Sunday, 22 April 2012

Master of Science (Cyber Security and Forensic Computing) at UniSA

A good program for you to obtain Master of Science (Cyber Security and Forensic Computing) LMIA at UniSA, South Australia, Australia.

For further info, please visit

Friday, 20 April 2012

Briefing Y.A.Bhg Tun Abdullah Ahmad Badawi On Digital Forensics

Tun Abdullah was the 5th Malaysia Prime Minister. The Prime Minister was listening attentively on Digital Forensics development in Malaysia. I did the briefing and it was an honor given to me as the Head of Digital Forensics Department, CyberSecurity Malaysia. Y.B Dato' Sri Dr. Ir. Jamaluddin bin Mohd. Jarjis (former MOSTI's Minister) and Dato' Husin Jazri (my CEO) were accompanying Y.A.Bhg Tun Abdullah.

The Fifth International Workshop on Digital Forensics (WSDF 2012)

To be held in conjunction with the 7th International Conference on Availability, Reliability and Security (ARES 2012 –

August 20th – 24th, 2012
University of Economics
Prague, Czech Republic

Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research.
WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing.
The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance.

Topics of interest comprise but are not limited to:
Digital Evidence
Network Forensics
Anti Forensics
Physical Memory Acquisition and Analysis
Digital Forensic Information Visualisation
Fraud Investigations Involving Technology
Portable Devices
Cyber Terrorism
Log Analysis
Risk and Incident Management
Investigative Case Studies
Data Hiding Techniques and Steganography
Novel Data Recovery Techniques
Digital Evidence Extraction Techniques
Digital Evidence Search Techniques
Standards, Guidelines, Certification and Training
Digital Forensics Tools
Digital Forensic Implications for Cloud Environments
Critical Infrastructure Incident Investigation

Program Committee:
Vassil Roussev, University of New Orleans, US

Raymond Choo, University of South Australia

Benjamin Turnbull, Defence Science Technology Organisation, Australia

Aswami Fadillah, University of South Australia and CyberSecurity Malaysia

Matthew Simon, University of South Australia

Robert Taylor, South Australian Police, Australia

Simon Tjoa, St. Pölten University of Applied Sciences, Austria

Hein Venter, University of Pretoria, South Africa

Friday, 13 April 2012

Cloud Forensics

Two nice words. Do you agree with me? Yes or no or unsure (there is no way in this world you can get everyone to agree with you).

I deliberately put these two words rather than Cloud Computing Forensics because I’m lazy to punch the keyboards.


If my blog posting is with these three words it might further complicate the topic. Normally, Cloud Forensics is widely referred to.

Whatever it is…digital forensics practitioners…we have got a big problem here!

The field is getting broader and harder every each day due to the evolution of technology. People want more out of the Internet.

But at the same time more complicated digital forensics cases would emerge because some unscrupulous people want to achieve something out of it.

The weaknesses and vulnerabilities of the system are manipulated for self gain. The agenda/motive is always to monetize and merely disrupt or tarnish individuals and organizations reputation.

The committed crime background is broad too.

We haven’t finished on the technical part of the Cloud Computing Forensics and now come the legal part.

I always mentioned in my lecture that digital forensics is not all about computer technicalities but also the legal technicalities.

The systems are widely dispersed and cumbersome and now the legal part is another encumbrances.

I’m not quite sure on how to conduct research on Cloud Computing Forensics but I bet it is going to be painful.

Furthermore, it is more painful when you want to submit paper for journal publication of this subject. I’m sure the reviewer will ask where is the novelty that he or she could understand here. They can become so confused.

They will ask you again “what can you generalize here? What is the conclusion?”…and bla…bla…bla…then you are in jeopardy.

For a kick start (new researchers who have the aspiration to engage into Cloud Computing Forensics) or for those already progressing might want to review this literature by Taylor et al. [1] from JMU, Liverpool.

So, what say you?

Btw, I’m a Liverpool FC fan (lived in the UK/Liverpool for 5 years). Sometimes my friends and relatives ask me, why do you go to Liverpool University? Is it because of football or the university itself? And the funny thing, up until now, I can’t give the answer.

But for Cloud Forensics, we definitely must find an answer.

[1] M.Taylor, J.Haggerty, D.Gresty and R.Hegarty. “Digital evidence in cloud computing systems.” The Computer Law and Security Review, pp. 304-308, 2010.

Sunday, 1 April 2012

Smart Phone Forensics: Strip 'em all!

Nowadays it is difficult to choose which gadget to buy because you have so many types in the market. To commit or to become loyal on a certain brand is another issue. Most probably the right choice is to follow the trend.

Nevertheless, you can buy them all if you are financially capable but for the less fortunate they might put some thoughts and considerations. The best decision is to go for the most popular brand name, lots of technical features that it could offer, support contemporary applications (e.g. Facebook and Twitter) and at the end/importantly is the pricing (value for money).

Smart decision, smart phone…so…bye-bye computers and laptops!

It is convenient to carry an ALL IN ONE gadget (for the 'mobile' people).

From the perspective of digital forensics, this ain’t good!

We are just about to ‘ease down’ on computers and hard disks, now emerges smart phone and flash memory.

It is bad. When are the digital forensics people going to relax and have fun with their work!

Sorry mate! No in this particular profession.

So how are we going to process a smart phone. Well, strip em’ all. You gotta know hardware and software. Both ambits. No short cut.

Technically and mainly it is divided into three phases as follows.

1) Interface – you need to have good understanding on its interface. It may have two interfaces but now, most probably it is only USB (older phones are with JTAG connection).

With the packaging, it is another challenge; you must bare it all (knowledge in electronic is a must). Then you can refer to the technical documentations to get around it and perform forensically sound ‘image’ of the smart phone.

Without the image you can’t move on. No logical or physical analysis. Full stop!

2) Analysis of data structure/control – after the first obstacle, if you are successful, next difficult phase is to ‘decode’ everything in the flash memory/image. It is easier to analyze the SIM and SD card (with common file system, i.e. FAT32) but not this one. It has some encryptions in order to protect its intellectual property or made proprietary. Hacking and cracking must be done in forensically manner.

Good luck with this! It is adventurous (just like the Harry Porter movie). My advice is ‘when there's a will there's a way’. But again, it is easier said than done.

Phase 1 and 2 are really important. If not, Phase 1 will be a waste; you are unable to get anything.

3) Developing a tool – once you get the results on the above experiments, gain expertise, then the manual approaches can be turned into ‘best practice’.

Next step is to develop the tool to help you in your work. It is needed and you can process the exhibit faster.

This time around, I will not share with you on the mobile phones forensics literature unless personally requested. There are dozens available on the Internet and if you have subscription on certain databases, it is even easier.

So, we do not have much choice when it comes to smart phones forensics. Need to read for information gatherings on integrated circuits, protocols, operating systems, hardware packaging, interfaces type (and what you can get from it, imaging may not be so straight forward), flash memory technologies (NAND and NOR) and etc.

As a conclusion,
Con: We have a lot of work to do...
Pro: It is doable!