Human Rights Defenders (HRDs) and Social Justice Organisations (SJOs) in Kenya operate at the frontlines of accountability and civic advocacy while facing a rapidly escalating and increasingly sophisticated array of digital threats. Attacks have evolved from opportunistic social engineering to precisely targeted spyware campaigns – including tools such as Pegasus and Cellebrite ; designed to monitor, silence, and endanger defenders.
To meet this challenge, KICTANet and the Tatua Digital Resilience Centre recently convened a virtual validation meeting to stress-test the HRD Forensic Guidebook: a new resource built directly from the lived experiences of defenders on the ground and designed to serve as a direct, practical intervention to address these systemic failures and threats.
A Growing Crisis in the Digital Space
The urgency of this initiative is driven by the upcoming 2027 general elections and by a June 2026 report in which the National Computer and Cybercrime Coordination Committee (NC4) revealed that Kenya suffered nearly 3 billion cyber-attacks in just three months. The report highlights a growing trend of offences linked to unauthorised access, identity theft, and interference with computer systems. Some of these attacks directly affect human rights defenders, civil society organisations, and social justice organisations ranging from spyware and state surveillance to mobile money fraud and account hijacking making the risks facing civil society more complex than ever.
Historically, electoral seasons in Kenya serve as catalysts for a closing civic space. Dr. Grace Githaiga, CEO of KICTANet, emphasised that physical and digital threats are now inextricably intertwined, making the landscape particularly dangerous for those speaking truth to power.
The need for specialised forensic guidance is supported by alarming data from a 2026 Tatua assessment of 119 defenders. The findings revealed:
- High frequency of attacks: Nearly half of respondents (49.2%) experienced multiple digital security breaches in the past year.
- Primary threats: Account hacking (46.2%), phishing (44.5%), and targeted state surveillance (41%) were the most common issues.
- Severe consequences: These attacks resulted in the catastrophic loss of critical evidence, psychological trauma, and direct financial loss.
Bridging the Structural and Technical Gap
A significant barrier to safety is the critically low capacity for incident response. Only 21.2% of defenders feel confident leading a security response, and a staggering 82% bypass formal reporting channels such as the DCI due to deep-seated distrust and perceived unresponsiveness.
Furthermore, many organisations operate in a Bring Your Own Device (BYOD) environment without adequate security policies ; which John Gathii, a Digital Resilience Fellow at Tatua, explains significantly “increases the attack surface.” This is compounded by a lack of legal resources: 51.2% of organisations lack access to legal counsel, leaving them unable to ensure that the digital evidence they collect remains admissible in court.
The Guidebook: A Roadmap to Resilience
The HRD Forensic Guidebook is designed to bridge these gaps through a five-part structured approach:
- Foundations: Covers threat modelling, risk assessment, and essential digital hygiene.
- Institutional Readiness: Focuses on incident management and navigating legal frameworks such as the Data Protection Act and the Evidence Act.
- Technical Forensics: Provides tools for initial triage and mobile device forensics.
- Evidence Standards: Establishes protocols for chain of custody, hashing, and integrity verification to overcome legal barriers.
- Inclusivity: Connects organisations to collaborative frameworks and specialised forensic support.
Community-Driven Validation
The validation session included over 85 participants from journalism, technology, and disability advocacy. Their feedback was clear: accessibility is paramount. Participants called for a glossary to simplify technical terms such as “metadata” and “volatile data.”
Joyce Kimani, representing the Deaf community, specifically highlighted the need for visual formats, noting that text-heavy guides can be a barrier to inclusivity. Participants also identified the need for the guidebook to evolve alongside technology, suggesting the inclusion of guidance on artificial intelligence and deepfakes.
Looking Ahead
KICTANet and Tatua are committed to incorporating this feedback to ensure the final guidebook is a practical, accessible tool for everyone. The revised version will feature step-by-step actions, visual aids, and real-world examples.
As the digital battlefield continues to shift, defenders can seek immediate, ongoing support through Tatua’s 24-hour help desk at help@tatua.digital By institutionalising these forensic strategies, Kenya’s human rights community is taking a vital step toward ensuring that their systems — and their stories , remain resilient.
