Digital forensics has given fresh hope in the fight against cybercrime.
The chances are now better to beat cyber criminals at their own game.

Husin points out that forging a close relationship with technology providers is important to speed up digital forensic development.

Now there is a method that allows scientists to “visualise” fingerprints even after the print itself has been removed.

Cybercrime detection makes headway

IF you think you have completely erased that e-mail or photo on your computer or mobile phone, think again.

Whatever you do on your computer leaves a trace. Evidence of computer activity is stored in many places on the hard drive. Information about network access is potentially logged on many computers throughout the local network and global Internet. Mobile phones, too, have information about who you’ve been in contact with.

In short, once you log out, you leave digital tracks everywhere.

Through digital forensics, digital evidence can be collected and analysed to help investigators understand what really happened in a cyber incident (any incident involving a computer or other gadgets).

In the scientific examination, data from a storage media is analysed by experts using specific digital forensic tools.

The results can be used in the courts (together with the study of the legal aspects of computer use and misuse).

Why digital forensics?
The IT age has made the use of electronic gadgets such as the computer and mobile phone indispensable in the daily lives of many people. So, if any incident takes place in cyberworld, digital forensics can become crucial in finding out the cause of the incident. And if the incident is criminal in nature, digital forensic analysis can be used to get to the truth and the findings presented in the courts for litigation, explains CyberSecurity Malaysia’s chief executive officer Lt Col (R) Husin Jazri.

Pushing ahead
Digital forensics is a fast-growing field because computers and the Internet are the fastest-growing technologies used for criminal activity. As computers get smaller, lighter, cheaper and easier to use, they appear at nearly every crime scene. Some ills such as illegal gambling have been given new life because of the pervasiveness of computers and the Internet.

Evidence can be found in almost any type of digital device – not only computers but also mobile phones, digital cameras, PDAs, routers and servers.

Many types of digital media must be handled, too, all with different connection types and file systems.

In the United States, cyber forensic researchers have come up with a device to extract mobile phone memory for use as crime scene evidence. The phone’s memory card is placed in the device where a software extracts and decodes information from call history, text messages, e-mails, images, videos and the calendar. The information is then used by the police as evidence.

At the University of Leicester, United Kingdom, forensic scientists working with Northamptonshire Police have developed a method that allows scientists to “visualise” fingerprints even after the print itself has been removed. They conducted a study on how fingerprints can corrode metal surfaces. With the technique, any fingerprint on a small calibre metal cartridge case before it was fired, can be recovered.

While the application of digital forensics in Malaysia is comparable with advanced countries, Husin says issues such as the high cost needed to keep abreast with technology and legal aspects not evolving as fast as technology, need to be looked into.

“To speed up digital forensic development, the relevant parties need to work together at the national and international levels. It is also important to forge a close relationship with technology providers. As far as the Government is concerned, it can provide or facilitate a platform of discussion at the G2G (government-to-government) level.” There is a need to nurture more experts in digital forensics to meet the rapid rise in cybercrime, Husin added.

Demand up, supply short for forensic professionals

More government legislation and industry compliance requiring companies to have security policies and programmes that meet global standards such as the Information Security Management System certification has pushed up demand for security forensic professionals.

According to Sean Lim, vice president of EC-Council, with most firms outsourcing their IT operations and giving employees remote access and hacking becoming easier, the services of digital forensic specialists have become crucial.

A digital forensic investigator’s role is to use advanced tools and techniques to recover deleted, damaged or corrupt data to prosecute perpetrators in court.

A report by the Ponemon Institute this year said about 70 per cent of companies in the United States surveyed have been hacked. A Verizon report revealed a higher figure – above 90 per cent.

At such levels, companies need to take immediate steps to make sure that their network and systems are protected and that they can handle, investigate and even prosecute cyber criminals, Lim says.

While there is a growing demand for digital forensic professionals, supply has been short.

Research firms such as IDC, Comptia and Foote Partners have reported shortages in information security experts globally, especially in forensics and disaster recovery.

“The same is seen in Malaysia.

There are not enough digital forensic experts. Digital forensics is a specialised science within the information security domain and we see very low awareness of security in Malaysia. This has resulted in fewer forensic professionals,” Lim said.

The EC-Council has developed certification and training programmes in ethical hacking and computer forensics such as Certified Ethical Hacker and Certified Hacking and Forensics Investigation.

“We have collaborated with global governments and even mapped our courseware to suit federal government needs. For instance, our courseware are certified by the US Security Agency to have met the CNSS training standards,” Lim said.

Also, the council’s partnership with the International Multilateral Partnership Against Cyber-Terrorism has resulted in information security training sponsorship of US$1 million (RM3.6 million) made available to the United Nations International Telecommunications Union’s 191 member states, with training covering digital forensics, among other domains.

Round-the-clock monitoring

THE application of cybersecurity technologies, including digital forensics, is probably more crucial in the Defence Ministry than other agencies in the country. The Ministry has an extensive ICT network with data accessed through a variety of tools.

At the heart of the Ministry’s cybersecurity measure is its Cyber Warfare Division. Headed by director Captain Mohd Maidin Sahadan of the Royal Malaysian Navy, the 30-member team is tasked to solely look after the cybersecurity of the Ministry.

“We monitor networks used by the army, navy, airforce and civilians with the Ministry. We have a digital forensic lab for investigating cybercrimes set up two years ago,” he said.

The team works 24x7, analysing network logs for any irregularity. If one is found, the team is alerted through push SMS.

When responding to a cybersecurity incident, the team first looks at the network plan and cordons off the area involved. It investigates the logs and mirrors whatever equipment compromised such as hard disks and servers. Then it clears the system of the risk and identify the culprit. The evidence and analysis are given to the relevant parties for action.

The team also will advise the user or organisation on how such incidents can be avoided.

Mohd Maidin says the division has a service level of at least 99 per cent to maintain.

“The Ministry has a tight security procedure with no allowance for any slack. The aim is to make sure there is no disruption to the network.

“Users who do not adhere to the security policy are penalised by being put on standalone systems.” Mohd Maidin believes that training is vital for a digital forensic investigator. The basic qualification to be part of the team is a degree in engineering or IT.

Cybersecurity, he points out, is not the responsibility of the security experts alone, but involves the whole organisation.

So, education and awareness are important.

Courses to consider

Wireless Security (a two-day course starting July 27)
Overview: Understand mobile banking models and threats faced by mobile applications.

Learn wireless auditing skills and wireless attack counter-measures.

Enquiries: Call 03-89460999 or e-mail: training@cybersecurity.my

Computer Security Forensics and System Recovery
Overview: Includes definition of computer forensics and its elements all the way to computer crime scene investigation and system recovery.

Enquiries: Call 03-21161888

BSc (Hons) in IT specialising in Forensic Computing
Overview: Provides skills and knowledge to detect computer crimes, and covers legal aspects in the prosecution of computer abuse and criminal activity related to computerbased information systems.

Enquiries: Call Asia Pacific University College of Technology and Innovation at 03-89961000 or e-mail: courses@ucti.edu.my

Master in Computer Science (Information Security)
Overview: To introduce the technical, application, management and legal aspects of security in ICT.

Enquiries: Call Centre for Advanced Software Engineering, Universiti Teknologi Malaysia, City Campus, Kuala Lumpur at 03-26154429/743 or e-mail: enquiry_ case@citycampus.utm.my