Saturday, 21 December 2013

Currently reviewing a digital forensics book! Busy...busy...busy...

Anyone want to request for technical review...:)

Also, concurrently planning for forensics...&...MyCERT!

Friday, 22 November 2013


A very important subject/knowledge in investigations.

A simple video on E-Discovery.

Friday, 4 October 2013

A General Model of Forensic Data Recovery Framework for Digital CCTV Systems

I think this is an important topic for LEAs.

If you need to refer to the framework, it is available here (under the chapter Data Recovery from Proprietary-Formatted CCTV Hard Disks).

Contact me if you need further clarifications or suggestions.

Thanks :)

Saturday, 3 August 2013

Forensic Data Recovery and Anti-Forensics Tools For Digital CCTV Systems

I’ve developed two forensic tools.
1)      DDCT – DVR Data Carving Tool
2)      DDET – DVR Data Eraser Tool
The second tool…DDET…mmm…digital forensic practitioners would not be able to recover the video files!

Saturday, 27 July 2013

Interesting talk by Simson Garfinkel

Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. Garfinkel is regarded as a leader in the fields of Digital forensics and Usable Security. In addition to his academic work, Garfinkel is a journalist, an entrepreneur, and an inventor, his work in all three concerned with computer security, privacy and information technology.

Saturday, 20 July 2013

Digital forensics as a career

I’ve received some emails from my Linkedin colleagues asking me whether digital forensics is good for their career.

Well, if you ask me about digital forensics, I will tell you that it is the best for you.

Most probably, I’m bias here, but I can’t help it.

Apart from family, I’m devoting my life to digital forensics. Almost everyday I’ve to read about digital forensics.

For those who are thinking to pursue their career in digital forensics, you can ask digital forensic experts (general or specific questions) or you can read digital forensics magazines to get more information; and of course literatures.

There are two new publications by eforensics magazines for you to read and loads of digital forensic literatures.

-       An ebook: Real life computer forensics
-       A magazine: Let’s play forensic tools

My research is more towards data recovery and there are two good articles for you to read.

Hopefully you'll get some ideas if digital forensics is good for you.

Good luck!

Friday, 28 June 2013

Memory Forensics

I’ve done a bit of work on memory forensics and found it interesting but complex. And, as a researcher and practitioner, I need to read and write a lot. Same goes to you out there, my dear colleagues. The least that you need to do is to read in order to keep yourself informed. Apart from the Advances in Digital Forensics book by IFIP Working Group 11.9, eForensics Magazine is another good resource for you (I’ve been interviewed by them and I’ve also contributed an article to them).

If you are interested in memory forensics, you can refer,

Sunday, 16 June 2013

iOS Forensics: How can we recover deleted image files with timestamp in a forensically sound manner?

For further info,

More digital forensics research papers in the future :) for practitioners and researchers.

Monday, 20 May 2013

iOS Forensics Framework For Practitioners

Digital forensics practitioners are welcome to discuss with me on iOS forensics framework (especially those from LEAs). You will need it, the framework, as an expert witness in the court of law and I've developed a framework that was accepted by a reputable digital forensics conference in Germany!

The report of your commercial might have tough time to explain it to the judge/jury on how you recovered the digital evidence from the device.

Tuesday, 9 April 2013

Publication of Digital Forensics and Cyber Security Research Paper

Dear fellow Malaysian digital forensic and cyber security researchers,

I have to say that I’m proud with some of your work. I know this development because I’m reviewing some of your papers (i.e., thanks to UKM for inviting me).

If you plan to do a research (or already doing it), I’m interested to work with you and publish/present paper at local or international conferences (such as IFIP Working Group 11.9 Digital Forensics).

In fact, some of you have been communicating with me.

I hope to be back in Malaysia (and CyberSecurity Malaysia) soon and perhaps we could plan something in the future.

Most probably, I’m able to contribute and share my experience as a reviewer (thanks to ARES for inviting me a few times) and author.

Also, to my colleagues from other countries, I’m interested to work with you as well.

Friday, 29 March 2013

Digital CCTV Forensic Data Recovery Research

Most probably, because of our paper in ifip recently, digital CCTV forensic data recovery is emerging in the academic research.

Data Recovery From Proprietary-Formatted Files CCTV Hard Disks
A. Ariffin, J. Slay and K.K.R Choo
University of South Australia, Mawson Lakes, Australia

See below in another conference in New Zealand. 

28th IFIP TC-11 SEC 2013 International Information
Security and Privacy Conference

Auckland, New Zealand, 8-10 July 2013

The 2013 Digital Forensics International Conference
“Digital Forensic Cases, Tools & Techniques”
July 8 & 9
Final Call for Presentations
Closes Friday 17 May 2013

The final call for papers closes 17 May for industry or applied digital forensic presentations examining digital forensic innovation, cases, tools and techniques.

AUT University Digital Forensic Research Laboratories is hosting in association with the 28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference, Auckland, New Zealand, 8-10 July 2013 The 2013 Digital Forensics International Conference.

Presentations are invited from Practitioners and Researchers to bring together the best of practice and innovation in the field. As Digital Forensics has differentiated from its Security and Computing roots rapid and path changing approaches are evolving that are contributing to a better fit of the legal, managerial and IT worlds.

If you wish to be a part of these two days examining the current state of Digital Forensic practice - then send in your abstract (150 words).

Presentations are accepted in three themes:
1)      Cases: Legal Cases, Employer Risk, Professional Practice, Standardisation
2)      Tools: Reliability, Functionality, Testing, Development, Demonstrations
3)      Techniques: Mobile Devices, Extraction Practices,  Preservation Skills, Network Forensics,
         Environmental Forensics, CCTV & Image/Visual Intelligence, GPS, Seganographic

Tuesday, 19 March 2013

iOS Forensics: The death of data carving

With the iPhone encryption system...foremost...scalpel...mmm...:(...they are obsolete.

Btw, I've completed my research on iPhone anti-forensics :)...writing another paper.

The iOS won't be able to detect it...hahaha

Hacking effaceable area...lwvm...IOKit...etc...etc...mmm...

Friday, 8 March 2013

iOS Forensics: cprotect.h

It is important for you to understand this attribute.
struct cp_xattr {
 u_int16_t xattr_major_version;
 u_int16_t xattr_minor_version;
 u_int32_t flags;
 u_int32_t persistent_class;
 u_int32_t key_size;
 uint8_t  persistent_key[CP_WRAPPEDKEYSIZE]; 
Playing around with iPhone...:) 

Saturday, 2 March 2013

iOS Forensics: iPad 2 - A Step by Step Guide

I'm so relief :)...iOS paper submitted. Not easy...:(...but manage to break the hierarchical encryption file system - cryptography.

Mmm...EMF, DKey and per-file keys.


Most importantly, how you do it in a "forensically sound" manner (needed by digital forensics practitioners).

Next is iPad 2 forensics!

Saturday, 19 January 2013

The Sixth International Workshop on Digital Forensics (WSDF 2013)

If you plan to attend a Digital Forensics Workshop. 

To be held in conjunction with the 8th International Conference on Availability, Reliability and Security (ARES 2013 –

September 2nd – 6th, 2013, University of Regensburg, Regensburg, Germany.

Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance. 

Topics of interest comprise but are not limited to:
  • Digital Evidence
  • Network Forensics
  • Anti Forensics
  • Physical Memory Acquisition and Analysis
  • Digital Forensic Information Visualisation
  • Fraud Investigations Involving Technology
  • Portable Devices
  • Cyber Terrorism
  • Log Analysis
  • Risk and Incident Management
  • Investigative Case Studies
  • Data Hiding Techniques and Steganography
  • Novel Data Recovery Techniques
  • Cyber Crime

Submission deadline extended to April 2nd, 2013.

Program Committee

  • Aswami Ariffin, CyberSecurity Malaysia and University of South Australia
  • Aniello Castiglione, University of Salerno
  • Raymond Choo, University of South Australia
  • Kam-Pui Chow, Hong Kong University
  • Simson Garfinkel, Naval Postgraduate School, US
  • Chris Hargreaves, Cranfield University, UK
  • Grant Osborne, University of South Australia
  • Vassil Roussev, University of New Orleans
  • Robert Taylor, South Australian Police, Australia
  • Simon Tjoa, St. Pölten University of Applied Sciences, Austria
  • Vrizlynn Thing, National University of Singapore
  • Benjamin Turnbull, Defence Science Technology Organisation, Australia
  • Hein Venter, University of Pretoria, South Africa
  • Stefano Zanero, Politecnico di Milano