CyberCSI 2nd Half Year 2012, Summary Report

Prepared By: Rafizah Abd Manaf and Nur Aishah Mohamad Reviewed By: Nazri Mohamed Author email address: nazri@cybersecurity.my, rafizah@cybersecurity.my and aishah@cybersecurity.my Department: Digital Forensics Department Date of submission: 31st March 2013

Introduction

Digital Forensics Department (DFD) has successfully gone through a challenging year 2012.

This report will summarize second half year of 2012. As previous years, DFD is providing the

services in computer forensic and data recovery areas for all Local Enforcement Agencies in

Malaysia and other government agencies. The challenges that DFD faced are the increase

number of cases referred to DFD. The numbers of exhibits and size or volume of the media are

also another hurdle which we need to tackle.

Digital Forensics and Data Recovery Statistics

Summary of Digital Forensics cases received as shown in Graph 1 below:

Graph 1:Digital Forensics cases received by month for 2012

38

62

35 34

4845 45

37

6773

51

15

0

10

20

30

40

50

60

70

80

Jan Feb Mar Apr MayJune July Aug Sept Oct Nov Dec

Digital Forensics (2012)

Digital Forensics

Month

Total

The graph is digital forensics cases received by month. Total cases referred to DFD is 661.

From this 661, 550 is fallen under Digital Forensic, which represents 83.2% of the case. The

highest month case received was on October with 73. Towards end of the year, only 15 cases.

The possibilities of up and down of the graph are most agencies have their own labs and they

manage to handle simple cases on their own. As a result, they only sent to us the complicated

and difficult cases. Smuggle, Harrasment and Bribery are the three top case categories for this

2012 digital forensic statistic.

Summary of Data Recovery cases received as shown in Graph 2 below:

Graph 2:Data Recovery cases received by month 2012

111 out of 661 cases received was Data Recovery. It represents 16.8% of total cases. Month of

October shows the highest cases received with 21 cases. The lowest case received was

recorded in month of March and August, which are 8 in total. Most the cases received through

CyberClinic which is total up to 71. This Cyber Clinic was established to cater the demand from

the public and will be the receiving and marketing arm for this data recovery service.

10

8

4

6

13

10

54

8

21

7

15

0

5

10

15

20

25

1 2 3 4 5 6 7 8 9 10 11 12

Data Recovery (2012)

Data Recovery

Month

Total

Digital Forensics Department Achievement in 2012

Section A: Services and Product Provided

a) Digital Forensics Service

Graph 3 below charted the total cases

Graph 3: Cases received by Digital Forensics Department from 2002

DFD has also involved in high profile cases with other agencies. The cases are:

i. Ops Rokok

This operation was held in three different locations, Pulau Lan

Valley. Three teams from DFD were assigned to assist law enforcement

Rokok.. This operation is a

assist the LEA’s Investigation

0

100

200

300

400

500

600

700

2002 2003 2004 2005

135 20 45

30 58 49 48

Total

Digital Forensics Department Achievement in 2012

Section A: Services and Product Provided

Digital Forensics Service

Graph 3 below charted the total cases handled by DFD from year 2002 to 2012.

Graph 3: Cases received by Digital Forensics Department from 2002

has also involved in high profile cases with other agencies. The cases are:

This operation was held in three different locations, Pulau Langkawi, Pulau Labuan, and

. Three teams from DFD were assigned to assist law enforcement

collaboration between LHDN and Bank Negara

assist the LEA’s Investigation Officers in order to seize the digital evidence.

2005 2006 2007 2008 2009 2010 2011 2012

41116

161212

428

444 550

91

105

137

162

172

131

111

Digital Forensics Department Achievement in 2012

by DFD from year 2002 to 2012.

Graph 3: Cases received by Digital Forensics Department from 2002-2012

has also involved in high profile cases with other agencies. The cases are:

gkawi, Pulau Labuan, and Klang

agencies for this Ops

between LHDN and Bank Negara Malaysia. DFD

seize the digital evidence.

Data Recovery

Digital Forensic

Year

ii. Ops Arak

This operation was held in Miri, Sarawak. DFD was requested by Kastam Di-Raja Malaysia to

assist in digital evidence seizure. Two premises were raided and various alcohol tonic brands

were seized by the enforcement.

iii. Ops Aeroplane Parts

United State of America believed some companies in Malaysia involved in purchasing

aeroplane parts from USA and sell them to Iran. DFD was requested by special task forces to

join the operation and assist enforcement agency, SPRM on the digital evidence seizure.

iv. Ops DurianTV

Another major case that DFD involved at national level was Ops Durian. This operation took

place in Pulau Pinang. Two teams were sent to assist local enforcements agencies which

involved from two agencies, PDRM and MCMC.

b) ASCLD/LAB-International Quality Management System (QMS)

CyberSecurity Malaysia Digital Forensic Laboratories has been recognized by ASCLD/LAB as

the first organization in Asia Pacific to receive ASCLD/LAB-International accreditation in the field

of Computer & Multimedia Discipline. With this recognition, DFD can better assist Law

Enforcement Agencies and report produced by analyst from DFD can be accepted in court.

In early 2012, one of our Regulatory Bodies (RBs) in Malaysia, Malaysian Communication and

Multimedia Commission (MCMC) has engaged DFD to develop Digital Forensics Quality

Management System (QMS) for their digital forensics laboratory in accordance to ASCLD/LAB-

International and ISO/IEC 17025. Trainings were given to MCMC forensic members on the

system implementation. DFD team was also assisted them to develop computerized QMS,

which will help them to automate their documentation.

Training Courses & Certification

In 2012, DFD has provided training course to 6 different agencies. They were Bank Negara

Malaysia (BNM), Lembaga Hasil Dalam Negeri (LHDN), Polis DiRaja Malaysia (PDRM),

Selangor University (UNISEL), Kuala Lumpur University (UNIKL), and KPerak. Most of the

participants successfully passed the examination and were given certification.

Research and Development Blueprint

DFD R&D Roadmap focuses on long term and short term research and development, plan to

enhance the current services and operations. Furthermore, the roadmap is designed to ensure

the sustainability of the CyberSecurity Malaysia's Digital Forensic Department business via

exploration of new knowledge and services through R&D efforts.

This is also an effort to ensure CyberSecurity Malaysia’s Digital Forensics Department

contribution is continuously significance to the nation. DFD has played a very eloquent role in

helping our country's Law Enforcement Agencies (LEAs).

DFD has already on the move with the short term research plan via collaboration with the

Fakulti Teknologi Sains dan Maklumat of Universiti Kebangsaan Malaysia in exploring face

recognition for video forensics analysis. Both parties has jointly applied Exploratory Research

Grant Schemes (ERGS) from Ministry of Higher Education (MoHE), in which grant tenure

started since July 2011.This project is expected to be completed in June 2013. Apart from this

collaboration, DFD has already on the planning for more research collaborations with the

current collaborator and other IPTAs namely Universiti Tenaga Nasional (UNITEN), Universiti

Teknologi Malaysia(UTM) and Universiti Teknologi Petronas(UTP).

A few critical research fields are already identified for the future collaborations as listed below:

i. Embedded device recovery and forensics

ii. Video and image forensics

iii. Audio forensics

iv. Biometrics forensics

v. Digital forensics SOP, methodology and innovations.

Based on the fields mentioned, the research topics selected for the undertaking are:

i. Forensic Data Analysis and Recovery from Embedded Device Flash Memory

ii. CCTV Surveillance Video Enhancement: Super-Resolution and Denoising via advanced

image processing algorithms.

iii. Image and Video Authentication: The Exploration of Image and Video Frames Dark

Current and Fixed Pattern Noise Analysis in Determining the Source of Recording

Device.

iv. Image and Video Authentication: Image and Video Authentication via Detection of

graphical modification.

v. Audio Authentication: The Exploration of Electrical Network Frequency (ENF) in audio

forensics.

vi. Biometrics Forensics : Suspects Biometrics Identification System via multimedia files

forensics

vii. The Enhancement of Digital Forensics Operation.

c) Digital Forensics Portal

Digital Forensics Portal was launched in January 2012. This portal was developed for in-house

portal used. It was established to provide the latest data related to cases conducted in forensic

laboratories to all DFD members on their daily tasks. All information and inputs will be updated

in real time and it will summarize all cases submitted by Investigation Officers (IOs). By having

this portal, it has indirectly reduced the case processing time and increase operation productivity

and efficiency.

Section B: Key activities and achievement.

a) Paper Publication

In November 2012, two (2) of our papers have been accepted in the Soft Computing and

Pattern Recognition International Conference (SoCPaR, Brunei). The papers will be available in

conference proceedings published by IEEE.

The papers were:

i. Sparse Representation Super –Resolution method for Enhancement Analysis in

Video Forensics.

ii. Super Resolution Hybrid Methods for CCTV Forensics Interpretation.

b) Nomination by MOSTI

Digital Forensics Department has been nominated by MOSTI for the Prime Minister's Innovation

Award, in the category of information technology. Nomination is based on the commitment,

contribution and achievement shown by DFD toward the nation. Huge cost saving was reported

during RMKe-9 by utilizing local expertise from DFD.

Conclusion

There are a lot of great achievements despites lots of challenges in this 2012. Number of case

is increased while the number of staff was maintained. In view of more agencies referred to

DFD, we can summarize that the relationship and trust with LEAs is good and healthy.

Eventhough some of the agencies start to have their own forensic facilities, assistance from

DFD is still needed especially when dealing with complicated and high-tech crimes. We wish to

get more funding and mandate on this forensic area so that we can be the center of excellent in

near future.