docCyberSecurePakistan2013-Electronic evidence
download 
Report Transcription
CyberSecurePakistan2013-Electronic evidence
CYBER CSI: ADMISSIBILITY OF ELECTRONIC EVIDENCE Copyright © 2013 CyberSecurity Malaysia Who Are We? • CyberSecurity Malaysia is the national cyber security specialist centre under the purview of the Ministry of Science, Technology and Innovation (MOSTI) • We look after the safety of Malaysia cyberspace. We provide safety tips, advisories and specialized services in the field of cyber security Copyright © 2013 CyberSecurity Malaysia 2 Digital Forensics Department (DFD) Provide Malaysia Law Enforcement (LE) agencies with in–house digital forensics capabilities: I. Digital Evidence Analysis and Cyber Investigation including forensics analysis of audio and video II. On-site investigation support III. Data Recovery (logical, electrical and mechanical recovery) IV. Digital Evidence Preservation Facility V. Expert Development Lab Copyright © 2013 CyberSecurity Malaysia 3 DFD roles • To provide Digital Forensics services to all Law Enforcement Agencies in Malaysia in criminal cases • To provide Digital Forensics services to private organization / individual in civil cases • To appear in court of law for expert testimony presenting the digital evidence findings and analyses Copyright © 2013 CyberSecurity Malaysia 4 Forensics Analysis Center Department of Chemistry, Malaysia Reference center for physical evidence examination and analysis CyberSecurity Malaysia Reference center for digital evidence examination and analysis Copyright © 2013 CyberSecurity Malaysia 5 Case statistics from 2002 - 2012 Total 700 600 111 131 500 172 Data Recovery Digital Forensic 400 162 300 444 549 137 428 200 105 91 100 58 30 49 48 212 13 0 2002 5 2003 161 20 2004 45 2005 41 2006 116 2007 2008 2009 2010 2011 2012 Year 6 Case study Copyright © 2013 CyberSecurity Malaysia 7 Newspaper cuttings ALTANTUNYA MURDER CASE Copyright © 2013 CyberSecurity Malaysia 8 Newspaper cuttings VK LINGAM TAPE CASE Copyright © 2013 CyberSecurity Malaysia 9 Newspaper cuttings HINDRAF CASE ILLEGAL INVESTMENT CASE Copyright © 2013 CyberSecurity Malaysia 10 Newspaper cuttings NURIN JAZLIN KIDNAP CASE SOCCER GAMBLING CASE Copyright © 2013 CyberSecurity Malaysia 11 Newspaper cuttings DSAI LIWAT 2 CASE 12 Copyright © 2013 CyberSecurity Malaysia 12 Newspaper cuttings DSAI CHINA DOLL CASE 13 Copyright © 2013 CyberSecurity Malaysia 13 Newspaper cuttings TAX EVASION CASE Copyright © 2013 CyberSecurity Malaysia 14 Newspaper cuttings COPY RIGHT CASE 15 Copyright © 2013 CyberSecurity Malaysia 15 Newspaper cuttings INSULT SULTAN PERAK CASE 16 Copyright © 2013 CyberSecurity Malaysia 16 Understanding digital forensics Copyright © 2013 CyberSecurity Malaysia 17 Digital Forensics Definition The Science Of Digital Forensics “Digital Forensic (DF) is the scientific examination and analysis of digital data held on or retrieved from digital storage media for the purpose of presentation in a court of law, together with the study of the legal aspects of computer use and misuse.” Copyright © 2013 CyberSecurity Malaysia 18 Roles of digital devices in cyber crime As a tool As a target Incidental to the crime Copyright © 2013 CyberSecurity Malaysia 19 The importance of electronic evidence • Digital evidence can be: – Lead to an investigation – Supporting evidence – Key evidence • Crucial to complete the “missing puzzle” in a case investigation Copyright © 2013 CyberSecurity Malaysia 20 Understanding the concept of electronic evidence Copyright © 2013 CyberSecurity Malaysia 21 ‘ELECTRONIC EVIDENCE’ definition • According to Malaysia Law, the definition of electronic evidence is as follow: • SECTION 62 (3) Evidence (Amendment) Act 1993 -“Documents produced by a computer” • SECTION 2 Computer Crime Act 1997 -“Computer output” Copyright © 2013 CyberSecurity Malaysia 22 Cyber related laws of Malaysia Cyber Specific Laws Non Cyber Specific Laws Specific legislation governing online matters Legislation that may be used to regulate online matters whenever applicable • Communications and Multimedia Act 1998 • Optical Disk Act 2000 • Computer Crimes Act 1997 • Digital Signature Act 1997 • Telemedicine Act 1997 • Electronic Commerce Act 2006 • Electronic Government’s Activities Act 2007 • Personal Data Protection Act 2010 • • • • Copyright Act 1987 Sedition Act 1948 Penal Code Defamation Act 1957 23 Gathering of electronic evidence • Detection and investigation – Preliminary information gathering • Preservation of electronic evidence – First responder team – Dead acquisition and live acquisition 24 Examination and analysis of electronic evidence • • • • Objective of examination and analysis Types of seized exhibit Standard and procedure in forensic examination Tool and equipment used 25 Common defense tactics • Common defense tactics are: – To discredit the expert witness reputation – To discredit the digital forensics examination procedures – To create reasonable doubt on electronic evidence 26 Analyst competency • All digital forensics analysts must professionally certified such as GCFA, EnCE, ACE and etc • Digital forensics analyst are compulsory to sit for competency and proficiency test on yearly basis 27 Recognition under the law • Recognition under Malaysia law, by being gazetted under CPC 399 Criminal Procedure Code (F.M.S Cap 6) •Report from DFD, CSM is admissible in the court of law without the need to testify in court unless if required. •f) any person or class of persons to whom the Minister by notification in the Gazette declares that the provisions of this section shall apply. 28 ASCLD/LAB-International accredited lab • Ensuring the quality of digital forensics examination procedures •CyberSecurity Malaysia digital forensics laboratory have been found to meet the requirements of ISO/IEC 17025:2005 “General Requirements for the Competence of Testing and Calibration Laboratories” the ASCLD/Lab-International Supplemental Requirements for Testing Laboratories: 2011 and all other requirements of the ASCLD/LAB International in the field of Forensics Science Testing 29 Scope of Accreditation Field of Accreditation • Forensics Science Testing Discipline • Digital & Multimedia Evidence Categories of Testing • Computer Forensics • Video Analysis • Audio Analysis • Image Analysis 30 30 SUMMARY: Points to ponder • The crimes that are being committed have not changed, just the manner in which they are being committed • Every action leaves a trail of evidence and traceable through Digital Forensics • Electronic evidence extracted from digital devices must be discovered, examined and retrieved in a way that will fulfill legal requirements • Otherwise such evidence will be inadmissible in a criminal or civil trial Copyright © 2013 CyberSecurity Malaysia 31 Copyright © 2013 CyberSecurity Malaysia 32
