Raila Odinga's witness maintains results were altered in the IEBC server

"Several unauthorised individuals seem to have been illegally authenticated to gain access into the core of the live system," says Njoroge in an affidavit filed in the Supreme Court, in support of Raila's presidential petition.

"There was an illegal, malicious and unauthorised commission staff whose names were not officially published in the Kenya Gazette as part of the official election process making authorisation and verification of specific forms," he explained.

The ICT guru argues that the decision to allow the individuals illegally access the system severely compromised the integrity of the servers that were running at that time and which coincided with the August 9 General Election.

Details of the affidavit are contained in a forensic report that reviewed activities that happened on the servers as captured in the log files provided from the six servers IEBC used to transmit the presidential result on August 9.

Njoroge, a certified ICT forensic expert, and the CEO of East Africa Data Handlers (EADH) conducted the audit on the instruction of Raila and included the logs that are annexed in the IEBC commissioner Justus Nyangaya's affidavit.

Based on the data flow from the logs the servers were set up in the Server Load Balancing (SLB) Algorithm which allowed the distribution of the Election Day traffic among the six servers in the logs to ensure consistent, high-performance application delivery.

The audit further shows there was successful remote root access into the live environment servers, continuous generation of Form34Cs and an illicit data in the presidential tally.

Njoroge says that conformed transmission of the forms from a single host server IP address (172.21.5.4) identified as the RTS server shows there was a middleware that intercepted, received and or sent information between the Kiems kits, the county tallying centre and the presidential tallying centre and the verification of specific forms.

When he downloaded and converted some of the forms from the systems, he says it was followed by an upload of the new information within the server in .csv format, which suppressed, modified, edited, deleted or otherwise damaged data within the systems and the servers.

In the report, Kwanusu is alleged to have gained access to the system and performed verification on 1743 form 34s.

Abdi is alleged to have performed verification on 659 form 34As under the direction of Marjan. In the affidavit filed by Commissioner Nyangaya, who chairs the IEBC ICT committee, Abdi was not authorised to access the system.

Njoroge further alleges that Abdi was stationed at Bomas of Kenya National Tallying centre.

He states that upon downloading and translation of forms 34Bs and 34Cs, the process of verification was not a forward tallying process on the dersignerfd tallying chain of 46, 232 form 34As to 290 form 34Bs and finally form 34C.

"In this case, the data seem to working from form 34C that are seemingly being downloaded into a .csv file modified or edited and transmitted thereby the resultant forms editing any forms 34Bs in the system," explains Njoroge.

He adds that any changes that were made on form 34C on the RTS backend, would have an automatic effect on form 34B at the constituency level, which essentially affects form 34A at the polling station level.