australia
Australia has developed a comprehensive approach to digital evidence and cyber forensics through a combination of robust legal frameworks, specialized agencies, international cooperation, and a focus on training and standards. Australia has comprehensive cybercrime laws, including:
a) Cybercrime Act 2001
b) Telecommunications (Interception and Access) Act 1979
c) Privacy Act 1988
All these laws are proactive and relevant to resolve evolving technological concerns.The Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) have specialized cyber units. Australia is active in cyber forensics research, with several universities offering specialized programs.

7.0  CHALLENGES OF DIGITAL EVIDENCE AND CYBER FORENSICS IN NIGERIA 
Rapid evolution of technology and cyber threats, which can outpace legislative developments.
.Privacy and human rights concerns, especially regarding surveillance and data protection.
Law enforcement agencies, judiciary and courtroom participants lack technical knowledge regarding the acquisition and preservation of digital evidence.
The need to produce convincing and admissible evidences is one major setback in the realm of digital evidence.
Absence of a National Cyber Forensics Laboratory in Nigeria to aid the proper collection, analysis, documentation and preservation of digital evidence.
Shortage of cyber forensics professionals to carry out investigations and trainings
Obsolete and outdated laws on digital evidence and cyber forensic that fail to meet current trends and technological advancement.
Cost Producing digital evidences and preserving them is very costly. Hence this process may not be chosen by many people who cannot afford the cost.

7.1 CONCLUSION AND RECOMMENDATIONS
This research has highlighted the critical importance of robust digital evidence and cyber forensics systems in addressing the growing threat of cybercrime and other crimes. Through a detailed exploration of the current state, challenges, and opportunities within Nigeria, alongside comparative insights from advanced systems in the United States and Australia, we have gained a comprehensive understanding of the multifaceted nature of this issue. The current legal regime in Nigeria reveals significant gaps in legal frameworks, technological infrastructure, and capacity building that hinder effective cybercrime investigation and prosecution. 
Despite these challenges, there are prospects for digital evidence and cyber forensics in Nigeria, underscored by the provisions of the current Evidence Act and integration of AI and IT Law and Cyber Forensics in the curriculum of Nigerian universities. 
The following recommendations and comparative insights from advanced systems is proposed to boost and improve the digital evidence and cyber forensics in the Nigerian justice system:
Nigeria needs to establish a dedicated and specialized National Cyber Forensics Laboratory equipped with state-of-the-art forensic tools and technologies similar to that of US and Australia.
Enhancement of legal framework to support the collection, preservation, and presentation of digital evidence in court. Development of specific laws and guidelines for handling digital evidence, aligned with international best practices. In furtherance, the enactment of "Digital Evidence Guidelines" is proposed to be made pursuant to the Evidence Act.
Capacity building through strategic national investment in regular training of law enforcement officers, judges and cyber forensic experts. Collaboration with international partners to provide advanced training and certifications in cyber forensics should be encouraged.
The academia and research institutions have a role to play by integrating specialized courses and certifications in cyber forensics.
Engage in international cooperation through treaties, agreements, and participation in global cybersecurity initiatives like US and Australia has done. Leverage international expertise and resources to build and maintain the national lab. 
Creation of public awareness and sensitization on importance of digital evidence and cybercrime through seminars and conferences.
Regular and timely amendment of laws on digital evidence and cyber forensics to meet current trends in technological growth.
By implementing these recommendations, Nigeria can build a robust and effective framework for handling digital evidence and cyber forensics, enhancing its ability to combat cybercrime and protect its digital terrains.

Comments

Post a Comment

Popular posts from this blog

EXAMINING THE IMPLICATIONS OF AI-GENERATED CONTENTS ON COPYRIGGHT INFRINGEMENT IN NIGERIA

Image
EXAMINING THE IMPLICATIONS OF AI-GENERATED CONTENTS ON COPYRIGGHT INFRINGEMENT IN NIGERIA ~ METI MONDAY UKPEH, ESQ. Past Chairman, NBA-YLF, Uyo Branch  Member, National NBA-YLF Pro Bono Committee  Preceptor, Legal Digest. Abstract  Technological advancements and access to computing power has made it possible for machines to artificially perceive, think, understand, learn, produce and interact without explicit human programming. This new reality known as artificial intelligence was introduced by the English mathematician Alan Turing in 1950 and later coined by an American computer scientist John McCarthy during the Dartmouth Conference in 1956. This new reality has brought with it various legal and philosophical complexities bordering on copyright ownership. These challenges stem from the fact that extant laws and legal systems on copyright were built on the presumption that there is some form of human intervention. It becomes imperative to solve the problem of the ownership of copyrigh...
Read more
Image
METI UKPEH, ESQ. SENDS GOODWILL MESSAGE TO NBA GARKI (LIBERTY BAR) BRANCH ON THE OCCASION OF ITS 2025 ANNUAL BAR WEEK "I am delighted to extend my unreserved warmest felicitations to the leadership and members of the Nigerian Bar Association, Garki Branch, on the occasion of your Annual Law Week.  I humbly convey my warmest felicitations to the  Anthony Bamidele Ojo led Executive Committee,  the Law Week Planning Committee and entire members of the NBA Garki Branch (Liberty Bar) on the occasion of your 2025 Annual Law Week. Your chosen theme:  LAW, TECHNOLOGY, AND THE SOCIETY  is apposite and particularly  underscores the imperative of innovation and forward-thinking in our profession. As we navigate the complexities of our contemporary environment, it is essential that we draw inspiration from the pioneering spirit of our legal forebears. Lord Denning's timeless observation in Parker v. Parker (1953) 2 All E.R. 121 serves as a poignant reminder of the need for boldness and cr...
Read more
Image
"You Made Us Proud": METI UKPEH, ESQ. SENDS GOODWILL MESSAGE TO NBA ORON BRANCH ON THE OCCASION OF ITS 2025 ANNUAL BAR WEEK "I am delighted to extend my unreserved warmest felicitations to the leadership  (Chairman of NBA Oron Branch, Ikara O. Ikara (JP) , the Executive Committee and the Bar Week Committee)  and members of the Nigerian Bar Association, Oron Branch, on the occasion of your Maiden Annual Law Week.  The theme: “ Understanding the Nigerian Lopsided Federation in Reshaping the Future , ” underscores the imperative of innovation and forward-thinking in our profession. As we navigate the complexities of our contemporary environment, it is essential that we draw inspiration from the pioneering spirit of our legal forebears. Lord Denning's timeless observation in Parker v. Parker (1953) 2 All E.R. 121 serves as a poignant reminder of the need for boldness and creativity in our pursuit of justice and legal excellence.  Indeed, you have made us proud! I pray t...
Read more
Image
[Just in] GOODWILL MESSAGE FROM LAWRENCE SHEGUN AYEWA, TO BENIN BRANCH (LION BAR) ON THE OCCASION OF HER LAW WEEK 2025 My heartfelt felicitation is by this message extended to the Chairman, his executive committee and planning committee for putting together this auspicious event with a theme “ Restoring Credible Justice: Bridging the gap between Law and Public Trust in Nigeria’s Judiciary”.  I wish the Bar successful and impactful deliberations in this law week 2025 and may the discussions achieve its purpose and bridge all gaps and restore public trust. LAWRENCE SHEGUN AYEWA = Past Secretary, NBA Udu Branch = Member, National Government Affairs Committee NBA Positivepublicityisachieveablefor2026
Read more

METI UKPEH, ESQ. SENDS GOODWILL MESSAGE TO NBA BENIN BRANCH (LION BAR) ON THE OCCASION OF ITS 2025 ANNUAL BAR WEEK

Image
METI UKPEH, ESQ. SENDS GOODWILL MESSAGE TO NBA BENIN BRANCH (LION BAR) ON THE OCCASION OF ITS 2025 ANNUAL BAR WEEK "I am delighted to extend my unreserved warmest felicitations to the leadership (Chairman of NBA Benin Branch, Idemudia Iredia Osifo, Esq., the Executive Committee and the Bar Week Committee) and members of the Nigerian Bar Association, Benin Branch, on the occasion of your Annual Law Week.  The theme “ Restoring Credible Justice: Bridging the Gap Between Law and Justice, ” underscores the imperative of innovation and forward-thinking in our profession. As we navigate the complexities of our contemporary environment, it is essential that we draw inspiration from the pioneering spirit of our legal forebears. Lord Denning's timeless observation in Parker v. Parker (1953) 2 All E.R. 121 serves as a poignant reminder of the need for boldness and creativity in our pursuit of justice and legal excellence. I pray that your deliberations will yield actionable insights a...
Read more