The DCI’S Digital Forensic Lab overall function is to identify, seize, acquire and analyze all electronic devices related to all cyber-enabled offences reported so as to collect digital evidence which is presented in a court of law for prosecution purposes. The DFL is divided into the following sub unit each outlining specific the roles and responsibilities of the Digital Forensics Analysts.

DFL Analysts performs the analysis of computer hard drives (workstations, servers, laptops etc.). With an aim of looking for everything from ex-filtration of data,retrieving data that is deleted or otherwise destroyed by a user. Recovery of evidence from computer storage media

Deals with forensic analysis of smartphones, tablets and other portable devices, retrieval of deleted text messages, call logs, documents, mobile browser history, etc. Retrieval of data from GPS units, phone system, iPod, mp3 players, USB sticks and flash drives, SD cards, etc.

Malware analysis sub unit deals with the study of how malware functions and about the possible outcomes of infection of a given specific malware. Finding any suspicious malware activity in a network, Identify the source and type of malware and to know what would be the impact it might have in an organization/environment affected. Perform an intense malware analysis to comprehend the indicators and signs of compromise of a system when a need arises.

DFL CIRT is a team that responds to Cyber security incidents when they occur. Key responsibilities of a CIRT include: Investigating and analyzing security breaches and intrusion incidents, Managing internal communications and updates during or immediately after incidents, Mitigating incidents, Recommending technology, policy and training changes after cyber security incidents Responding to attacks that employs brute force methods to compromise, degrade, or destroy systems, networks, or services.

Deals with E-mail and Social media investigations; Tracking email and/or authenticating that messages are not tampered with or forged, recovering deleted messages from servers, laptops, desktops, Websites etc. Deals with Database Forensics and eDiscovery; Examination and recovery of data from mainframe and networked database systems.

Identify and coordinate research on emerging issues within the digital forensics field. Identify and assessing training needs within the unit. Coordinating internal and external training programs.

  i.  Forensic examination of computer and mobile phones
 ii.  Maintenance of lab processes of acquisition, archival and analysis
iii.  Maintenance of inventories of digital evidence as per standards/ ISO
iv.  Analysis of deleted and active files
v.   Location and analysis of data in ambient data sources
vi.  Recovery of deleted or encrypted data/emails, SMS, MMS, videos, internet sites
vii. Uncovering passwords
viii. Forensic sim card analysis
ix.  Extraction of data from mobile phones
x.  Presentation of expert forensic evidence in court