PHD CONCEPT NOTE PAPER:

SCHOLAR NAME: AARON ANDREW MWAKIFWAMBA

TITLE: ASSESSMENT OF THE EFFECTIVENESS OF TOOLS AND

TECHNIQUES USED FOR NETWORK FORENSIC IN TANZANIA.

1.0 BACKGROUND INFORMATION:

The increasing rate of cybercrime worldwide has prompted the need for
advanced network forensics focuses on monitoring and analyzing computer
network traffic to identify potential security threats, gather digital evidence
and reconstruct cybercrimes. Tanzania like other nations is facing challenges
related to cybersecurity(Kigwana, Kebande and Venter, 2017). Despite effort
to safeguard systems, the success of network forensic techniques and tools
remains unclear due to evolving cybersecurity(Kigwana, Kebande and
Venter, 2017; Muzigura and Casmir, 2023). Despite efforts to safeguard
systems, the success of network forensic is essential to understand their
effectiveness and inform future improvements.

With the rapid development of computer, technology growth and use of

internet the network forensics has become an integral part of computer
forensic is regarded as a science which deal with preservation, identification,
extraction and documentation of computer evidence and it is subset of
network forensic (Banday, 2011). The network forensics deals with the
capture and recording of network event in order to discover evidential
information about the source of security attacks and its effectiveness
(Meghanathan et al 2007). Looking at the literature of effectiveness of tools
and techniques used for network forensic in developing countries, it appears
that over the last two decade has been focusing on understanding the usage
of the developed tools and technique for network forensic which stays on the
top of the latest attach (Hunt and Zeadally, 2012) such as IP traceback
techniques, EmailTrackerPro and SmartWhols tools (Meghanathan et
al.2007). However less emphasize has been given on understanding the
effectiveness of tools and techniques used in network forensic. There is little
knowledge on how the tools and techniques in combination with resource
and capabilities to enhance effectiveness in capturing and recording the
evidential information.

2.0 Problem Statement:

Tanzania is expanding digital infrastructure has resulted in a rise in cyber

related incidents; The efficacy of the tool and techniques currently used for
network forensic is not adequately understood, The cyber related incidents
such as; in 2021 Tanzania Revenue Authority(TRA) was targeted in cyber
attack where hackers attempted to infiltrate its online tax payment systems,
Government website hacked in 2013 by group called “Moroccan Ghost”, they
defaced government portals and exposed vulnerabilities in the country’s
cybersecurity infrastructure and in 2016 Tigo Tanzania Data Breach were is
one of Tanzania’s leading telecommunications companies, faced a data
breach when personal customer information was compromised. The breach
included sensitive detail of subscribers and incident raised concerns over
data privacy and cyber vulnerabilities in the telecommunication sector.
Cybercrime incidents such as hacking, unauthorized data access, and other
malicious activities are on the rise. However no comprehensive study has
evaluated how well network forensic tools and techniques in use are
addressing these issues. The study aims to assess the gaps in technology
and process and propose solutions that can enhance the forensic capabilities
of Tanzania networks.

2.0 Research Objectives:

Following the above problem statement and research questions;

The following research objectives.

2.1.1 General Objective:

To assess the effectiveness of tools and techniques as used for network

forensic framework in Tanzania.

2.1.2 Specific Objective:

2.1.2.1 To identify and asses the effectiveness of available tools on detection

of evidential information for network forensics.

2.1.2.3 To assess the effectiveness of the tools in the event of network

forensic hardware or software failure.

2.1.2.4 To evaluate the information gathered as evidence for use in court of

low which are detection by tools and technique applied for network forensic.

2.1.2.5 To identify the most commonly used network forensic tools and
techniques in detecting, preventing and investigating cybercrime.

2.1.2.7 To determine the challenges faced by cybersecurity professionals in

Tanzania in implementing network forensics.
3.0 RESEARCH QUESTIONS:
3.1.1 What are the most widely used tools and techniques for network
forensics in Tanzania?
3.1.2 How effective are these tools and techniques in identifying and
analyzing cybercrime incidents?
3.1.3 What challenges are encountered in the practical application of
network forensic tools in Tanzania?
3.1.4 How can effectiveness of network forensic practices in Tanzania be
enhanced?

4.0 Significant of the Study:

This study is significant because it will provide valuable insights into the
strengths and weakness of the current network forensic tools and techniques
used in Tanzania. By understanding their effectiveness, the findings will help
inform policy makers, network administrators and cybersecurity
professionals about areas that require improvement. Furthermore, it will
contribute to the body of knowledge on network forensics in developing
countries and provide a basis for future research on improving cybersecurity
defenses.(Mwita and Mhina, 2023)(Massawe and Mshana, 2023)

5.0 Literature Review:

This section will review existing literature on network forensic techniques and tools, focusing
on their application in different regions, including developing countries like Tanzania. Previous
studies on network security, forensic methodologies, and cybercrime investigations will be
analyzed. The literature review will highlight gaps in current research, emphasizing the need for
an empirical assessment of tools and techniques in Tanzania.

6.0 Research gap:

Most of the practice in cyber security cases in developing countries have

specifically targeted on their work environment. However, the approaches in
assessment of effectiveness of tools and techniques used for network
forensic in Tanzania will always differ among countries. The study will explore
the country’s unique approach to the assessment of effectiveness of tools
and techniques used for forensic in entire Tanzania.

7.0 Research Methodology:

The purpose of this study is to assess the effectiveness of tools and

techniques used for network forensics investigation of e-mail and website
therefore the qualitative method of research will be deployed from an
interpretive research approach. For this purpose, Design Science is used in
order to generate an artefact (forensic methodology). A research method
refers to the procedures that will be followed for collection and analysis data.
There are however two methods used to address a research project, namely
quantitative and qualitative research method. Qualitative research is an
appropriate research method because digital forensic is a growing discipline
and many of the procedures followed cannot be measured quantitatively.
(Mwita and Mhina, 2023)

Because of the nature of digital forensic discipline this study will utilize the
qualitative research method. Qualitative research is an appropriate research
method because digital forensic is a growing discipline and many of the
procedure followed cannot be measured quantitative example the digital
forensic process and to an extent the recovery of digital forensic evidence.
Furthermore, the opinions of the digital forensic expert will weigh heavily on
the digital forensic evidence expert will weigh heavily on the outcome of the
proposed E-mail Forensic Methodology mainly because these experts can
provide insight into the digital forensic investigation process, due to their
implicit knowledge, something that cannot be achieved through the
quantitative research method.

7.1 Data Collection:

Hence this is a qualitative research technique, the study will utilize both
primary and secondary data sources. The primary data source are interviews
will be conducted with network administrators, cybersecurity professionals
and law enforcement officers in Tanzania to gather data on the use of
network forensic tools, more specifically expert review. Secondary data will
include literature survey of internet sources, frameworks, methodologies,
journal articles, past research project reports as well as books.
Case study of actual cybercrime incidents will be analyzed to assess the
effectiveness of forensic investigations.

7.1.1 Data Analysis:

Quantitative data will be analyzed using statistical tools to measure the

effectiveness of different forensic techniques.
Qualitative data from interviews will be thematically analyzed to understand
challenges and experiences with forensic tools.(Aldawood and Skinner, 2020)

7.1.2 Study population:

Since the network forensic investigation for emails and website population
is relative unknown and due to the interpretive nature of this study the
sample size of the population is relatively small. Expertise in network
forensic from ISP’s TCRA, Ministry of Home Affairs will be consulted.

8.0 Expected Results:

The research is expected to reveal the most commonly used network

forensic tools in Tanzania, asses their strengths and limitations and identify
significant challenges. The result will likely show gaps in the practical
application of tools due to technical limitations, lack of training, or other
factors. Recommendations will be made on improving forensic capabilities to
better combat cybercrime.

REFERENCES:
Albladi, S.M. and Weir, G.R.S. (2018) ‘User characteristics that influence judgment of social
engineering attacks in social networks’, Human-centric Computing and Information Sciences,
8(1), p. 5. Available at: https://doi.org/10.1186/s13673-018-0128-7.

Albladi, S.M. and Weir, G.R.S. (2020) ‘Predicting individuals’ vulnerability to social engineering in
social networks’, Cybersecurity, 3(1), p. 7. Available at: https://doi.org/10.1186/s42400-020-
00047-5.

Aldawood, H. and Skinner, G. (2020) ‘Analysis and Findings of Social Engineering Industry
Experts Explorative Interviews: Perspectives on Measures, Tools, and Solutions’, IEEE Access, 8,
pp. 67321–67329. Available at: https://doi.org/10.1109/ACCESS.2020.2983280.

Kigwana, I., Kebande, V.R. and Venter, H.S. (2017) ‘A proposed digital forensic investigation
framework for an eGovernment structure for Uganda’, in 2017 IST-Africa Week Conference (IST-
Africa). 2017 IST-Africa Week Conference (IST-Africa), Windhoek: IEEE, pp. 1–8. Available at:
https://doi.org/10.23919/ISTAFRICA.2017.8102348.

Massawe, E.R. and Mshana, J.A. (2023) ‘Preventing and Combating Cybercrimes: Case of
Cybercrimes Investigation Unit of Tanzania Police’, European Journal of Theoretical and Applied
Sciences, 1(5), pp. 1179–1190. Available at: https://doi.org/10.59324/ejtas.2023.1(5).102.

Muzigura, G. and Casmir, R. (2023) ‘Evaluation of Measures Taken by Telecommunication

Companies in Preventing Social Engineering Attacks in Tanzania’, European Journal of
Theoretical and Applied Sciences, 1(4), pp. 1248–1259. Available at:
https://doi.org/10.59324/ejtas.2023.1(4).114.

Mwita, P.S. and Mhina, J.R.A. (2023) ‘Assessing the Effectiveness of the Implementation of
Cybercrimes Mitigation Strategies in Selected Commercial Banks in Tanzania’, European Journal
of Theoretical and Applied Sciences, 1(6), pp. 571–583. Available at:
https://doi.org/10.59324/ejtas.2023.1(6).58.