Saturday, 31 December 2011

Malaysia Cyber Security Software

I couldn't agree more that Malaysia need to have its own cyber security software. In fact, it has become a norm in the US and elsewhere in the west, a computer security expert producing their own tool.

Well, you can start it as a hobby and it depends on how gud is your software for commercialization.

If you need to make it really secured, then the overall architecture must be entirely developed. From the language itself, syntax, source code, compiler and etc.

There is lot of effort required to realize this dream...perhaps start with an operating system first!...:).

Anyway, Happy New Year 2012!

For background info, please read. 

PS: I bought this book many years ago and it its gud for beginner and seasoned programmer.

Sunday, 25 December 2011

Want to learn web hacking? Anonymous?

Before you want to learn about web hacking, it is important to gain the knowledge of the web technology first. In web development there are few things that you must consider such as follows.
1) Web server – Apache or IIS
2) Domain name
3) Web hosting/IP
4) Web programming and scripting – HTML, CSS, PHP, Perl, Ruby, Java Script, CSS, XML and all .Net framework
5) Database - MySQL
6) Network, FTP, URL, HTTP and SSL
7) Multimedia files – JPEG, GIF, PNG and etc

These are the technical knowledge you must gain before involving yourself as web administrator or developer. But bear in mind technology is evolving fast and perhaps there could be some new technologies around as we move from Web 2.0 to Web 3.0.

http://computer.howstuffworks.com/web-30.htm/printable

Now, the same knowledge can be use for hacking though. By writing this posting it is by no means to promote web hacking but to educate people on how to defend your system. It depends on the individual to use their knowledge for good or bad.

1) Hacking web server – nothing is perfect in this world. So, any technologies developed could inherently have some kind of vulnerabilities. E.g. buffer overflows.
2) Web application – cross side scripting.
3) Password cracking – weak authentication.
4) SQL injection – to gain access.
5) Session hijacking – spoofing or man in the middle attack.

Just YouTube 1-5 you’ll get the information you need.

http://thestar.com.my/news/story.asp?file=/2011/6/14/nation/20110614081623&sec=nation

Saturday, 24 December 2011

Understanding the Operating System is a must in Digital Forensics

Usually digital forensics trainer will be mentioning about computer anatomy in their lecture. This is to ensure the computer bits and pieces are well described to the students.

It is common for the computer exhibit to be disassembled during the preservation phase. This is required in order to image/duplicate the hard disk evidence. Then the duplicated hard disk digital evidence is analyzed for any relevant info/data of the case. With the above process, it shows that the understanding of computer anatomy is important.

Equally important is the knowledge of the operating system at kernel level. This is essential for a digital forensics analyst to perform well. The operation relationship between computer hardware and software can be visualized better.

The operating system structure is divided into four areas as follows.
1)Device management - to handle the access to the input and output devices required by the computer applications or processes.
2)Memory management - apart from the operating system itself, other applications or processes are sharing the memory and it is the task of the operating system to manage/control the allocation.
3)File system management - the processed information must be stored and organized in a proper manner.
4)Process management - managing all processes accordingly by providing resources required. In a multitasking environment, many processes or applications can run at the same time.

Thursday, 22 December 2011

Digital Forensics in Wearable Computing

With the advent of wearable computing, digital forensics community must be able to prepare themselves on how to conduct the analysis on this technology. It is anticipated these wearable devices will be mainly embedded microcomputer with flash memory (the hard disk expansion is coming to an end and flash storage is up-and-coming). Thus, the digital forensics/data recovery scope is entrenched into the small-scale devices.

As such, the work conducted by Breeuwsma et al. (including my friend Mr. Klaver) [1] can be a pretty good reference because they have explored the embedded devices storage for data recovery analysis. It looked at the low level hexadecimal data of forty-five USB (universal serial bus) models and also mobile phones.

Before starting the actual analysis, they studied on the flash technology on its physical and logical characteristics. Then the data acquisition is performed using several methods such as flasher tool, JTAG port (usually used for testing/debugging) and interestingly removing the chip itself. Upon completing the data acquisition, the file system analysis is done on the USB and mobile phones (very technical) in order to extract the relevant data/digital evidence.

But the most intriguing part is the semi invasive data acquisition. Please bear in mind that some jurisdictions do not allow the analysis to be disruptive in nature (e.g. not like blood sample analysis). This means the exhibit must be in working condition after the analysis is completed.

Most probably, it is acceptable if the relevant data is obtained but will be a big issue if nothing is found instead. The defense side might contend the exhibit is destroyed and there is no further evidence can be gathered.

But the removal of the chip and imaging it could be the best possible method to extract the relevant data (just like the typical hard disk imaging process). Perhaps this is the risk that the digital forensics community needs to take and hopefully the method can be improved further.

[1] M.Breeuwsma, M.de Jongh, C.Klaver, R.van der Knijff and M.Roeloffs. “Forensic Data Recovery from Flash Memory.” The Small Scale Digital Device Forensics Journal, vol. 1, no. 1, June 2007.

Tuesday, 20 December 2011

Wearable Computer

We had so much of fun with Apple’s product. It is not merely a computing device but include some kind of new experience to the user. E.g. User can enlarge the image instantaneous by only using the fingers. It was awesome when it is being introduced in the beginning.

But computer users are worried when Steve is no longer around. Are they going to experience the same thing in the future? The same fun they had with iPhone, iPad, MacBook and etc.

Have you heard about wearable computer? http://www.theage.com.au/digital-life/digital-life-news/apple-google-secretly-develop-wearable-computing-20111220-1p2vz.html

For more info, please read this link. http://en.wikipedia.org/wiki/Wearable_computer

Internet scams - Digital forensics analyst is not a magician

It is quite worrying to read the news about internet scam cases. Nowadays, a lot of people become victims even though the government has alerted them through media advisories and what not.

At first they never thought of being conned until something amiss happened. Then they will chase the police to solve their case and eagerly wanting their money back.

Sorry, it is not that easy…ok. There is so much work to do in the cyber world investigation and I have to say this…digital forensics analyst is not a magician.

So people, please be cautious...don't be greedy and follow your lust. And to those who are aware on this issue…advice your family members because the internet scams look so professional. It helps!

For background story, please read this link. http://thestar.com.my/news/story.asp?file=/2011/11/22/nation/20111122183253&sec=nation

Friday, 16 December 2011

Mobile Phone Based Cases – The Death of Digital Forensics

Mobile phone based cases are increasing every each year not only in Malaysia but also in other countries such as in Australia and the USA. This trend could be a basis for a lot of research done in this field [1]. The analysis is tricky because mobile phones are manufactured proprietary (segregated and secured data area) in nature and this will hamper digital forensics analysis altogether.

The production of a new mobile phone model is fast. There would be a new mobile phone model in an average of six months whereas the development of mobile phone forensics tools is always lagging behind. This has created a huge challenge in digital forensics and some said could be the death of digital forensics because the analysis is almost impossible to be conducted (cloud computing is another issue).

National Institute of Standards and Technology (NIST) in the Unites States of America has tested several computer and mobile phone forensics software [2, 3]. The aim is to provide some kind of assurance of the software performance. There is a necessity to observe the standard of the mobile phone forensics software because the analysis is extremely technical. The standard is to ensure the analysis output is comprehensive and trustable; must be forensically sound.

The mobile phone forensics software available in the market does not provide a total solution. The researchers are putting interest to manually analyze (sometimes reverse engineering) the mobile phone [4]. They have gone into hardware analysis (hardware forensics) and this has given some new dimensions of the research field. It has given some hope for the practitioners as well because they are able to follow the proven methodology [5].

What about iPhone 4s? mmmmm…..

[1] K.Jonkers. “The forensic use of mobile phone flasher boxes.” The Journal Digital Investigation, 2010.
[2] “Test Environment and Procedures for Testing EnCase 3.20.” The National Institute of Standards and Technology, 2004.
[3] W.Jansen and R.Ayers. “Cell Phone Forensic Tools: An Overview and Analysis.” The National Institute of Standards and Technology Special Publication, 104 pages, 2007.
[4] B.Mellars. “Forensic examination of mobile phones.” The Journal of Digital Investigation, pp.266-272, 2004.
[5] S.Y.Willassen, Norwegian University of Science and Technology. Forensic analysis of mobile phone internal memory. Internet: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.101.6742&rep=rep1&type=pdf, [Feb. 12, 2011].

Tuesday, 13 December 2011

Google Rocks

We have lost Steve Jobs and people mourn on his death till now. But we still have living geniuses around. They are Sergey and Larry (you must watch their data center security video below).

To start with, I can’t just imagine life without Google. Sergey and Larry did so much for us in the ICT revolution. With YouTube…you can watch some of the best lectures by Professors from MIT, industry experts, tech talks and etc.

I want to share a book on them titled Google Speaks, Secrets of the World’s Greatest Entrepreneurs, Segey Brin and Larry Page (you should read it). With this information, you could at least get some ideas on how they are brought up-the knowledge, family relationships and the process of Google success that matter most.


INTRODUCTION.
THE GOOGLE GUYS.
Sergey Brin.
Russian Roots.
American Passage.
Educating Sergey.
The Road to Stanford and many more…

ADULT SUPERVISION.
The Collective Wisdom of Silicon Valley.
He’s Been the Rock; They’ve Been the Rockets.
A Man of Influence and many more…

IN THE BEGINNING.
The Ultimate Search Engine.
Not Inventing, but Improving Upon.
Look Around You for Inspiration and many more...

GOOGLE BY ANY OTHER NAME.
A Blessed Blunder.
From Noun to Verb.
Playing with the Name and many more…

A COMPANY IS BORN.
Yahoo! Drew the Map.
The Requisite Garage.
The Venture Capitalists.
The Elusive Business Plan and many more…

GOING PUBLIC.
“We’re Different”.
The Dutch Auction.
Buffett on Google and many more...

THE VISION.
Make It Useful.
The Many Ways to Google.
Make It Big and many more...

GOOGLE CULTURE.
New Management Style.
Ten Things Google Has Found to Be True.
Riding the Long Tail and many more…

GOOGLE GROWS UP.
Conflicts and Controversy.
Click Fraud.
Avoiding—or Not Avoiding—Pornography and many more...

GOOD CITIZEN GOOGLE.
Google.org—the Philanthropic Part.
Google and the Environment.
Renewable Energy Less than Coal and many more...

GOOGLE’S FUTURE.
Artificial Intelligence.
Onward to Web 3.0.
Cloud Computing.
YouTube and many more...

THE DOMINANT POWER IN THE INDUSTRY?
Google, Microsoft, and the Internet Civil War.
The Battle of Yahoo!
Gates on Google and many more...

CONCLUSION.
Lessons from Larry and Sergey.
The Traits of Those Who Change the World.
Timeline and many more good information...

To end this, I would like to share on their Google data center security. It is really awesome.
- Physical security
- Protection of the data
- Reliability of operations...the best part is how they manage their hard disk…


Another ICT legend.

Saturday, 10 December 2011

Hacking Arduino - 10 years ago

10 years ago...I was really3 interested in embedded.

C programming, assembly and what not.

Of course it wasn't Arduino...

I had designed my own simple embedded circuit and was capable of doing what Arduino does today.

The MCU is the most important component.

Isn't it funny?

However mine is without USB...
but it was 10 years ago...

Hacking Arduino - 2011

Learning from my son A-AIM on how to hack ARDUINO!!!

Hardware hacking...

This is a gud hobby for your children...

http://www.arduino.cc/

RM1mil lost to online lover


http://thestar.com.my/news/story.asp?file=/2011/12/10/nation/10070014&sec=nation

This kind of case is not new...but still happening despite of all the awareness campaigns...

I'm quite sad...

Should we blame technology?

IT folk upset over draft Bill


The effort in getting a certification is almost the same with academic qualification. Of course the latter is going to take longer time and better than a certification. And, with both, you are more recognized for your knowledge in the field and certainly good for those working in the CNII sectors.

It depends to which certification you intend to obtain and some are quite difficult to attain. Nevertheless, in today’s world you will need both to gain reputation in the industry and academia.

Some background information, please read this.
Isn’t that innovation will come in one way or another? Is certification an issue? There are so many variables…to consider when innovation is concerned.

Thursday, 8 December 2011

ILOVEYOU


Some say it is the deadliest...once had an experience with computer virus...really3 annoying!

http://www.youtube.com/watch?v=9BtxDdq5dwc&feature=related

http://en.wikipedia.org/wiki/ILOVEYOU




Tuesday, 6 December 2011

Ten Information Warfare Trends

Knapp et al. [1] wrote on the cyber warfare trends. He said society is relying on the IT and exposed to diversity of potential attacks. This notation is true and his research work proposed an information warfare framework that contains the ten trends to promote a greater understanding of the growing cyber threat facing the commercial environment.

Information Warfare Characteristic
1. Computer related security incidents reported to CERT/CC - incidents increase yearly
2. Entry barriers for cyber attackers - at present low barrier
3. Forms of cyber-weapons - high availability
4. Nations with information warfare programs - most probably more than 30 nations
5. Economic dependency on information infrastructures - heavy dependency
6. Primary target in information conflicts - increasingly private targets
7. Cyber technology use in perception management - ubiquitous, global multi-media
8. Cyber technology use in corporate espionage - substantial & increasing
9. Cyber technology use in organized crime - substantial & increasing
10. Cyber technology use against individuals & small businesses - substantial & increasing

From the above facts, this is really alarming even though we have put some much effort in mitigating it.

Through my research…I found that we are so vulnerable!
There are so many incidences that I could cite…and there is no instance the trend is going to decrease.

[1] K.J.Knapp and W.R.Boulton. “Ten Information Warfare Trends,” in Cyber Warfare and Cyber Terrorism, L.J.Janczewski and M. Colarik, Hershey, PA: Information Science Reference, 2008, pp. 17-25.

Thursday, 1 December 2011

Cyberwar and 007

Are we ready?

Read this simple article
http://www.howstuffworks.com/cyberwar2.htm/printable

and ask yourself...

Wednesday, 30 November 2011

CNII Forensics

The promotion of IT security must be at national and international level. This promotion can be built-in the Critical National Information Infrastructure (CNII) program. The program can combine the initiative at the level of organization, national and international cooperation.

The CNII program is tedious but indispensable. A lot of coordination must be executed and collaboration among the stakeholders must be improved. The awareness campaign and cyber drill are an admirable kick off with the intention more people are concerned of the complications and disastrous impact.

Jennex [1] wrote on incident response. The author said the guideline must be devised in any organization because incidence is unpredicted. The organization business has to resume and crisis management has to be effective.

In addition on the above, digital forensics has become more prevalent and must be part of the incident response. In fact, Gavin Reid, leader of the Computer Security Incident Response Team at Cisco Systems has mentioned digital forensics and also malware forensics are two of the critical skills in incident response. This is to investigate the root cause of the incident and with malware forensics capability; reverse engineering can be conducted in order to determine the hazard. E.g. Stuxnet…some of the capabilities are as follows.

• Spreads through network and removable media
• Infects Windows systems by installing rootkit
• Using special process to avoid detection
• Targets Siemens WinCC Scada
• Injects command on PLC and the best part is; self removeable, hidden, reinfect and capable of communicating with peer

As such, during this semester break, I’ll be quite busy doing some research on CNII in Australia perspective and how we can apply digital forensics in the incident response. Most probably there will be 7 parts altogether. I will break it down as follows.

1. The correct CNII description (most people talked about Scada security and this nomenclature might be inaccurate), standards, regulations and perspective according to country i.e. Australia.
2. Study on industrial network incidents, perhaps according to country experience. Malaysia can be included, e.g. recent Empire shopping complex gas leakage explosion.
3. Study on core networks and protocols, e.g. Modbus, ICCP, DNP3 and etc.
4. The control electronics and operational parts, i.e. IED, RTU, PLC and etc.
5. Study on the above 3 & 4 weaknesses, hacking, threat, anomaly and etc.
6. Security strategy, e.g. network design deployment, segregation, monitoring and cyber drill.
7. Last but not least CNII forensics (network forensics) including malware forensics to reveal the outcome of the investigation of an incident.

[1] M.E.Jennex. “A Model for Emergency Response Systems,” in Cyber Warfare and Cyber Terrorism, L.J.Janczewski and M.Colarik, Hershey, PA: Information Science Reference, 2008, pp. 383-389.

Thursday, 24 November 2011

Malaysia CNII Program

Today, CNII or Critical National Information Infrastructure is the buzzword or important subject in information security. Many countries are putting a lot of effort to beef up their capabilities to react to such catastrophe. The probability is high that the general public is unaware the repercussion of cyber attacks.


Malaysia is not left behind and continuously putting an effort to plan and mitigate this kind of incident.

My Court Experience as Expert Witness

Senior cop’s phones probed
By CECIL FUNG

SHAH ALAM: Two cellphones belonging to a senior police officer had their contents extracted for investigations in the Altantuya Shaariibuu case.

CyberSecurity Malaysia digital forensics department head Aswami Fadillah Mohd Ariffin told a High Court here that the phones belonged to Deputy Supt Musa Mohd Safri.

Asmawi: Said he had been correlating the extracted data from all the cellphones to the details from phone logs provided by Maxis, Celcom and DiGi for Oct 17 to 21 last year
He said police also handed to him the cellphones of private investigator P. Balasubramaniam, his assistant K. Suras Kumar, Abdul Razak Baginda, Kpl Sirul Azhar Umar, C/Insp Azilah Hadri and his ex-girlfriend L/Kpl Rohaniza Roslan, as well as a SIM card that belonged to the deceased.

He said at least one call was made from C/Insp Azilah’s cellphone to one of DSP Musa’s phones.

This came up when DPP Tun Abd Majid Tun Hamzah asked the witness to confirm the call from a phone log that carried the two phone numbers.

Aswami said he extracted the data from the phones and SIM cards using software like SIMCon Version 1.1, Oxygen Phone Manager and Mobile Edit.

Although no exact date was mentioned in court for the call, he said he had been correlating the extracted data from all the cellphones to the details from phone logs provided by Maxis, Celcom and DiGi for Oct 17 to 21 last year.

This act of correlating, he said, was done by matching the dates and times of the extracted data from the phones to the details from the phone logs.

Aswami, 36, said he also took several shots showing SMS messages on DSP Musa’s Nokia 7610 phone after he discovered that the dates and times on the extracted data turned out to be different from those displayed on the phone itself.

“This is due to a software bug. That’s why I double checked this using two other tools,” he said on Day 58 of the murder trial.

Aswami maintained that the dates displayed on the phone were the correct ones, which matched the details in the phone logs from the service providers.

Asked about two other SIM cards and two laptops that the police had handed over to him for the same purpose, the witness replied that he did not find anything of relevance from them.

The trial continues on Monday.
_________________________________________________________________________________

ARKIB : 14/11/2007

Penyiasat persendirian terima SMS Razak, Altantuya

Oleh AMIRUDDIN HARUN dan NOOR AZMAH IBRAHIM

SHAH ALAM 13 Nov. – Pemadanan data yang dilakukan terhadap telefon bimbit milik penyiasat persendirian, P. Balasubramaniam menunjukkan bahawa dia ada membuat atau menerima panggilan telefon serta khidmat pesanan ringkas (SMS) dengan Abdul Razak Abdullah Baginda dan Altantuya Shaariibuu sekitar Oktober tahun lalu.

Ketua Jabatan Digital Forensik Cybersecurity Malaysia, Aswami Fadillah Mohd. Ariffin, 36, memberitahu Mahkamah Tinggi di sini hari ini, pemadanan data dilakukan olehnya terhadap telefon bimbit jenis Nokia 6600 bernombor 012 2409311 milik Subramaniam yang diserahkan oleh pihak polis kepadanya.

Beliau berkata, pemadanan dilakukan dengan berpandukan kepada data-data yang diperoleh daripada telefon bimbit itu dan log (rekod transaksi panggilan suara dan SMS) nombor telefon itu dengan dua buah telefon bimbit dan tiga nombor telefon bimbit 012 2132303, 012 3916082 (kedua-dua milik Abdul Razak) serta 017 3992411 (milik Altantuya) yang dihubungi melalui panggilan suara atau SMS.

Balasubramaniam yang merupakan penyiasat persendirian yang diupah oleh Abdul Razak adalah saksi pendakwa pertama pada perbicaraan kes bunuh wanita Mongolia itu.

Menjelaskan proses pemadanan data yang dilakukannya, juruanalisis itu menyatakan, maklumat mengenai nombor-nombor telefon itu dan nama pemiliknya diperoleh daripada pihak polis dan syarikat penyedia perkhidmatan telekomunikasi, Maxis Communications Bhd. (Maxis).

Menurut Aswami, pemadanan data yang dibuat melibatkan panggilan suara (yang dihantar dan diterima) dan SMS (yang dihantar dan diterima) pada rekod transaksi di telefon bimbit dan rekod transaksi yang dibekalkan oleh Maxis.

Data-data tersebut dimasukkan ke dalam laporannya bagi nombor telefon bimbit terbabit termasuk jenis telefon dan nama pemilik, yang mengandungi enam kolum A hingga F terdiri daripada panggilan keluar, SMS keluar, turutan daripada SMS keluar, panggilan yang diterima, SMS yang diterima dan turutan SMS yang diterima.

Kata beliau, bagi memadankan panggilan yang dilakukan oleh nombor telefon 9311 (mengambil empat digit akhir nombor telefon bimbit Balasubramaniam), beliau perlu melihat log nombor telefon yang dihubungi pada masa dan tarikh yang sama.

Misalnya, kata Aswami, pada waktu 12:25:54, pemilik nombor telefon 9311 telah membuat panggilan telefon ke nombor telefon 012-2132303 (milik Abdul Razak).

“Untuk tujuan pemadanan, saya memerlukan pula log 2303 (empat digit akhir nombor telefon Abdul Razak itu) pada masa dan tarikh panggilan diterima (yang dibekalkan Maxis), di samping log pada telefon bimbit 2303 itu sendiri (yang diterima daripada pihak polis),” ujarnya.

Bagi nombor telefon 017-3992411, kata saksi pendakwa ke-52 itu, tiada telefon bimbit diserahkan tetapi pemadanan dilakukan berdasarkan log yang diperoleh daripada Maxis.

“Ini bermakna pemadanan masih boleh dilakukan berpandukan rekod transaksi daripada syarikat tersebut walaupun tiada telefon bimbit diperoleh, " katanya.

Aswami memberi keterangan demikian semasa disoal dalam pemeriksaan utama oleh Timbalan Pendakwa Raya, Tun Abdul Majid Tun Hamzah pada perbicaraan kes bunuh Altantuya, 28, di hadapan Hakim Datuk Mohd. Zaki Md. Yasin.

Perbicaraan masuk hari ke-58 hari ini.

Dalam kes itu, Cif Inspektor Azilah Hadri, 31, dan Koperal Sirul Azhar Umar, 35, didakwa membunuh wanita Mongolia itu di antara Lot 12843 dan Lot 16735 Mukim Bukit Raja dekat sini antara pukul 10 malam 19 Oktober dan 1 pagi 20 Oktober tahun lalu.

Kedua-dua tertuduh dibicara bersama penganalisis politik, Abdul Razak yang didakwa bersubahat dengan mereka melakukan pembunuhan tersebut di pejabatnya di Tingkat 10, Bangunan Getah Asli, Jalan Ampang, Kuala Lumpur antara pukul 9.45 pagi dan 10.05 pagi pada 18 Oktober tahun lalu.

Berhubung terdapat kolum panggilan telefon atau SMS yang ditulis ‘Data’ tidak ditemui dalam laporannya, Aswami menjelaskan, ia berlaku kerana mungkin data tersebut telah dipadamkan oleh pengguna pada telefon bimbit, data baru dimasukkan di ruangan data lama akibat ruang telah penuh, atau ‘di telefon bimbit lain yang tidak berkenaan’.

Ditanya oleh Tun Abdul Majid apa maksud beliau ‘di telefon bimbit lain yang tidak berkenaan’, jelas Aswami, kemungkinan satu kad SIM (Modul Pengenalan Pelanggan) digunakan untuk dua telefon bimbit yang berbeza.

Tun Abdul Majid: “Jadi, data yang diperoleh dari mana?"

Aswami: “Untuk model terkini, data disimpan pada memori telefon contohnya flash memory. Bagi model lama, selalunya disimpan pada kad SIM kerana telefon bimbit tiada memori.”

Selain telefon bimbit Balasubramaniam, saksi tersebut menyatakan, beliau juga membuat pemadanan rekod transaksi dua buah telefon bimbit jenis Nokia N80 dan Nokia 2100 milik Lans Koperal Rohaniza Roslan, Nokia 3230 milik Sirul Azhar, Nokia 6680 milik Azilah dan Nokia 6680 kepunyaan seorang lagi penyiasat persendirian, K. Suras Kumar.

Turut dibuat pemadanan ialah dua buah telefon bimbit jenis Nokia 6020 dan Nokia 7610 milik Deputi Supritendan Musa Mohd. Safri dan tiga buah telefon bimbit milik Abdul Razak (Palm Treo 650 & 750 dan dua buah telefon bimbit masing-masing jenis Nokia 6280), katanya.

Ketika mengemukakan keterangannya itu, Aswami turut membacakan setiap nombor telefon bimbit tersebut kepada mahkamah.

“Bagi nombor telefon 017-3992411, tidak ada telefon bimbit diberikan. Saya dimaklumkan nombor ini milik mangsa,” katanya.

Perbicaraan bersambung Isnin ini.
_________________________________________________________________________________

ARKIB : 20/11/2007

Aswami: Razak telefon penyiasat

Oleh AMIRUDDIN HARUN dan NORAZLITA MOHD. SIES


SHAH ALAM 19 Nov. – Ketua Jabatan Digital Forensik Cybersecurity Malaysia hari ini mengemukakan rekod transaksi telefon bimbit antara Abdul Razak Abdullah Baginda, penyiasat persendirian, P. Balasubramaniam dan pembantunya, K. Suras Kumar, tiga hari sebelum wanita Mongolia, Altantuya Shaariibuu dilaporkan hilang.

Ketua Jabatan Digital Forensik itu, Aswami Fadillah Mohd. Ariffin, 36, memberitahu Mahkamah Tinggi di sini hari ini, mereka berkomunikasi menerusi panggilan suara berdasarkan daftar panggilan yang diterima dan panggilan keluar yang berjaya diekstrak daripada nombor telefon yang diberikan.

“Rekod bagi nombor Abdul Razak iaitu 0129042042 mencatatkan panggilan keluar dan masuk serta rekod khidmat pesanan ringkas (SMS) yang dihantar juga ada tetapi tiada rekod penerimaan SMS.

“Telefon bimbit Nokia 6280 bernombor 0123916082 juga milik Abdul Razak pula berbeza. Ini kerana tiada panggilan masuk bagi nombor tersebut dan yang ada hanyalah panggilan yang dibuat,” kata Aswami sambil beliau meneliti dokumen yang kini menjadi bahan bukti pihak pendakwaan.

Begitu juga dengan telefon bimbit Nokia 6600 bernombor 0122409311 yang direkodkan milik Balasubramaniam, kata Aswami, juga ada merekodkan panggilan masuk dan keluar.

Bagi telefon bimbit bernombor 0169939423 milik Suras Kumar (Suras) telah berkomunikasi melalui panggilan masuk dan keluar serta menghantar SMS tetapi tiada sebarang rekod penerimaan SMS tertera, ujar beliau ketika menjawab soalan Timbalan Pendakwa Raya, Tun Abdul Majid Tun Hamzah.

Pendakwaan turut mengemukakan satu sampul surat berlabel Musa Mohd. Safri (G-9466) yang mengandungi telefon bimbit Nokia 7610 dan Nokia 6020. Musa seorang pegawai kanan polis berpangkat Deputi Supritendan (DSP).

Aswami turut mengesahkan bahawa daftar log yang dikemukakan di mahkamah merekodkan dan mencakupi keseluruhan transaksi bagi tarikh 17 hingga 19 Oktober 2006 seperti yang diarahkan.

“Pegawai penyiasat memberikan nombor telefon bimbit dan mengarahkan supaya saya mengenal pasti transaksi (komunikasi) antara mereka,” katanya.

Saksi menambah, beliau juga pernah berhadapan dengan data yang diberikan oleh syarikat penyedia perkhidmatan telekomunikasi, tidak lengkap.

Diminta supaya menerangkan lebih lanjut apa yang dimaksudkan olehnya, Aswami memberikan contoh, misalnya nombor prabayar yang tidak mempunyai rekod panggilan masuk.

Oleh itu, menurut Aswami, beliau akan membuat pertanyaan kepada syarikat penyedia perkhidmatan berhubung rekod tersebut.

Aswami sekali lagi menegaskan bahawa rekod transaksi bagi tarikh 17 hingga 19 Oktober 2006 adalah lengkap.

Beliau ialah saksi pendakwa ke-52 memberikan keterangan pada perbicaraan kes bunuh Altantuya Shaariibuu, 28, yang masuk hari ke-59 hari ini. Perbicaraan didengar di hadapan Hakim Datuk Mohd. Zaki Md. Yasin.

Dalam kes itu, Cif Inspektor Azilah Hadri, 31, dan Koperal Sirul Azhar Umar, 35, didakwa membunuh wanita Mongolia itu di antara Lot 12843 dan Lot 16735 Mukim Bukit Raja dekat sini antara pukul 10 malam 19 Oktober dan 1 pagi 20 Oktober tahun lalu.

Kedua-dua tertuduh dibicara bersama penganalisis politik, Abdul Razak yang didakwa bersubahat dengan mereka melakukan pembunuhan tersebut di pejabatnya di Tingkat 10, Bangunan Getah Asli, Jalan Ampang, Kuala Lumpur antara pukul 9.45 pagi dan 10.05 pagi pada 18 Oktober tahun lalu.

Ketika saksi memberikan keterangan, ketiga-tiga tertuduh mendengar dengan teliti di samping membuat catatan dalam buku nota masing-masing.

Perbicaraan bersambung esok.
_________________________________________________________________________________

KUALA LUMPUR, Oct 29 (Bernama) -- Information from the Anti-Corruption Agency (ACA) and two digital forensic experts will form the basis of the report to be prepared by a panel set up to determine the authenticity of a video clip allegedly showing a lawyer brokering judicial appointments over the telephone.

This was disclosed by Tan Sri Haidar Mohd Noor, chairman of the three-member panel, at a news conference today. The other panel members are National Service Training Council Chairman Tan Sri Lee Lam Thye and former Court of Appeal Judge Datuk Mahadev Shankar.

"So far, no one has come forward to give information," he said after the panel met to gather information from two digital forensic experts from Cyber Security Sdn Bhd.

One of the experts was Aswami Fadilah Mohd Ariffin, chief of digital forensic of the company.

"The panel is almost ready to hand over the report to the government on Nov 9. The government will determine whether to make the report public," he said at the news conference held at the head office of the Human Rights Commission of Malaysia (Suhakam), here.

The eight-minute video clip was recorded four years ago and was put up on the Internet recently. It shows a lawyer brokering the appointment of judges in the year 2002.

Asked about the presence of Inspector-General of Police Tan Sri Musa Hassan and ACA Deputy Director-General I Datuk Abu Kassim Mohamed at the meeting, Haidar said they were there as observers and also to watch the video clip.

-- BERNAMA
_______________________________________________________________________________

BERITA
Selasa Oktober 30, 2007
Klip video: Panel bebas serah laporan lengkap 9 November ini

KUALA LUMPUR: Panel Bebas Khas akan menyerahkan laporan lengkap kepada kerajaan 9 November ini, mengenai siasatan kesahihan klip video memaparkan visual perbualan telefon seorang peguam terkenal kononnya dengan seorang hakim kanan mengenai pelantikan hakim pada 2002.

Panel tiga anggota itu, yang bersidang kali kedua hari ini, sudah membuat rumusan selepas mendengar keterangan dua pakar dari Cyber Security Sdn Bhd dan Badan Pencegah Rasuah (BPR).

Pengerusi panel Tan Sri Haidar Mohd Noor berkata sehingga ini tiada saksi lain tampil untuk memberi keterangan atau menerima keterangan dari manamana pihak.

"Kita hanya memberi pandangan sahaja. Laporan lengkap itu nanti berdasarkan maklumat daripada BPR dan dua pakar tersebut," katanya pada sidang akhbar selepas mesyuarat di ibu pejabat Suruhanjaya Hak Asasi Manusia (Suhakam) di sini.

Panel itu, yang turut dianggotai aktivis sosial Tan Sri Lee Lam Thye dan bekas Hakim Mahkamah Rayuan Datuk Mahadev Shankar, hari ini mendengar keterangan daripada Ketua Digital Forensik syarikat itu, Aswami Fadilah Mohd Ariffin.

"Terpulang kepada kerajaan untuk mengumumkan hasil siasatan kami kepada umum," kata Haidar, yang juga bekas Hakim Besar Malaya.

Pada 27 Sept lepas, kerajaan menubuhkan panel bebas khas itu untuk menjalankan siasatan terhadap kesahihan klip video berkenaan.

Panel itu diberi tempoh 30 hari bekerja, mulai tarikh pengeluaran surat pelantikan anggotanya 27 September lepas, untuk menyiapkan siasatan dan mengadakan mesyuarat pertama 3 Oktober lepas.

Ditanya mengenai kehadiran Ketua Polis Negara Tan Sri Musa Hassan dan Timbalan Ketua Pengarah I BPR Datuk Abu Kassim Mohamed dalam mesyuarat hari ini, Haidar berkata mereka hanya datang sebagai pemerhati serta menyaksikan klip video itu.

Menyentuh kehadiran anggota parti Keadilan Nasional (Keadilan) ke pejabat Suhakam pagi tadi, beliau berkata mereka datang hanya untuk menyerahkan memorandum sahaja.
Beliau bagaimanapun enggan mengulas lanjut mengenai kandungan memorandum itu. BERNAMA
________________________________________________________________________________

ARKIB : 13/11/2007

13 telefon bimbit, kad SIM, komputer diambil data

SHAH ALAM 12 Nov. – Mahkamah Tinggi di sini hari ini diberitahu pihak polis telah menyerahkan 13 unit telefon bimbit, dua kad SIM (Modul Pengenalan Pelanggan) dan dua komputer riba kepada Jabatan Digital Forensik Cyber Security Malaysia untuk diekstrak datanya dan bukan bagi tujuan analisis.

Ketua jabatan itu, Aswami Fadillah Mohd. Ariffin berkata, telefon bimbit pertama jenis Nokia model 6280 bernombor siri 357926008217932 diterimanya pada 9 November tahun lalu daripada Deputi Supritendan Abdul Aziz Ahmad.

Menurut beliau, selepas pengekstrakan data dilakukan oleh juruanalisis, Razana Md. Salleh, telefon itu telah dipulangkan semula kepada Abdul Aziz pada pukul 2.45 petang, hari yang sama.

Aswami, 36, menambah pada 22 November 2006, seorang lagi pegawai polis, Supritendan Shukri Abdullah telah meminta bantuannya bagi mendapatkan data daripada 11 telefon bimbit termasuk yang diserahkan pada 9 November 2006, dua kad SIM dan dua komputer riba.

Menurutnya, bahan-bahan bukti itu diterima oleh beliau tetapi borang permintaan diisi oleh Razana dan mereka kemudiannya telah membuat pemeriksaan ke atas kesemua barang tersebut.

Saksi pendakwa ke-52 itu yang memberi keterangan dalam perbicaraan kes bunuh wanita Mongolia, Altantuya Shaaribuu kemudian diminta oleh Timbalan Pendakwa Raya, Tun Abdul Majid Tun Hamzah semasa disoal dalam pemeriksaan utama supaya melihat item pertama iaitu telefon bimbit jenis Nokia 6680 yang mempunyai nombor siri 358358000995498.

Walaupun telefon bimbit di hadapannya tidak mengandungi kad SIM, Aswami melalui catatan rekodnya membacakan nombor kad SIM telefon bimbit tersebut iaitu 502193200040797.

Bagaimanapun apabila diserahkan kad SIM (P66) yang sepatutnya terkandung dalam telefon bimbit itu, nombor siri kad tersebut yang tertera adalah berbeza iaitu 896019050877072879 256-H1WM.

Nombor siri ini, katanya, adalah nombor IMSI yang dibacanya menggunakan alat (tool) sim-con versi 1.1.

Tun Abdul Majid: “Bagaimana untuk tahu jika kad ini adalah sama dengan nombor yang kamu sebut 502193200040797?”

Aswami: “Apa yang kami selalu buat adalah membaca nombor IMSI yang unik kepada kad itu. Kaedahnya menggunakan tool (alat) yang bernama sim-con yang di ‘install’ (diprogram) pada komputer dan dibaca menggunakan slot kad SIM bersama alat yang dinyatakan tadi.”

Jelas beliau lagi, kad SIM (P66) tidak boleh dibaca pada masa ini kerana ia perlu menggunakan komputer.

Berikutan itu, Tun Abdul Majid telah memohon supaya saksi tersebut membawa komputernya ke mahkamah esok bagi pengesahan nombor siri kad SIM itu dan 12 kad SIM yang lain.

Dalam keterangannya, Aswami turut menyatakan kesemua barang-barang bukti itu telah diserahkan oleh Razana kepada Shukri pada 30 November tahun lalu.

Namun begitu, pada 4 Disember tahun yang sama, kesemua 15 barang itu dan dua lagi telefon bimbit jenis Nokia 6600 dan Nokia 3230 telah diserahkan semula kepadanya.

Kali ini, jelas beliau, 15 item yang terdahulu tidak lagi dibuat pengekstrakan data kerana ia mempunyai nombor rujukan yang sama tetapi pengekstrakan dibuat pada dua telefon bimbit baru tersebut.

“Kesemua barang-barang tersebut kemudiannya diserahkan semula kepada pegawai penyiasat Asisten Supritendan Tonny Lunggan pada 11 Mei lalu,” ujar beliau.

Tun Abdul Majid kemudian bertanya mengenai tanda pemotongan pada catatan telefon bimbit jenis Nokia 7610 bagi tujuan penyiasatan lanjut seperti yang terdapat pada borang penyerahan semula barang-barang kepada Tonny.

Aswami menjelaskan catatan itu ditandakan kerana terdapat perbezaan pada tarikh di dalam telefon bimbit itu dan tarikh apabila data diekstrak.

Ini bermakna, katanya, telefon bimbit itu tidak dipulangkan pada tarikh tersebut kerana apabila terdapat perbezaan, beliau bersama Razana telah menggunakan kaedah screen shot (setiap kandungan data diambil menggunakan kamera digital).

Jelas beliau, kaedah screen shot ini juga bukan satu analisis tetapi hanya perbuatan mekanikal.

Barang-barang bukti tersebut, katanya, bagaimanapun telah diserahkan semula kepadanya pada 18 Mei tahun ini sebelum kaedah ‘screen shot’ dibuat pada 21 Mei lalu bagi tujuan pemetaan (co-relation) data yang telah diekstrak dengan log daripada syarikat penyedia perkhidmatan komunikasi.

Katanya, ia bertujuan mengenal pasti sama ada tarikh dan masa khidmat pesanan ringkas (SMS) yang terkandung dalam telefon bimbit tersebut selaras dengan log syarikat komunikasi terbabit.
_________________________________________________________________________________

KOSMO

Mampu kesan penipu

http://kosmo.com.my/kosmo/content.asp?y=2008&dt=1013&pub=Kosmo&sec=Negara&pg=ne_07.htm


PAKAR komputer menasihatkan orang ramai supaya tidak mudah memberikan maklumat diri serta lokasi di ruang sembang internet bagi mengelak ditipu. – Gambar hiasan

KUALA LUMPUR – Sesiapa yang menipu di ruang sembang internet bukan sahaja boleh dikesan tetapi juga didakwa di bawah Seksyen 420 Kanun Keseksaan dengan penjara maksimum 10 tahun dengan sebatan serta denda.

Menurut Ketua Forensik Digital, CyberSecurity Malaysia, Aswami Fadillah Mohd. Ariffin, kepakaran forensik siber sememangnya boleh digunakan bagi mengesan individu yang terlibat.

“Mengikut prosedur biasa, mangsa akan membuat laporan kepada polis dan kemudian dirujuk kepada kami bagi tujuan siasatan siber.

“Siasatan yang berbentuk teknikal akan dilakukan dan jika komputer yang digunakan adalah milik peribadi, identiti dapat dikesan dengan mudah tapi jika di kafe siber, siasatan menjadi sedikit sukar,” katanya.

Beliau berkata demikian sebagai merujuk pendedahan Kosmo! Jumaat lalu berhubung tiga individu di Terengganu yang ditipu dalam ruangan sembang internet sehingga mengalami kerugian keseluruhannya berjumlah hampir RM25,000.

Modus operandi sindiket yang menggunakan umpan wanita jelita itu hanya bermula dengan sembang biasa namun berjaya mempengaruhi mangsa dengan meminta memasukkan sejumlah wang kononnya membayar cukai Kastam dan lain-lain.

Bagaimanapun kata beliau, siasatan sukar dilakukan jika individu yang menipu itu menggunakan Internet Protokol (IP) luar negara.

“Ini semua ada kaitan dengan amalan perundangan yang berbeza tapi dalam hal ini pihak kita akan memohon kerjasama polis,” katanya.

Dalam pada itu, Ketua Pegawai Eksekutif CyberSecurity, Leftenan Kolonel (B) Husin Jazri menasihatkan pengguna supaya jangan memberikan maklumat peribadi serta pilih nama samaran tanpa jantina semasa berbual di internet.
_________________________________________________________________________________

02/11/2007

Klip video: Panel bebas kemuka pendapat Isnin ini

KUALA LUMPUR 1 Nov. – Panel bebas khas akan bermesyuarat Isnin ini bagi membentangkan pendapat ahli-ahlinya sebelum membuat keputusan muktamad mengenai ketulenan rakaman klip video perbualan seorang peguam kanan dan seorang hakim.

Ketua panel, Tan Sri Haidar Mohd. Noor berkata, beliau dan dua ahli panel iaitu aktivis sosial, Tan Sri Lee Lam Thye dan bekas Hakim Mahkamah Rayuan, Datuk Mahadev Shankar sedang menyediakan pandangan masing-masing berdasarkan laporan dua pakar tempatan yang mengkaji ketulenan rakaman video itu.

Beliau yang juga bekas Hakim Besar Malaya berkata, pada pertemuan tersebut, ketiga-tiga ahli panel akan membanding-bandingkan pendapat mereka untuk mencapai kata sepakat bagi membolehkan laporan disediakan dan diserahkan kepada kerajaan sebelum 9 November ini.

Ketika ditanya mengenai pendapat yang dijangka dikemukakan, Haidar menjelaskan, panel perlu berpuas hati dengan pendapat ahli-ahlinya sebelum membuat keputusan sama ada rakaman klip video yang telah disunting itu tulen atau palsu.

Sewaktu diminta kepastian mengenai lokasi mesyuarat, beliau berkata, ia diadakan di tempat lain bukan seperti kebiasaan di pejabat Suruhanjaya Hak Asasi Manusia (Suhakam) di Menara Tun Razak di sini.

Sehubungan itu, beliau menolak laporan sebuah stesen televisyen tempatan semalam yang membayangkan seolah-olah panel tersebut sudah membuat keputusannya.

‘‘Belum ada apa-apa keputusan. Mesyuarat Isnin ini kami akan mencapai kata sepakat sama ada secara majoriti atau sebulat suara mengenai kesahihan klip video itu.

‘‘Keputusan tersebut tidak akan dicapai pada hari yang sama, mungkin sedikit masa lagi sebelum tarikh mati penyerahan laporan kepada kerajaan pada 9 November ini,’’ ujar beliau ketika dihubungi Utusan Malaysia di sini hari ini.

Haidar ditanya hasil keputusan panel terhadap laporan dua pakar tempatan yang dilantik oleh Badan Pencegah Rasuah (BPR) untuk mengkaji ketulenan rakaman klip video selama lapan minit itu.

Mesyuarat panel pada 29 Oktober lalu menerima laporan dua pakar tempatan daripada syarikat Cyber Security diketuai oleh Ketua Forensik Digital, Aswami Fadillah Mohd. Ariffin bagi membantu panel melengkapkan laporan berhubung ketulenan rakaman itu.

Menurut Haidar, panel turut membuat keputusan untuk tidak akan melayan mana-mana pihak yang tampil memberi maklumat mengenai ketulenan klip video tersebut kerana pihaknya sudah memberi tempoh yang mencukupi untuk mereka berbuat demikian.

Beliau berkata, pihaknya mempunyai masa yang terhad untuk menjalankan tugas dan menyediakan pandangan kepada kerajaan iaitu selama 30 hari bekerja selepas ahli-ahli panel menerima surat pelantikan pada 27 September lalu.

Wednesday, 23 November 2011

X Maya 4


Malaysia CNII cyber exercise = Cyber Storm...
Very important program to assess on your resiliency...readiness...etc...
You'll never know...when you are going to be attacked...

Multimedia Forensics 2

The digital forensics scope of services has expended to include digital multimedia analysis over the past few years. The cases involving multimedia analysis is increasing. Some of the analysis is tedious. There was an exemplary paper done Bijhold et al. [1] in reviewing the research works in forensic audio and visual evidence. The review had determined a total number of six expertise fields for this type of evidence.

They are as follows.
· Audio analysis.
  Example of this field includes audio enhancement where some of the noise can be removed using 
  dedicated filters.
· Speaker identification.
  The analysis involves voice comparison and one of the notable products in the market is BATVOX.
· Video analysis.
  The video is break into frames for image enhancement. Some videos may need an analysis first to
  improve the visual using special filters and techniques.
· Facial identification.
  From the video and image enhancement, facial comparison can be analyzed and compared for 
  identification. Quintiliano et al. [2] introduced new algorithms called eigeneyes, eigenmouth and
  eigennose.
· Photogrammetry and 3D modeling.
· Forensics linguistic.

[1] J.Bijhold, A.Ruifrok, M.Jessen, Z.Geradts, S.Ehrhardt, and I.Alberink. “Forensic audio and visual evidence 2004-2007: A Review,” in 15th INTERPOL Forensic Science Symposium, Lyon, France, October 2007.
[2] P.Quintiliano and A.Rosa. “Face Recognition Applied to Computer Forensics.” The International Journal of FORENSIC COMPUTER SCIENCE, vol. 1, pp. 19-27, 2006.

It is quite interesting to know that our multimedia forensics capabilities in providing services are on par with the rest of the world.

Sunday, 20 November 2011

ASCLD/LAB-International Accreditation of CyberSecurity Malaysia Digital Forensics Laboratory

On Friday 18 November 2011, I received an email from Mr. John Nuener, ASCLD/LAB program manager regarding our laboratory accreditation. Together with his email were all the official documentations confirming our status as ASCLD/LAB-International accredited digital forensics laboratory. It was indeed good news to us after all the hard work.

http://www.ascld-lab.org/labstatus/accreditedlabs.html

However, it was not an easy task as we need to meet all the requirements from both management and technical perspectives. Altogether there were about 25 requirements and after a few years of dedication we achieve this prestigious recognition.

This would not have been possible without the undivided commitment of those people responsible in this project. They are of course the senior management of CyberSecurity Malaysia and the ever hard working of digital forensics analysts of Digital Forensics Department.

Thank you again to Mr. Ralph Keaton, Mr. John Neuner (both are great gentlemen whom I met in the US), Madam Anja Einseln (my trainer) and all in ASCLD/LAB.

Even though I’m away in Australia, I’m proud of this achievement.

Kudos guys!

Thursday, 17 November 2011

Do we need a digital forensics standard?

Why cyber crime is rising every each year and how do we solve this predicament especially those involving cross border.

What is the fundamental reason?

It could be no standardize digital forensics procedures accepted by the world. It has been a limitation in prosecuting a case involving digital evidence without a standard.

Each country has different legislative making the international standard development of digital forensics process unattainable but necessary. It will help the legal proceeding of a case between two countries if the standard available.

The digital forensics procedures in principle consist of identification, preservation, recovery, analysis and presentation of digital evidence. Slay, et al. [1] attempted to refine the principle and provided a review of the development of principles, procedures, models, guides and standards. It is to assert high quality and trustworthy foundations for the development of advice for the court and as a pointer towards a broader agenda for academic researchers.

This article was a novel piece of work because there is no standard in digital forensics process. The study by Slay including the references cited by her can be supportive documentations in the court of law.

It is timely for digital forensics and ISO communities to take charge of this matter. The technology is moving fast but not the legal/standard realm. Investigation, prosecution and combating cyber crime will be dampened.

[1] J.Slay, YC.Lin, B.Turnbull, J.Becket and P.Lin. “Towards a Formalization of Digital Forensics.” The Advances in Digital Forensics V, IFIP Advances in Information and Communication Technology, vol. 306, pp. 37, 2009.

Wednesday, 16 November 2011

Is there a possibility of Cybernuke?

Forensics has become more important in incident response. This capability is required in order to investigate the root cause of the incident. Whether it is intentionally or not!

As such, malware forensics/reverse engineering, has become so important and SANS is providing a training on it. With Stuxnet and Duqu...http://news.techworld.com/security/3317908/duqu-trojan-might-have-been-in-development-for-four-years...you better arm yourself.

(Microsoft has confirmed that the Duqu campaign exploits a vulnerability in a Windows kernel-mode driver - specifically "W32k.sys," and its TrueType font parsing engine - to gain rights on the compromised PC sufficient to install the malware.)


This is cyber warfare/weapon...next...maybe cyber nuclear...

Tuesday, 15 November 2011

R-Studio

For a start, R-Studio is a good tool for data recovery. It can also be used for forensics purpose.

If you have this tool, it will try to read the filesystem and carve the known file specification. It can be anything from an image (jpeg) to a word document file.

After sometime and your familiarization with file specification get better, WinHex can also be used to performed data recovery.

Monday, 14 November 2011

WinHex


Maybe there are many digital forensics tools out there. The most famous is EnCase. It is not fully automated though. You need to learn how to use EnCase and some of the features, of course, pretty useful. But, when you are working on a case that has big capacity storage media e.g. 1 Terabyte…it can be quite stressful…

I guess it depends to individual whether you like to use EnCase or FTK.

Like myself, I’m more convenient with WinHex…but you really need to know what you are doing. WinHex is manual…and I find it quite flexible to use. If you are called as an Expert Witness, it is easier to explain when you analyze a case using WinHex.

It is just like a knife…and you can do anything with it…

Btw, I have these three tools to verify the output of the overall analysis.

Sunday, 13 November 2011

Cyberspace Driving License

This type of case is not really a typical cyber hacking crime where there is intrusion into the system and stealing loads of financial or important data. 
However, many have been victimized and the money involved is substantial. It is only through social networking. The awareness campaigns by Malaysia and Australia governments have been intensive but these cases are still on the rise.

Why? It is just like educating people not to drive fast, fasten your seat belt, don’t beat the traffic light and etc…but accidents still happen.

It is you that need to be very precaution…isn’t right? Or should we have cyberspace driving license…what say you?

Saturday, 12 November 2011

Data Recovery

I think many will experience problem with their computer hard disk. Not only hard disk but also your thumb drive. It is inevitable…just like a car...where there is no guarantee that it will not break down…and when it happens you must feel really upset. Just imagine, all you important documents or digital pictures are gone.
So how?
I got an answer for you…data recovery…want to know more…it is really2 difficult but doable…

Friday, 11 November 2011

Cybersafety in Malaysia and Australia

A very good effort by both Malaysia and Australia. I found a poster at my daughter's Mawson Lakes school giving information on cybersafety for the young netizens to refer if they encounter any mishaps in the cyberspace.  

http://www.dbcde.gov.au/online_safety_and_security/cybersafetyhelpbutton_download 
In Malaysia we can always refer to http://www.cybersafe.my/index.html. There are a lot of advisories for our safety in the cyberspace.

Thursday, 10 November 2011

10 business lessons from Steve Jobs

1. Be innovative
2. Have both foresight and confidence 
3. Focus on product, user experience 
4. Get involved with your organization 
5. Don't fear failure, define success yourself 
6. Provide a persona for your company
7. Be an inspiration 
8. Pay attention to details
9. Passion takes you far
10. Don't get hopes high in premature stages

http://www.zdnetasia.com/10-business-lessons-from-steve-jobs-62302477.htm     

Wednesday, 9 November 2011

Institute of Digital Forensics

There is a study on computer forensics in Japan done by Liu,et al. [1]. According to the paper, Japan has been committed on fighting cybercrime and cyber terrorism. The paper analyzes the political structures, legal systems, law enforcement infrastructures and academic development in computer forensics.
It seems the political structure in Malaysia and Japan is similar where both countries consist the components of Executive, Judiciary and Legislative. On the judiciary both countries have supreme and high courts to judge the cybercrime cases. The cybercrime cases in Japan are mainly handled by the National Police Agency for investigation.
According to the paper, the cybercrime in Japan has risen since 2003. Fraud and fraud using the Internet are the highest in 2007 with 1512 and 1229 cases respectively. The lowest is cybercrime of copyright at 165 cases in 2007.
One notable development of digital forensics in Japan is the establishment of The Institute of Digital Forensics a non-profit organization. It looks into the area of development of technology, globalization, legal reform, public awareness, civilian research and development and higher education in computer forensics. It is acting as the intermediary among stakeholders, government, national police agency, industry, education and promoting the development of computer forensics in Japan. 
To have an Institute of Digital Forensics like Japan to move forward the progress of digital forensics further is ideal. It is worthwhile by looking at the contribution of CyberSecurity Malaysia's Digital Forensics Department since year 2000. With this trust and appointment, more programs can be delivered. One of the examples is cooperation among digital forensics organization among other countries. The cooperation can be in terms of research and development initiatives with the aim to reduce the cost to establish a digital forensics outfit.
[1] J. Liu and T. Uehara. “Computer Forensics in Japan: A Preliminary Study.” The 2009 International Conference on Availability, Reliability and Security, pp. 1007-1011, 2009.

Tuesday, 8 November 2011

China’s Cyber Warfare Capabilities

On 4th Nov, I mentioned about Professor Desmond Ball study on Cyber Warfare capabilities. In the paper, it concluded  with this notion...China’s deficiencies and vulnerabilities has led to the adoption of a pre-emptive strategy, as practiced in People’s Liberation Army exercises, in which China’s very destructive but relatively unsophisticated cyber-warfare capabilities are unleashed at the very outset of prospective conflicts.

Read this article http://www.reuters.com/article/2011/10/31/us-china-us-hacking-idUSTRE79U1YI20111031 for further info and analysis. 

Monday, 7 November 2011

Mark Zuckerberg No.9

The World's Most Powerful People


Bill Gates No.5...

If Steve is still around...

Cyber Espionage

Malaysia is being spared!

Leakage of info and docs can also be done MANUALLY. Social engineering and etc. There is no sophistication...merely sweet talk isn't?

http://news.cnet.com/8301-1009_3-20128176-83/symantec-uncovers-cyber-espionage-of-chemical-defense-firms/?tag=mncol;txt