digital forensics (2012) - · pdf filedigital forensics department achievement in 2012 section...
TRANSCRIPT
CyberCSI 2nd Half Year 2012, Summary Report
Prepared By: Rafizah Abd Manaf and Nur Aishah Mohamad Reviewed By: Nazri Mohamed Author email address: [email protected], [email protected] and [email protected] Department: Digital Forensics Department Date of submission: 31st March 2013
Introduction
Digital Forensics Department (DFD) has successfully gone through a challenging year 2012.
This report will summarize second half year of 2012. As previous years, DFD is providing the
services in computer forensic and data recovery areas for all Local Enforcement Agencies in
Malaysia and other government agencies. The challenges that DFD faced are the increase
number of cases referred to DFD. The numbers of exhibits and size or volume of the media are
also another hurdle which we need to tackle.
Digital Forensics and Data Recovery Statistics
Summary of Digital Forensics cases received as shown in Graph 1 below:
Graph 1:Digital Forensics cases received by month for 2012
38
62
35 34
4845 45
37
6773
51
15
0
10
20
30
40
50
60
70
80
Jan Feb Mar Apr MayJune July Aug Sept Oct Nov Dec
Digital Forensics (2012)
Digital Forensics
Month
Total
The graph is digital forensics cases received by month. Total cases referred to DFD is 661.
From this 661, 550 is fallen under Digital Forensic, which represents 83.2% of the case. The
highest month case received was on October with 73. Towards end of the year, only 15 cases.
The possibilities of up and down of the graph are most agencies have their own labs and they
manage to handle simple cases on their own. As a result, they only sent to us the complicated
and difficult cases. Smuggle, Harrasment and Bribery are the three top case categories for this
2012 digital forensic statistic.
Summary of Data Recovery cases received as shown in Graph 2 below:
Graph 2:Data Recovery cases received by month 2012
111 out of 661 cases received was Data Recovery. It represents 16.8% of total cases. Month of
October shows the highest cases received with 21 cases. The lowest case received was
recorded in month of March and August, which are 8 in total. Most the cases received through
CyberClinic which is total up to 71. This Cyber Clinic was established to cater the demand from
the public and will be the receiving and marketing arm for this data recovery service.
10
8
4
6
13
10
54
8
21
7
15
0
5
10
15
20
25
1 2 3 4 5 6 7 8 9 10 11 12
Data Recovery (2012)
Data Recovery
Month
Total
Digital Forensics Department Achievement in 2012
Section A: Services and Product Provided
a) Digital Forensics Service
Graph 3 below charted the total cases
Graph 3: Cases received by Digital Forensics Department from 2002
DFD has also involved in high profile cases with other agencies. The cases are:
i. Ops Rokok
This operation was held in three different locations, Pulau Lan
Valley. Three teams from DFD were assigned to assist law enforcement
Rokok.. This operation is a
assist the LEA’s Investigation
0
100
200
300
400
500
600
700
2002 2003 2004 2005
135 20 45
30 58 49 48
Total
Digital Forensics Department Achievement in 2012
Section A: Services and Product Provided
Digital Forensics Service
Graph 3 below charted the total cases handled by DFD from year 2002 to 2012.
Graph 3: Cases received by Digital Forensics Department from 2002
has also involved in high profile cases with other agencies. The cases are:
This operation was held in three different locations, Pulau Langkawi, Pulau Labuan, and
. Three teams from DFD were assigned to assist law enforcement
collaboration between LHDN and Bank Negara
assist the LEA’s Investigation Officers in order to seize the digital evidence.
2005 2006 2007 2008 2009 2010 2011 2012
41116
161212
428
444 550
91
105
137
162
172
131
111
Digital Forensics Department Achievement in 2012
by DFD from year 2002 to 2012.
Graph 3: Cases received by Digital Forensics Department from 2002-2012
has also involved in high profile cases with other agencies. The cases are:
gkawi, Pulau Labuan, and Klang
agencies for this Ops
between LHDN and Bank Negara Malaysia. DFD
seize the digital evidence.
Data Recovery
Digital Forensic
Year
ii. Ops Arak
This operation was held in Miri, Sarawak. DFD was requested by Kastam Di-Raja Malaysia to
assist in digital evidence seizure. Two premises were raided and various alcohol tonic brands
were seized by the enforcement.
iii. Ops Aeroplane Parts
United State of America believed some companies in Malaysia involved in purchasing
aeroplane parts from USA and sell them to Iran. DFD was requested by special task forces to
join the operation and assist enforcement agency, SPRM on the digital evidence seizure.
iv. Ops DurianTV
Another major case that DFD involved at national level was Ops Durian. This operation took
place in Pulau Pinang. Two teams were sent to assist local enforcements agencies which
involved from two agencies, PDRM and MCMC.
b) ASCLD/LAB-International Quality Management System (QMS)
CyberSecurity Malaysia Digital Forensic Laboratories has been recognized by ASCLD/LAB as
the first organization in Asia Pacific to receive ASCLD/LAB-International accreditation in the field
of Computer & Multimedia Discipline. With this recognition, DFD can better assist Law
Enforcement Agencies and report produced by analyst from DFD can be accepted in court.
In early 2012, one of our Regulatory Bodies (RBs) in Malaysia, Malaysian Communication and
Multimedia Commission (MCMC) has engaged DFD to develop Digital Forensics Quality
Management System (QMS) for their digital forensics laboratory in accordance to ASCLD/LAB-
International and ISO/IEC 17025. Trainings were given to MCMC forensic members on the
system implementation. DFD team was also assisted them to develop computerized QMS,
which will help them to automate their documentation.
Training Courses & Certification
In 2012, DFD has provided training course to 6 different agencies. They were Bank Negara
Malaysia (BNM), Lembaga Hasil Dalam Negeri (LHDN), Polis DiRaja Malaysia (PDRM),
Selangor University (UNISEL), Kuala Lumpur University (UNIKL), and KPerak. Most of the
participants successfully passed the examination and were given certification.
Research and Development Blueprint
DFD R&D Roadmap focuses on long term and short term research and development, plan to
enhance the current services and operations. Furthermore, the roadmap is designed to ensure
the sustainability of the CyberSecurity Malaysia's Digital Forensic Department business via
exploration of new knowledge and services through R&D efforts.
This is also an effort to ensure CyberSecurity Malaysia’s Digital Forensics Department
contribution is continuously significance to the nation. DFD has played a very eloquent role in
helping our country's Law Enforcement Agencies (LEAs).
DFD has already on the move with the short term research plan via collaboration with the
Fakulti Teknologi Sains dan Maklumat of Universiti Kebangsaan Malaysia in exploring face
recognition for video forensics analysis. Both parties has jointly applied Exploratory Research
Grant Schemes (ERGS) from Ministry of Higher Education (MoHE), in which grant tenure
started since July 2011.This project is expected to be completed in June 2013. Apart from this
collaboration, DFD has already on the planning for more research collaborations with the
current collaborator and other IPTAs namely Universiti Tenaga Nasional (UNITEN), Universiti
Teknologi Malaysia(UTM) and Universiti Teknologi Petronas(UTP).
A few critical research fields are already identified for the future collaborations as listed below:
i. Embedded device recovery and forensics
ii. Video and image forensics
iii. Audio forensics
iv. Biometrics forensics
v. Digital forensics SOP, methodology and innovations.
Based on the fields mentioned, the research topics selected for the undertaking are:
i. Forensic Data Analysis and Recovery from Embedded Device Flash Memory
ii. CCTV Surveillance Video Enhancement: Super-Resolution and Denoising via advanced
image processing algorithms.
iii. Image and Video Authentication: The Exploration of Image and Video Frames Dark
Current and Fixed Pattern Noise Analysis in Determining the Source of Recording
Device.
iv. Image and Video Authentication: Image and Video Authentication via Detection of
graphical modification.
v. Audio Authentication: The Exploration of Electrical Network Frequency (ENF) in audio
forensics.
vi. Biometrics Forensics : Suspects Biometrics Identification System via multimedia files
forensics
vii. The Enhancement of Digital Forensics Operation.
c) Digital Forensics Portal
Digital Forensics Portal was launched in January 2012. This portal was developed for in-house
portal used. It was established to provide the latest data related to cases conducted in forensic
laboratories to all DFD members on their daily tasks. All information and inputs will be updated
in real time and it will summarize all cases submitted by Investigation Officers (IOs). By having
this portal, it has indirectly reduced the case processing time and increase operation productivity
and efficiency.
Section B: Key activities and achievement.
a) Paper Publication
In November 2012, two (2) of our papers have been accepted in the Soft Computing and
Pattern Recognition International Conference (SoCPaR, Brunei). The papers will be available in
conference proceedings published by IEEE.
The papers were:
i. Sparse Representation Super –Resolution method for Enhancement Analysis in
Video Forensics.
ii. Super Resolution Hybrid Methods for CCTV Forensics Interpretation.
b) Nomination by MOSTI
Digital Forensics Department has been nominated by MOSTI for the Prime Minister's Innovation
Award, in the category of information technology. Nomination is based on the commitment,
contribution and achievement shown by DFD toward the nation. Huge cost saving was reported
during RMKe-9 by utilizing local expertise from DFD.
Conclusion
There are a lot of great achievements despites lots of challenges in this 2012. Number of case
is increased while the number of staff was maintained. In view of more agencies referred to
DFD, we can summarize that the relationship and trust with LEAs is good and healthy.
Eventhough some of the agencies start to have their own forensic facilities, assistance from
DFD is still needed especially when dealing with complicated and high-tech crimes. We wish to
get more funding and mandate on this forensic area so that we can be the center of excellent in
near future.