Although, I’m CEH certified, by no means I’m an agent of EC-Council and promoting this course.
Modules: Introduction to Ethical Hacking, Footprinting and Reconnaissance, Scanning Networks, Enumeration, System Hacking, Trojans and Backdoors, Viruses and Worms, Sniffers, Social Engineering, Denial of Service, Session Hijacking, Hacking Webservers, Hacking Web Applications, SQL Injection, Hacking Wireless Networks Evading IDS, Firewalls, Honeypots, Buffer Overflow Cryptography and Penetration Testing.
What I want to say here if your are new to cyber security, this could be a good start for you. Then you need to develop yourself onwards to become a cyber security expert. If there is a will, there are many ways and you can do it.
When I was invited as a speaker and panelist at a conference organized by Attorney General’s Chambers of Malaysia in 2010, I did repeatedly mention about the movie Die Hard 4 to the audience. It was not about Bruce Willis (even though I admire him as one of the great actor of Hollywood) but on the “inevitable”…What’s coming forth?
This movie perfectly illustrates the catastrophe. It gives you an idea about Cyber Warfare or Cyber Terrorism devastation.
We live in this borderless world and our cyberspace gateways are purely managed by electronic machines…routers, firewalls, switches and etc. Machine is still a machine, where it will obediently operates as per instructions. It will be no more, no less. Some machines will have some sort of intelligence but susceptible to false positive.
I’m not going to argue on the issue between the football fans and FAM but merely to share on the cyber security incident generally.
What I want to share here is the system that we own is our responsibility. It is just like our house that we need to secure by putting grills, alarms, CCTVs, pad locks and etc. When we were given the house keys by the developer, normally the house is without the above mentioned items.
The same goes to any IT system be it wireless router, laptops and etc. When you take it out of the box, by default, the security of the item is minimal. It is our responsibility to improve the security.
This article is a good read. “USA’s View on World Cyber Security Issues,”by N.Schneidewind . He wrote on new legislation in regards to security issues is highly thought of. This is factual because the law is not evolving fast enough as the technology. The technology is borderless but not the law. The author touches on a few important things as follows.
-Little evidence that the world is secure
-Understanding of technical and policy issues is important
-Then calling for new legislation would be easier
-Research and innovation are important
-Above all, the technical implementation of the National Strategy to Secure Cyber Space
The author also mentioned about new thinking on how to solve the cyber security problem and implementation of plans to solve the problem that have been proposed but action has been lacking.
 N.F.Schneidewind. “USA’s View on World Cyber Security Issues,” in Cyber Warfare and Cyber Terrorism, L.J.Janczewski and M. Colarik, Hershey, PA: Information Science Reference, 2008, pp. 446-452.
The world of digital forensics is getting evermore challenging. Storage capacity is getting higher, cloud computing, mobile phones and the list goes on. We, the digital forensics professionals strive to investigate and analyze our case item and the process must be forensically sound.
Why not we have forensically sound IT equipment instead. It makes life easier isn’t it? There is a paper by Huebner  who shared on this predicament.
 E.Huebner and F.Henskens. “The Role of Operating Systems in Computer Forensics.” Operating Systems Review and ACM SIGOPS, 2010.
KUALA LUMPUR July 15 2011 — A total of 7,404 cyber security cases were handled by CyberSecurity Malaysia’s Cyber999 Security Incident Help Centre during the first half of this year, compared to 2,991 incidents reported in first half of 2010. CyberSecurity Malaysia chief executive officer Datuk Husin Jazri said the number of incidents jumped significantly compared to last year, with an increase of 147 per cent. "The increase of cyber security incidents in Malaysia is closely related to the increase of Internet usage in the country. At present, Malaysia has more than 17 million Internet users and the number is growing due to the support from the robust development of broadband infrastructure. Efforts should be made to increase cyber security awareness among Internet users in Malaysia, and we at CyberSecurity will continue to play our role by conducting awareness programs, offering cyber security services, as well as collaborating with various organisations to ensure that the goal is achieved.” he said.
Husin made these comments here today at a media briefing on the cyber security scenario in Malaysia at Wisma Bernama. He noted that in the first six months of 2011, all cyber security incidents categories have recorded a significant increase, with fraud related incidents leading the list, followed by spam, intrusion attempts and others. "Phishing, that is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication, showed the highest recorded cases in fraud related incidents. As fraud becomes more significant, particularly phishing related incidents, CyberSecurity has taken the initiative by developing a plug-in known as ”DontPhishMe” to provide protection against Internet banking threats, particularly from phishing. It has received commendable and respected views from the industry and the public. The current version, 1.6.0, is now available to the public at large, having passed thorough reviews by Mozilla and Google.” he said.
The Cyber999 Help Centre, a one-stop public service centre mainly for Internet users to lodge reports on cyber security incidents, has recorded 22,208 cyber security related incidents since 2002, he said.
Husin said CyberSecurity and the industry would continue to collaborate with partners such as Microsoft to improve security, privacy and also to increase the public’s awareness. "A combined effort helps to protect the broader online community from the threats propagating today and develop more secure software solutions to prevent criminals from reaping the benefits.” he said.
At the same media briefing, Microsoft Malaysia national technology officer Dr Dzaharudin Mansor said Internet users in the country must know the correct way to secure their computer's data and software. "You need to keep all the software on your system updated, run anti-virus software from trusted vendors, avoid pirated software from sites you are not sure of, and ensure the use of strong passwords.” he said.
Aswami, who is a GIAC Certified Forensics Analyst (GCFA), graduated from University of Liverpool in the United Kingdom, with a Bachelor’s degree in Electronics Engineering. He also holds a Master’s degree in Management from University of Malaya. He began his career at Sime Darby Berhad, one of the well known conglomerates in Malaysia, and was responsible for overseeing Malaysia’s tallest building, the Petronas Twin Towers and Mid Valley City, one of the largest shopping malls in Kuala Lumpur; back-up power supply SCADA system projects.
In 1999, he joined MIMOS Berhad, a government-owned agency for national microelectronics R&D centre. Later, he was entrusted to lead Digital Forensics Department under National ICT Security & Emergency Response Centre (NISER), now known as CyberSecurity Malaysia.
He specializes in Wireless LAN Security and is a Certified Wireless Security Professional (CWSP). Along with GCFA and CWSP, Aswami is a Certified Ethical Hacker (CEH) and has attended various forensics training sessions.
With Y.B. Datuk Seri Panglima Dr. Maximus Johnity Ongkili, MOSTI's minister.
Digital forensics or cyber security can’t do away with legal requirements. It is a must in digital forensics whereby everything you do must abide to legal proceeding. For a techie guy, most probably it is cumbersome to process a technical subject according to a stipulated process. It can be aggravating to these geeks.
However, you are liable to scrutiny when you appear in the court of law. If you are not well prepared, you can be grilled by either the prosecution or defense attorney depending on which side you are. Of course you need to avoid this or totally discard your digital forensics profession altogether. So you must buck up with a reasonable SOP.
Apart from SOP, a digital forensics analyst must be well versed with their country cyber laws. In Malaysia we have several acts that fall under cyber laws as follows.
-Evidence Act 1993, to allow the admission of electronic evidence
-Computer Crime Act 1997, to criminalize certain forms of conduct targeted at computers
Have you ever thought of developing your own device drive? Luckily in Linux there is virtual file system (VFS) trying to read every each storage media attached to it. If the media is proprietary then it is trouble…
You may need to develop your own device driver.
-character or block device
-compiling kernel module…gcc
-rmmod and etc
The above is not all…there are still more to be considered!!!
Introduction to Linux device drivers by Raghu Bharadwaj (www.techveda.org).
Before I joined CyberSecurity Malaysia sometime in year 2003, I was working at MIMOS (MYSEM, semiconductor division) - http://www.mimos.my/. I was amazed with MIMOS achievement and the most intriguing part was its motto “Innovation for Life”.
In Digital Forensics, most probably the number of practitioners is more than the researchers. Or a practitioner may also be a researcher. Doing both tasks might be too heavy to carry. However, a researcher is always associated with innovation.
Talking about innovation, I have great respect for the work done by Jesse Kornblum, Kris Kendall and Nick Mikus on their Foremost program. Also, Golden G. Richard III has improved file carving called Scalpel.
This is what I called innovators and what’s most important they share their expertise.
The new generations of computer application are getting intricate. This is due to the current demand and trend. YouTube Internet application is the nearest example and connecting to it preferably needs broadband. The broadband connection is required for heavy and complex computer applications. High-end computer, broadband network, and complex application are the current technologies of the IT. These technologies are to meet the modern digital lifestyles. New electronic equipments are aspired and as a result, manufacturers are competing and actively introducing their new products.
Combining computer processors to be high-powered computer or supercomputer is probable for well-funded organization. Otherwise, cloud computing could be an option available but the technology and actual cost of it is uncertain. A lot of discussion is ongoing on cloud computing to address this forth-coming technology vulnerability. The option for cloud computing had a discussion on security and privacy. Minqi Zhou et al.  found users concern was not fully sort out and more should be added in terms of five aspects. They are availability, confidentiality, data integrity, control, and audit. The cloud computing solution has created another technical challenge in the digital forensics perspective. The data storage is located in multi places. This setup makes digital evidence acquisition unworkable. It adds up to the intricacy in digital forensics and another need for research. Taken as a whole, how secure is our computer installation remains doubtful. The computer and application deployment are built with security secondary. The concern on its security is little. This mind set has to be changed with computer security as priority for safer usage.
 M.Zhou, R.Zhang, W.Xie, W.Qian, and A.Zhou. “Security and Privacy in Cloud Computing: A Survey,” in Sixth International Conference on Semantics, Knowledge and Grids, 2010, pp. 105 -112.
As a digital forensics practitioner, we depend so much on tools for our day to day work. Be it commercial or open source. It is good if you could spend some of your time knowing how these tools operate. For a start, look into file carving and specification. You’ll be amazed.
There is a good paper on “The Evolution of File Carving” by Anandabrata Pal and Nasir Memon.
There is a lot of case in Malaysia that needs multimedia forensics expertise. Professor Hany Farid is one of the few experts. Below excerpt is taken from http://en.wikipedia.org/wiki/Hany_Farid.
“Latest controversial images verification report over the Opposition Leader of Malaysia
He was reported to be one of the person who prepare a report of video analysis together with Professor Lorenzo Torresani in a sex trial in Malaysia. It was stated that on 4 June, experts from Dartmouth College, Hanover, New Hampshire in the US verified the authenticity of the video, that there was no tampering or any act of super-imposing and that it originated from a DVR camcorder taken from Datuk Shazryl.”
To get some perspectives of multimedia forensics watch this video – NIST Colloquium Series: Digital Forensics.
The training is quite interesting. A lot of networking and hacking stuff. Some of the tools are available from the Internet for free. But do not use it against the law. I went through it years ago and obtained the certification.
This book by Brian Carrier is a must for all digital forensics analysts. To those who are new to digital forensics, file systems knowledge is compulsory. It ranges from the simplest FAT32, NTFS, EXT3, HFS+, ISO9660 and etc. One day there would also be a case item with proprietary file system.
If you are serious about digital forensics, you need to involve yourself with system programming. It is simple...start with C programming. There are a lot of things you can do with C. Then move on to C++ and later you could also include some visuals.
I feel that Linux programming can improve your skill tremendously in system programming. C is created for system development and the birth of Linux is possible because of C itself.
So, with C system programming skill, you are able to develop Digital Forensics tool and this book can be a good reference. Some of the topics covered are as follows.
The R&D contributions in cyber security are overwhelming. There are many researchers in this field addressing every each gap. The United States of America under the Department of Homeland Security had produced documentation on A Roadmap for Cybersecurity Research in year 2009 .
The R&D investments recommended in this roadmap is to solve the computer vulnerabilities. The document provided detailed R&D agendas relating to 11 hard problem areas in cyber security. The 11 hard problems are as follows.
· Scalable trustworthy systems
· Enterprise-level metrics
· System evaluation life cycle
· Combating insider threats
· Combating malware and botnets
· Global-scale identity management
· Survivability of time-critical systems
· Situational understanding and attack attribution
· Privacy-aware security
· Usable security
One notable subject is digital forensics. No country can afford to leave out digital forensics R&D because of its of importance in the cyber security. The digital forensics skill sets as practitioners and researchers are mandatory. The IT is getting complicated and the ability must be increased at the same level if not one step ahead. The file system technology can be an example on the complexity.
 Government of the United states of America, Homeland Security. A Roadmap for Cybersecurity Research, 2009.
Please let me refer to the StarOnline news on Aminulrasyid Case: Cop Guilty of Causing Death dated 16 September 2011.
I’m not going to delve into the case but to share on one of the judge rulings. The judge was quoted “The court respects him for his experience but agrees with the prosecution that he is not an expert witness. His testimony is based on his experience and not expertise”. The expert witness was Mr. Amidon Anan, a former forensics lab chief of the police crime scene investigation unit. He was undisputable during his tenure at PDRM.
What is the lesson learned? The reality and expectation of an expert witness has changed. The legal and forensics realm have evolved too, to meet the demand of today’s community. It is anticipated more to come in the near future. We have excelled in digital forensics as practitioner. Is this enough in time to come?
Many of the world best digital forensics practitioners are also world best digital forensics researchers such as Michael Cohen, Simson Garfinkel and Brian Carrier. These people are Digital Forensics Gurus who developed tools (PyFlag, Autopsy & etc).
Are we able to stand tall among them? We need to think! It is time to change!
In the future, I will share more on digital forensics R&D.
By EE-LYN TAN
The rise of technology-related crime has brought computer forensic analysts to the fore.
FANCY becoming a crime scene investigator (CSI) in cyberspace? Thanks to television shows like CSI, people are now more aware of what computer forensic analysts like Aswami Fadillah Mohd Ariffin does for a living.
Although what is depicted is not always accurate, the digital forensics head at Cybersecurity Malaysia says television has done a great job of promoting his profession.
“You can't really enhance a poor image with the click of a mouse like what you see on TV. It's a lot more complicated,” says the 36-year-old with a laugh.
ASWAMI: I love how challenging the job can be.
Aswami graduated with an electronic engineering degree from the University of Liverpool, United Kingdom, in 1996, and has worked on several high profile cases.
Recently, he was called as an expert witness in the murder trial of Mongolian Altantuya Shaariibuu. He helped police extract data from handphones, SIM cards and laptops.
Aswami is currently pursuing a Masters of Management at Universiti Malaya, part-time.
My job involves ...
... the use of science and technology to investigate and establish facts in the court of law.
I work with digital evidence, which includes data recovery and code breaking of CD-ROMS, USB thumb drives and handphones.
It is our job to investigate when there are incidents of intrusion or malicious activity such as important data being deleted in systems as well as hacking and fraud.
For example, when a malicious text message is sent, we will retrieve the data and work with the telecommunications company to trace the origin and submit the information for prosecution.
At the end of the day, we are involved in determining whether an individual has been involved in wrongdoings or is innocent.
Analysts are required to detect cyber crimes.
We are also starting to venture into video and audio forensics, which is rapidly developing.
My morning starts with ...
... browsing e-papers to catch up with the latest in technology as it is very important to be updated.
Throughout the day, I'll also have meetings with lawyers to go through any issues or evidence.
Besides that, I will review reports and vet through case analyses with my team of 10 analysts.
I also manage our budget and keep an eye on expenditure.
To qualify, you need ...
... a degree in electronic engineering, preferably with experience in research and development.
Be warned: If you send a malicious text message, computer forensic analysts will be hot on your trail.
A qualification in computer science or computer engineering is also quite common in this field.
A master’s degree is also valued.
We train and mentor new graduates. This is important so that they can then work independently.
It is common for analysts to share and talk about their cases and give each other feedback.
The best person for the job is...
... someone who has a strong personality, is creative, innovative, positive, passionate and patient.
When doing a case analysis, it can get very tense and there is also a lot to do, so it's important to be patient.
Passion is another element that will help because when you're passionate about what you do, the job isn't boring.
As a computer forensic analyst you want to get results and solve cases, so that keeps you going.
This job involves a combination of technology and law so some legal knowledge would help.
But you can also learn the legal aspect on the job so you don’t need prior knowledge.
Prospects for the future ...
... are very bright. I recently attended an international conference and discovered that Malaysia is not very far behind the rest of the world in terms of computer forensics although we are still relatively new in the field.
In the past, we used to have to consult analysts from abroad because we didn't have this expertise in Malaysia.
The demand for analysts is going to grow as the number of “cyber crimes” or computer-related crimes are on the rise.
I love my job because ...
... of its uniqueness. No two cases are alike.
I love the challenge and feeling of knowing that I am learning something new every day.
Besides law and technology, deduction also plays a role – you figure out certain things about people from just their behaviour, which can be very interesting.
What I dislike the most ...
... is when I'm unable to solve a case.
For example, sometimes we are provided with CCTV footage that is of very low quality and there is no way to enhance the footage, which makes life very difficult.
A millionaire by 30?
I don't see why not. We've got millionaire lawyers so why can't there be millionaire computer forensic analysts? (laughs!)
Fresh graduates can expect to earn between RM2,000 and RM2,500 a month.
With education, effort and experience, it's possible to become a senior analyst in two to three years and earn about RM7,000.
Si mata-mata jenayah maya
Kes Altantuya, Lingam pencetus dimensi baru forensik digital negara
SIAPA yang tidak tahu kes melibatkan video klip peguam Datuk V.K. Lingam dan kamera litar tertutup (CCTV) Altantuya Shaaribuu yang hangat diperkatakan kini. Namun tidak ramai yang tahu insan yang kadangkala mengambil masa berminggu-minggu untuk merungkai kesahihan bukti kes berprofil tinggi itu.
Di sebalik pengaruh siri penyiasatan televisyen popular CSI yang menampilkan pelakon seperti Gary Sinise, Melina Kanakaradey Bonaseva dan Anna Belknap, negara kita tidak ketinggalan memiliki penyiasat forensik digital ‘alam maya’.
Wartawan AMREE AHMAD dan MEGAT LUTFI MEGAT RAHIM menyelami ‘dunia’ penyiasat forensik digital bersama Ketua Forensik Digital CyberSecurity, Aswami Fadillah Mohd. Ariffin, 38, di pejabatnya di Seri Kembangan, Selangor baru-baru ini.
ASWAMI FADILLAH MOHD ARIFFIN
KOSMO! Ahad: Anda tidak gentar menjadi saksi pada perbicaraan yang mendapat liputan meluas seluruh negara kini?
ASWAMI FADILLAH: Sebenarnya pihak forensik digital, CyberSecurity bekerjasama dengan semua pihak terutamanya pihak polis dan Badan Pencegah Rasuah (BPR) bagi setiap kes yang memerlukan bantuan kami.
Setakat ini, pihak pengurusan hanya memberi autoriti kepada saya dan seorang lagi pakar forensik digital untuk menjadi saksi pada perbicaraan mahkamah daripada 20 orang kakitangan yang terdapat dalam bahagian kami.
Merujuk kepada soalan anda, saya harus bersedia 100 peratus. Jika tidak lidah akan kelu berbicara saat orang menumpukan perhatian pada saya.
Bagaimana memastikan bahan bukti dalam keadaan baik?
Sebenarnya imej digital yang disimpan dalam kad memori tidak akan rosak sekiranya dipindahkan ke mana-mana termasuk komputer peribadi memandangkan bukti itu dalam bentuk elektronik. Ia akan kekal kerana pemindahan itu dibuat secara keseluruhan dalam bentuk yang tepat.
Isu ketulenan dan keaslian fail serta imej yang disalin dan dipindah tidak timbul kerana semuanya adalah tulen sekalipun ditukar kepada format berbeza.
Kami juga mendapat pengiktirafan daripada Piawaian Teknologi Kebangsaan iaitu sebuah pertubuhan yang membuat piawaian dan mengesahkan semua peralatan forensik.
Macam mana pula alatan yang digunakan?
Saya tidak memilih alatan sebenarnya. Saya akan menggunakan setiap alatan yang dapat memudahkan siasatan yang dijalankan. Apa yang penting, penganalisis itu sendiri harus berfikiran analitikal dan yakin untuk merungkai kesulitan yang dihadapi.
Disebabkan itu ada yang tidak bercuti sehingga dua minggu dan bekerja sehingga lewat malam bagi memastikan kami bersedia dengan siasatan yang teliti dan rapi.
Berapa lama tempoh yang diberi untuk mengendalikan satu-satu kes?
Sebetulnya tiada tempoh masa yang diberikan tetapi saya dan rakan bersedia setiap masa apabila mendapat arahan.
Berapa peruntukan yang dikeluarkan pihak kerajaan bagi menangani ancaman dunia siber kini?
Tiada fakta yang tepat sebenarnya. Jika 2002, bekas Menteri Tenaga, Komunikasi dan Multimedia, Datuk Amar Leo Moggie menyatakan Malaysia mengalami kerugian RM22 juta kerana terpaksa menyelesaikan pelbagai masalah akibat ancaman dan serangan berkaitan ICT, saya yakin angka itu bertambah dari semasa ke semasa.
Setakat ini, seluruh dunia membelanjakan AS$9 bilion bagi menyediakan peralatan untuk menangani ancaman berkaitan ICT dan saya yakin kerugian yang dialami melebihi angka tersebut.
Bagaimana pula kadar kenaikan jenayah siber setiap tahun?
Jenayah meningkat setiap tahun pada perkiraan 40 hingga 50 peratus. Ini berdasarkan teknologi yang semakin berkembang serta kadar jenayah berjalan seiring dengannya. Selain itu, penjenayah semakin licik dengan teknologi. Kita harus sama memantapkan diri dengan ilmu teknologi setiap masa.
Apa pendekatan digunakan penjenayah siber kini?
Penjenayah sekarang bijak. Mereka tidak akan berbincang melalui telefon dan berjumpa semata-mata. Mereka turut menggunakan kod tertentu yang sukar difahami dan kita memerlukan masa untuk mengesan dan mengambil tindakan.
Bagaimana harapan saudara mengenai masa depan dunia forensik digital?
Selaras dengan peningkatan kes-kes yang melibatkan ICT, saya berharap kerajaan dapat menubuhkan Mahkamah Digital seperti di Amerika Syarikat untuk memastikan segala prosiding dapat dilakukan dengan segera dan lebih cekap.
I’ve created this digital forensics, cyber security and info tech blog for us to share our knowledge and experience. It is hoped that this blog would be a good resource and beneficial to those seeking information in this important field. You are also encouraged to provide valuable inputs.