Perkembangan Keterangan Secara Digital dan Eletronik Di Mahkamah

Keadaan..Jenayah semasa yang sedang berlaku di Malaysia melibatkan tahap teknologi yang tinggi. Secara ringkas, saya perlu terlebih dahulu mengatakan bahawa Malaysia mempunyai banyak usaha dan cubaan dalam perkembangan pembanggunan sain dan eletronik telah mempengarhi  dari segi pembuktian di dalam Mahkamah secara   elektronik yang sungguh mencabar. 

Pindaan dalam tafsiran berkaitan dengan perkataan 'dokumen" di dalam Akta Keterangan 1950 dengan sendirinyajuga dapat menjelaskan keadaan ini: Seksyen 3 Akta Keterangan 1950, yang disebut "Akta ibu" dalam Akta ini, adalah dipinda— (a) dengan menggantikan takrif "dokumen" dengan yang berikut: '

 "dokumen" ertinya apa-apa hal yang dinyatakan, diperihalkan, atau bagaimana jua pun digambarkan, atas apa-apa benda, bahan, barang atau artikel, termasuklah apa-apa hal yang terkandung dalam cakera, pita, filem, runut bunyi atau apa jua pun peranti lain, dengan menggunakan-

(a)    huruf, angka, tanda, simbol, isyarat, lambang, atau apa jua pun bentuk pernyataan, perihalan, atau gambaran lain;

(b)   apa-apa rakaman visual (sama ada imej kaku atau bergerak);

(c)    apa-apa rakaman bunyi, atau apa-apa jua pun rakaman elektronik, magnetik, mekanikal atau rakaman lain dan walau bagaimana jua pun dibuat, atau apa-apa bunyi, dedenyut elektronik, atau apa jua pun data lain;

(d)   suatu rakaman, atau pemancaran, dari suatu jarak, apa-apa hal dengan manamana, atau apa-apa kombinasi, cara yang disebut dalam perenggan (a), (b) atau (c), atau dengan lebih daripada satu cara yang disebut dalam perenggan (a), (b), (c) dan (d), yang dimaksudkan untuk digunakan atau yang mungkin digunakan bagi tujuan menyatakan, memperihalkan, atau dengan apa jua cara sekalipun menggambarkan, hal itu;

MlSALAN Tulisan ialah dokumen. Perkataan yang dicetak, dilitografkan atau difotografkan ialah dokumen. Peta, pelan, graf atau lakaran ialah dokumen. Inskripsi pada kayu, logam, batu, atau apa-apa benda, bahan atau barang lain ialah dokumen. Lukisan, citra, gambar atau karikatur ialah dokumen. Fotograf atau negatif ialah dokumen. Rakaman pita komunikasi telefon, termasuklah rakaman komunikasi sedemikian yang dipancarkan dari suatu jarak, ialah dokumen. Rakaman fotografi atau rakaman visual lain, termasuklah rakaman pemancaran fotografi atau pemancaran visual lain dari suatu jarak, ialah dokumen. Hal yang dirakamkan, disimpan, diproses, didapatkan semula atau dikeluarkan oleh komputer ialah dokumeii.';

Itulah gambaran yang saya dapat fahami selepas mendengar ucapan oleh Encik DanielHains yang merupakan Ahli Bersekutu kanan forensik dari Australia. Ia adalah taklimat sangat bermaklumat dan komprehensif yang turut dianjurkan oleh speaker. Bagi kami peguam yang tidak mahir dengan terma-terma teknikal  dan teknik terlibat  dalam memperolehi dan memelihara bukti elektronik, pertuturan yang di sampaikan adalah  sebagai membuka mata yang sangat baik.Saya telah berjaya untuk mendidik diri sendiri dengan syarat-syarat yang telah "berbeza " kepada saya sebelum ini seperti bahan bukti dalam bentuk "megadata" dan "pengimejan digital". Encik Daniel menjelaskan di dalam ucapan  beliau bahawa mereka menggunakan beberapa perisian untuk mendapatkan atau mendapatkan bukti-bukti elektronik dan bukti-bukti ini boleh diperolehi daripada pelbagai peranti-peranti elektronik seperti komputer,telefon bimbit, Ipod, kamera digital dan sebagainya.

Ia adalah juga sangat menarik untuk kita mengetahui dengan lebih lanjut  bahawa mana-mana data dalam komputer kita tidakbenar-benar dihapuskan apabila kita menghapuskan data tersebut di mana ia boleh sentiasa berpindah dari satu komputer ke satu komputer. Saya telah juga di jelaskan daripada ucapan beliau bahawa mahkamah- di Australia mengakui ini perisian yang digunakan untuk mendapatkan atau mendapatkan bukti elektronik di mana ketepatan laporan atau keputusan yang tidak tepat  sering dicabar semasa perbicaraan dan terkecuali kepada cabaran pada "rantaian bukti".

Semasa ucapan beliau juga, saya sedar bahawa ia adalah satu proses yang memakan masa dan membosankan untuk mendapatkan bukti elektronik. Encik Daniel juga memaklumkan kepada kami bahawa sebagai seorang saksi pakar dalam menghasilkan bukti elektronik, beliau akan biasanya menyediakan laporan terperinci mengenai bukti elektronik yang terjamin di mana laporan ini juga akan merangkumi prosedur,kaedah dan perisian yang digunakan.

Yang Di-Pertua juga berkongsi dengan kami pengalaman beliau sendiri di dalam mendapatkan bukti-bukti ini. Ia adalah masa yang terbaik untuk kita di Malaysia terutama dalam pengamal undang-undang untuk membiasakan diri dengan ilmu pengetahuan tentang bukti elektronik. Kita tidak boleh menutup mata kita untuk mengeluarkan bukti elektronik berdasarkan fakta-fakta yang di mana jenayah semasa yang sedang berlaku di Malaysia melibatkan tahap teknologi yangtinggi.

Sudah hari-hari di mana kita digunakan untuk mengeluarkan bukti-bukti fizikal seperti dokumen-dokumen bercetak. Keperluan yang mendesak bagi sistem yang berkesan untuk memperolehi bukti elektronik di Malaysia juga memerlukan pindaan kepada Akta Keterangan 1950 kitai  untuk memudahkan pengeluaran keterangan elektronik  dalam mahkamah tempatan kita terutamanya peruntukan-peruntukan khusus mengenai keesahan sesuatu  keterangan elektronik.The Malaysian Bar  

Pindan Akta Keterangan 2012 [ As at 1 December 2012] Jelas memperincikan keluasan pengertian bagi penggunan keterangan Dukumen Digital dan Eletronik dalam Mahkamah di Malaysia.

Tafsiran

“computer” means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic,storage and display functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices, but does not include an automated typewriter or typesetter, or a portable hand held calculator or other similar device which is non-programmable or which does not contain any data storage facility;

Proof of public documents produced by computers

 78A. EA 1950. Notwithstanding anything contained in sections 77 and 78, the provisions of sections 90A, 90B and 90C shall apply to a public document.  

Proof of documents by production of certified copies 

Sec.77. Copies certified in the manner set out in section 76 may be produced in proof of the contents of the public documents or parts of the public documents of which they purport to be copies.

Admissibility of documents produced by computers, and of statements contained therein 

Sec .90A.
(1) In any criminal or civil proceeding a document produced by a computer, or a statement contained in such document, shall be admissible as evidence of any fact stated therein if the document was produced by the computer in the course of its ordinary use, whether or not the person tendering the same is the maker of such document or statement

(2) For the purposes of this section it may be proved that a document was produced by a computer in the course of its ordinary use by tendering to the court a certificate signed by a person who either before or after the production of the document by the computer is responsible for the management of the operation of that computer, or for the conduct of the activities for which that computer was used.

(3) (a) It shall be sufficient, in a certificate given under subsection (2), for a matter to be stated to the best of the knowledge and belief of the person stating it. (b) A certificate given under subsection (2) shall be admissible in evidence as prima facie proof of all matters stated in it without proof of signature of the person who gave the certificate.

(4) Where a certificate is given under subsection (2), it shall be presumed that the computer referred to in the certificate was in good working order and was operating properly in all respects throughout the material part of the period during which the document was produced. 

(5) A document shall be deemed to have been produced by a computer whether it was produced by it directly or by means of any appropriate equipment, and whether or not there was any direct or indirect human intervention.

(6) A document produced by a computer, or a statement contained in such document, shall be admissible in evidence whether or not it was produced by the computer after the commencement of the criminal or civil proceeding or after the commencement of any investigation or inquiry in relation to the criminal or civil proceeding or such investigation or inquiry, and any document so produced by a computer shall be deemed to be produced by the computer in the course of its ordinary use. 

(7) Notwithstanding anything contained in this section, a document produced by a computer, or a statement contained in such document, shall not be admissible in evidence in any criminal proceeding, where it is given in evidence by or on behalf of the Evidence 71 person who is charged with an offence in such proceeding the person so charged with the offence being a person who was— (a) responsible for the management of the operation of that computer or for the conduct of the activities for which that computer was used; or (b) in any manner or to any extent involved, directly or indirectly, in the production of the document by the computer. 

Pada zaman digital kini, keterangan dalam bentuk dokumen yang dikeluarkan oleh komputer adalah sangat penting bagi  suatu kes jenayah atau sivil di mahkamah. Di dalam undang-undang Malaysia, kebolehterimaan dokumen yang dikeluarkan oleh komputer telah dimaktubkan di dalam AKTA KETERANGAN 1950.

Petikan Seksyen 90A(2) Akta Keterangan 1950:

“Bagi maksud seksyen ini boleh dibuktikan bahawa sesuatu dokumen telah dikeluarkan oleh komputer dalam perjalanan penggunaannya yang biasa dengan mengemukakan kepada mahkamah suatu perakuan yang telah ditandatangani oleh seseorang yang sama ada sebelum atau selepas pengeluaran dokumen itu oleh komputer itu bertanggungjawab bagi pengurusan pengendalian komputer itu, atau bagi perjalanan aktiviti yang baginya komputer itu digunakan.”

Berdasarkan kepada Seksyen 90A(2) Akta Keterangan, ia membenarkan pengemukaan dokumen yang diterbitkan oleh komputer jika terdapat suatu perakuan yang telah ditandatangani oleh seseorang yang, sama ada sebelum atau selepas pengeluaran dokumen itu oleh komputer itu, bertanggungjawab bagi pengurusan pengendalian komputer itu, atau bagi perjalanan aktiviti yang baginya komputer itu digunakan.

Berikut merupakan contoh  Surat Perakuan Dibawah Seksyen 90A(2)AKTA KETERANGAN 1950yang dikeluarkan oleh CyberSecurity Malaysia:

Dokumen yang boleh diketegorikan sebagai dokumen dikeluarkan oleh komputer  adalah seperti rakaman CCTV, fail pangkalan data, cetakan imej pegun , cetakan resit ATM, data telefon bimbit dan banyak lagi. Oleh yang demikian, pegawai penyiasat, pegawai serbuan dan juruanalisa forensik boleh menggunakan surat akuan ini untuk dilampirkan bersama dokumen yang dikeluarkan oleh komputer. Surat akaun ini amat berguna dan penting untuk mengesahkan ketulinan dokumen ketika dibawa ke mahkamah.

Contributed by Shanmugam Ganesan


In a nutshell, I have to first say that Malaysia has a lot to catch up with in terms of electronic evidence are concerned. That is the impression that I got after listening to the speech by Mr. Daniel Hains who is a senior associate of forensic.

It was a very informative and comprehensive speech that was well organised by the speaker. As for we lawyers who are not well versed with the technical terms and technique involved in securing and preserving electronic evidence, the speech served as a very good eye opener.

I have managed to educate myself with terms that were “alien” to me before this such as “megadata” and “digital imaging”.

Mr. Daniel explained in his speech that they use few softwares to secure or obtain electronic evidences and these evidences can be obtained from various electronics devices such as computer, handphones, Ipod, digital camera and etc.

It was also very interesting to know that any data in our computer is not completely deleted when we delete such data where it can always be relocated from the computer. I have also gathered from his speech that the courts in Australia recognises these softwares that are used to obtain or secure electronic evidence where the accuracy of the report or result are not often challenged during the course of a trial except for challenges on the “chain of evidence”.

During the course of his speech also, I realised that it is a time consuming and tedious process to obtain electronic evidence.

Mr. Daniel also informed us that as an expert witness in producing electronic evidence, he will normally prepare a detailed report on the electronic evidence that was secured where this report will also cover the procedure, methods and software that was used.

The speaker also shared with us his own experiences in securing these evidences.

It is high time for us in Malaysia especially in the legal fraternity to familiarise ourselves with knowledge on electronic evidence. We cannot close our eyes to the issue of electronics evidence in light of the facts where current crimes that is taking place in Malaysia involves high level of technology.

Gone are the days where we used to produce physical evidence such as printed documents. The pressing need for effective system of securing electronic evidence in Malaysia also calls for amendments to our Evidence Acts 1950 to facilitate the production of electronic evidence in our local courts especially the provisions regarding electronics evidence.

The Malaysian Bar - Dealing with Electronic Evidence by Vincents ...

Digital evidence or electronic evidence 

is any probative information stored or transmitted in digital form that a party to a court case may use at trial.^[1]Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required.^[1]

The use of digital evidence has increased in the past few decades as courts have allowed the use of e-mails, digital photographs, ATM transaction logs,word processing documents, instant message histories, files saved fromaccounting programs, spreadsheets, internet browser histories, databases, the contents of computer memory, computer backups, computer printouts, Global Positioning System tracks, logs from a hotel’s electronic door locks, and digital video or audio files.^[2]

Many courts in the United States have applied the Federal Rules of Evidenceto digital evidence in a similar way to traditional documents, although important differences such as the lack of established standards and procedures have been noted.^[3] In addition, digital evidence tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated, potentially more expressive, and more readily available. As such, some courts have sometimes treated digital evidence differently for purposes of authentication, hearsay, thebest evidence rule, and privilege. In December 2006, strict new rules were enacted within the Federal Rules of Civil Procedure requiring the preservation and disclosure of electronically stored evidence. Digital evidence is often attacked for its authenticity due to the ease with which it can be modified, although courts are beginning to reject this argument without proof of tampering.^[4]

Admissibility

Digital evidence is often ruled inadmissible by courts because it was obtained without authorization.^[1] In most jurisdictions awarrant is required to seize and investigate digital devices. In a digital investigation this can present problems where, for example, evidence of other crimes are identified while investigating another. During a 1999 investigation into online harassment by Keith Schroeder investigators found pornographic images of children on his computer. A second warrant had to be obtained before the evidence could be used to charge Schroeder.^[1][5]

Authentication

As with any evidence, the proponent of digital evidence must lay the proper foundation. Courts largely concerned themselves with the reliability of such digital evidence.^[4] As such, early court decisions required that authentication called "for a more comprehensive foundation." US v. Scholle, 553 F.2d 1109 (8th Cir. 1976). As courts became more familiar with digital documents, they backed away from the higher standard and have since held that "computer data compilations… should be treated as any other record." US v. Vela, 673 F.2d 86, 90 (5th Cir. 1982).

A common attack on digital evidence is that digital media can be easily altered. However, in 2002 a US court ruled that "the fact that it is possible to alter data contained in a computer is plainly insufficient to establish untrustworthiness" (US v. Bonallo, 858 F. 2d 1427 - 1988 - Court of Appeals, 9th).^[1][6]

Nevertheless, the "more comprehensive" foundation required by Scholle remains good practice. The American Law Reportslists a number of ways to establish the comprehensive foundation. It suggests that the proponent demonstrate "the reliability of the computer equipment", "the manner in which the basic data was initially entered", "the measures taken to ensure the accuracy of the data as entered", "the method of storing the data and the precautions taken to prevent its loss", "the reliability of the computer programs used to process the data", and "the measures taken to verify the accuracy of the program". 7 American Law Reports 4th, 8, 2b.

In its turn it gave rise to a breed of commercial software technology solutions designed to preserve digital evidence in its original form and to authenticate it for admissibility in disputes and in court. One of the examples is OnLock Digital Authentication, a software-as-a-service solution for preservation and authentication of digital evidence in a non-edit environment. Such software solutions aim at enhancing the legal value of digital evidence as well as at maximizing the admissibility of the evidence at trial.

UK ACPO guidelines

In the United Kingdom, examiners usually follow guidelines issued by the Association of Chief Police Officers (ACPO) for the authentication and integrity of evidence.^[7][8] They were updated to Version 5 in October 2011 when computer based evidence was replaced with digital evidence reflecting the development of investigating cyber security incidents in a wider context.^[8] The guidelines consist of four principles:

Principle 1: No action taken by law enforcement agencies, persons employed within those agencies or their agents should change data which may subsequently be relied upon in court.

Principle 2: In circumstances where a person finds it necessary to access original data, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

Principle 3: An audit trail or other record of all processes applied to digital evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.

Principle 4: The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.

These guidelines are widely accepted in courts of England and Scotland, but they do not constitute a legal requirement and their use is voluntary. It is arguable that whilst voluntary, non adherence is almost certain to lead to the exclusion of evidence that does not comply subject to the provisions of s.76 Police and Criminal Evidence Act 1984 (Power to exclude evidence obtained unfairly)

ADAM Principles

Building on the ACPO Guidelines with a more generic application outside of law enforcement, then Murdoch University student Richard Brian Adams proposed, in his dissertation, the following overriding principles to be followed by digital forensic practitioners:^[3]

1. The activities of the digital forensic practitioner should not alter the original data. If the requirements of the work mean that this is not possible then the effect of the practitioner’s actions on the original data should be clearly identified and the process that caused any changes justified.
2. A complete record of all activities associated with the acquisition and handling of the original data and any copies of the original data must be maintained. This includes compliance with the appropriate rules of evidence, such as maintaining a chain of custody record, and verification processes such as hashing.
3. The digital forensic practitioner must not undertake any activities which are beyond their ability or knowledge.
4. The digital forensic practitioner must take into consideration all aspects of personal and equipment safety whilst undertaking their work.
5. At all times the legal rights of anyone affected by your actions should be considered.
6. The practitioner must be aware of all organisational policies and procedures relating to their activities
7. Communication must be maintained as appropriate with the client, legal practitioners, supervisors and other team members

Best evidence rule

Digital evidence is almost never in a format readable by humans, requiring additional steps to include digital documents as evidence (i.e. printing out the material). It has been argued that this change of format may mean digital evidence does not qualify under the "best evidence rule".^[4] However, the "Federal Rules of Evidence" rule 1001(3) states "if data are stored in a computer…, any printout or other output readable by sight, shown to reflect the data accurately, is an ‘original.’"^[9]

Commonly courts do not bar printouts under the best evidence rule. In Aguimatang v. California State Lottery, the court gave near per se treatment to the admissibility of digital evidence stating "the computer printout does not violate the best evidence rule, because a computer printout is considered an ‘original.’" 234 Cal. App. 3d 769, 798.

See also

• Electronic discovery

References

1. ^ Jump up to:^{a b c d e} Casey, Eoghan (2004)Elsevier. ISBN 0-12-163104-4.
2. Jump up^ Various (2009). Eoghan Casey, ed.  Academic Press. p. 567. ISBN 0-12-374267-6. Retrieved 2 September 2010.
3. ^ Jump up to:^a b Adams, Richard (2012). "'The Advanced Data Acquisition Model (ADAM): A process model for digital forensic practice".
4. ^ Jump up to:^a b c Daniel J. Ryan; Gal Shpantzer. "Legal Aspects of Digital Forensics". Retrieved 31 August 2010.
5. Jump up^ 2000.
6. Jump up^Court of Appeals, 9th Circuit. 1988. Retrieved 1 September 2010.
7. Jump up^ Pollitt, MM. "Report on digital evidence". CiteSeerX: 
8. ^ Jump up to:^a b "ACPO Good Practice Guide for Digital Evidence". Retrieved 17 June 2013.
9. Jump up^. Retrieved 23 August 2010.

Books

General:

• Stephen Mason, general editor, covering Australia, Canada, England & Wales, European Union, Hong Kong, India, Ireland, New Zealand, Scotland, Singapore, South Africa, United States of America
• Stephen Mason, general editor,covering Argentina, Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Mexico, Netherlands, Norway, Poland, Romania, Russia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Thailand and Turkey

Australia:

• Allison Stanfield 

Canada:

• Daniel M. Scanlan, "Digital Evidence in Criminal Law" (Thomson Reuters Canada Limited, 2011)

United States of America on discovery and evidence:

• Michael R Arkfeld, Arkfeld on Electronic Discovery and Evidence (3rd edn, Lexis, 2011) Looseleaf
• Adam I. Cohen and David J. Lender, Electronic Discovery: Law and Practice (2nd end, Aspen Publishers, 2011) Looseleaf
• Jay E. Grenig, William C. Gleisner, Troy Larson and John L. Carroll, eDiscovery & Digital Evidence (2nd edn, Westlaw, 2011) Looseleaf
• Michele C.S. Lange and Kristen M. Nimsger, Electronic Evidence and Discovery: What Every Lawyer Should Know (2nd edn, American Bar Association, 2009)
• George L. Paul, Foundations of Digital Evidence (American Bar Association, 2008)
• Paul R. Rice, Electronic Evidence - Law and Practice (American Bar Association, 2005)

United States of America on discovery:

• Brent E. Kidwell, Matthew M. Neumeier and Brian D. Hansen, Electronic Discovery (Law Journal Press) Looseleaf
• Joan E. Feldman, Essentials of Electronic Discovery: Finding and Using Cyber Evidence (Glasser Legalworks, 2003)
• Sharon Nelson, Bruce A. Olson and John W. Simek, The Electronic Evidence and Discovery Handbook (American Bar Association, 2006)
• Ralph C. Losey, e-Discovery: New Ideas, Case Law, Trends and Practices (Westlaw, 2010)

United States of America on visual evidence:

• Gregory P. Joseph, Modern Visual Evidence (Law Journal Press) Looseleaf

Articles

• Jonathan D. Frieden and Leigh M. Murray, The Admissibility of Electronic Evidence Under the Federal Rules of Evidence, XVII Rich. J.L. & Tech. 5 (2011).

1

Digital Forensics

It is a scientifically derived and proven method towards the presentation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal: or helping to anticipate unauthorised actions shown to be disruptive to planned operations.

Contact Us:
Digital Forensics Services
Training and Certification

Background

Uncovering the truth beyond digital imagination

In 1998, the Digital Forensics Laboratory (DFL) was established under National ICT Security & Emergency Response Centre (NISER). The four years of intensive research in Computer Forensics resulted in DFL officially announcing digital forensics services in 2002. In the year 2007, NISER underwent a transformation and was renamed CyberSecurity Malaysia. In the same year, DFL developed into Digital Forensics Department (DFD).

Since then, we have strengthened our technology and resources while offering full-fledged digital forensics investigations and examinations in the areas of audio and video forensics. With the aim of providing a clear understanding of the kind of services we offer, the trademark "CyberCSI" was introduced to the stakeholders and to the public.

Our clients are from Law Enforcement Agencies (LEA's), Government-Linked Companies (GLC) and private agencies. Some of our distinguished clients include the Royal Malaysia Police (RMP), Malaysia Anti Corruption Commission (MACC), Royal Malaysia Customs (RMC), Malaysian Communication & Multimedia Commission (MCMC), Ministry of Domestic Trade, Co-operatives & Consumerism (MDTCC), Central Bank of Malaysia, Security Commissions and many more including from defense council in civil cases.

To date, we have contributed in solving numerous forensics cases; including high profile cases such as the Altantuya Shaariibuu murder case, the V.K. Lingam Video Clip, DSAI China Doll video clip case, DSAI Liwat 2 case, insult Sultan Perak case, insult Sultan Johor case, illegal online soccer gambling during World Cup 2010, illegal Ponzi scheme Danafutures, Maldives credit card fraud case and many more including cases in Intellectual Property Court.

Among notable achievements include our analysts being gazetted under the Criminal Procedure Code 399 on February 23rd, 2009. This is the same gazette that was awarded to Malaysia Chemistry Department on August 3rd, 2004. All reports and testimonials from our analysts are acceptable by the Malaysia Court of Law.

a. Digital Forensic

• Computer Forensics
  "What one can hide, another can discover."
  Computer Forensics is the application of scientific examination and data analysis performed on computer storage media to discover potential digital evidence for the purpose of presentation in a court of law.
  
  
• Mobile Phone Forensics
  "Every action leaves trail of evidence."
  The application of scientific examination and data extraction performed on mobile phone devices for the purpose of presentation in a court of law.
  
  
• Audio Forensics
  "It is more than just a sound that you are hearing."
  The application of digital audio science and technology performed on digital audio files or media to discover potential digital evidence for the purpose of presentation in a court of law.
  
  
• Video Forensics
  "Evidence does not lie."
  The application of digital video science and technology performed on digital video file or media to discover potential digital evidence for the purpose of presentation in a court of law.
  
  
• First Responder
  "Securing the digital evidence."
  The task of assisting Malaysia's Law Enforcement Agencies (LEA'S) in joint-raid activities related to digital crimes.

b. Data Recovery

"Digging in deep to recover loss data."

The process of salvaging data from damaged, failed, corrupted or inaccessible digital storage media and making it readable using computer applications. Noted examples are hard disks, thumb drives, memory cards and servers.

c. Data Sanitisation

"Erasing all valuable data trails."

The process of erasing all important data trails from an unused data storage. Files are not completely deleted when using an operating system's default delete function. The data sanitisation process is to ensure that all data can never be recovered. Any highly sensitive data will be unrecoverable or inaccessible if it falls into the wrong hands once it has been sanitised.

d. Expert Witness

"The truth and nothing but the truth."

The litigation process is critical and complicated. It is the outcome of the process that matters in these types of situations. With the records of success rates in state and federal courts, our analysts are committed to providing objectives with clarity. This service is matched with vast knowledge and expertise in the field of digital forensics to conclude complex matters in a court of law. Testimonials given by analysts are recorded from beginning to end, including early case assessments to findings reports.

Our credible, reputable and experienced analysts have undergone comprehensive training programmes, are experienced and exposed to digital forensics-related legal proceedings. From fraudulent schemes to harassment and seditious charges, they are well-versed and are prepared to give their testimonials when required.

CyberSecurity Malaysia’s analysts perform extensive research and analysis for better understanding of the case objectives and analysis results. By implementing this approach, critical and complex issues will be clearly clarified and understood by judges presiding over these proceedings.

Scenario

a. Computer Forensics

• Case Review 1 – Intellectual Property Theft
  An engineer from a large firm secretly emailed all tenders and documentation for a mega project to a rival company. The suspect was caught by his manager, and he tried to dispose all tracing evidence leading to the unscrupulous activity. Subsequently, his manager reported the case to the top management. In proving his guilt beyond a reasonable doubt, a computer forensic specialist was hired. The specialist conducted a forensic examination and analysis on the engineer's computer. All findings were put into a report. The result of the findings showed proof that the engineer had performed unauthorised actions of transferring the documents via email to a rival company.
  
  
• Case Review – Illegal Investment Scheme Fund
  Bank Negara Malaysia received complaints from members of an investment scheme that they did not receive their monies that they were entitled to. Initial investigations found that the investment scheme they were in was actually illegal. Together with the forensics team, the location of the investment scheme was located and raided. All computers were seized. From the forensic examination and analysis conducted, the company's profile, investment scheme documents, revenue generation and list of customers was extracted. The findings showed that the business was indeed fraudulent and illegal. The case was later brought before the courts.

b. Video Forensics

• Case Review - CCTV
  A robbery had occurred in one of the large banks in the country. The robbers managed to escape with a large amount of cash. However the Close-Circuit Camera Television (CCTV) of the bank had recorded the unfortunate event. A video forensics specialist was engaged to get the images of the robbers. The digital forensics team went to the crime scene, collected and acquired digital evidence from the DVR, and brought it back to their laboratory for further analysis.
  
  
  Frames that contained faces of the culprits were then extracted and enhanced to identify the suspects. The specialist then passed all details of the investigation to the police for further action.
  
  
• Case Review – Image Impression
  An immigration officer managed to arrest a person at the airport. This happened when the suspect handed over his passport for clearance to travel overseas. The officer noticed that the picture used by suspect in his international passport was not the same as his appearance and suspected that he used a forged passport. A copy of a photo of the suspect's face and the passport was then handed over to a digital forensics specialist for a facial comparison. The findings and comparison result was then sent back to the immigration officer for further action.
  
  
  Frames that contained faces of the culprits were then extracted and enhanced to identify the suspects. The specialist then passed all details of the investigation to the police for further action.
  
  
• Case Review – Video Authentication
  A video of an animal abuse was uploaded over the Internet. This video showed suspects were abusing an animal to death. An investigating officer and a video forensics specialist were put in charge to investigate this case. The case objective was to proof the authenticity of the video, as well as to prove that the individuals in the video were the suspects that they had arrested. All frames from the video were extracted, enhanced and analysed to determine whether the video has been edited and to confirm that the arrested suspects matched the individuals in the video. All findings and results based on the analysis were then used to prosecute the suspects in court.

c. Audio Forensics

• Case Review – Sexual Harassment
  A company secretary lodged a police report stating that she encountered sexual harassment from her superior. She also surrendered her mobile phone to the police. The mobile phone contained an audio file which she recorded during the incident. The investigative officer then passed the mobile phone to the audio forensics specialist to process the audio file. The audio file was then extracted from the mobile device and the voice in the audio recording was compared to the suspect's voice sample. All findings were then presented to the investigative officer.
  
  
• Case Review - Bribery
  A director of a corporation lodged a police report that he was being blackmailed by his own secretary. His secretary claimed that she had important information of him and wanted to upload them over the Internet. The secretary demanded money from the director in order for her not to expose the information. The director, however, managed to record their conversation using a voice recorder hidden in his jacket. The voice recorder was handed over to the police for further action. The police then brought the voice recorder to an audio forensics expert for voice comparison. The audio file was extracted and compared with the voice sample of the suspect. The findings were reported back to the investigation officer for further action.
  
  
• Case Review - Threat
  A police commissioner received a death threat through a phone conversation from an unknown suspect. He managed to record this conversation using a voice recorder. With the assistance from a telecommunication service provider, the police located and identified the owner of the phone number. The suspect was then arrested by the police. The audio recording was passed to an audio forensics specialist for voice comparison. After examining the audio file, it was found that the voice in the recording was not clear due to noise disturbances in an outdoor environment. The specialist then cleaned out the noise in the audio file and compared the cleaned voice recording with the suspect's voice sample. All findings together with the report regarding this case was then submitted to the police for further investigation.

d. Mobile Phone Forensics

• Case Review – Harassment on Short Messaging Service
  A newly-hired girl at a firm had received inappropriate text messages from her employer several times. She felt that her employer was harassing her. A domestic inquiry was set-up to investigate her case by the top management. A digital forensics specialist was hired to examine and analyse the content of her mobile device, as well as the content of her employer's mobile device. The report from the forensics specialist showed that the employer had indeed been sending obscene and harassing text messages to the victim. The employer was then sentenced in a disciplinary proceeding.
  
  
• Case Review – Death Threat
  Police officers seized a mobile device that was allegedly used by a suspect to send death threats via text messages to a victim. The mobile device was sent to a mobile phone forensics analyst for further examination and analysis. All related text messages was extracted and analysed. From the analysis, the related text messages were found and it matched the text messages that the victim had received. The text messages were then used as evidence in a court of law.
  
  
• Case Review – Explicit Video Retrieval
  A mobile phone forensics specialist was assigned by the police to analyse a mobile device that was seized from a suspect. It was stated that the mobile phone contains an explicit video that the suspect recorded of his former lover. The suspect denied that he had such video on his mobile phone. The specialist analysed the mobile phone and all deleted content were extracted, including the explicit video. All the findings from the mobile phone were then used to charge the suspect.

e. First Responder

• Case Review – Money Laundering
  A director of an international corporation was accused of money laundering. All transactions of the illegal business were saved in the company's server. A computer forensics specialist was engaged to obtain potential evidence from the server. Upon arrival at the crime scene, the specialist was told by the Head of Information Security that the server could not be shut down because it would cause massive losses to the business. The specialist then performed a live acquisition on the server in order to get the data. The image copy of the server was then used for the analysis. All the findings were then reported to the corporation for further action.
  
  
• Case Review - Fraud
  A computer forensics specialist was engaged by a raiding officer to assist a raid on a company. The company was reported to be conducting an illegal business that involved fraudulent transactions. All the files and paperwork related to the case objectives was confiscated. There were also hundreds of computers found at the premise. To determine which computer might contain potential evidence, the specialist performed live analysis on the computers at the crime scene using the write blocker tool (a software-based write blocker that facilitates the quick and safe acquisition and/or analysis of any disk or flash storage media). All information that was extracted was analysed by the specialist and findings were reported to the investigation officer.
  
  
• Case Review – Seditious Comments
  A famous celebrity lodged a report claiming that a website posted an article that defamed him. Initial investigations revealed the location of the server that hosted the website. With the help of a computer forensics specialist, the web-hosting company was raided. Upon arrival at the crime scene, the computer forensics specialist secured the crime scene, and forensically acquired the data related to the website from the server

Pindaan Seksyen 114A Akta Keterangan 1950 

KUALA LUMPUR 28 Ogos - Orang ramai dinasihatkan tidak perlu takut terhadap pindaan Seksyen 114A Akta Keterangan 1950 kerana ia dibuat semata-mata untuk melindungi golongan yang teraniaya di alam siber.

Pensyarah Undang-Undang Universiti Islam Antarabangsa Malaysia (UIAM), Dr. Zulfakar Ramlee berkata, hanya golongan yang cenderung menyalahgunakan teknologi maklumat (IT) dan internet yang akan takut terhadap pindaan akta berkenaan.

“Pindaan akta itu dilihat dapat mengimbangi kepentingan kedua-dua pihak tersebut iaitu golongan yang menyalahgunakan Internet dan golongan yang teraniaya," katanya ketika dihubungi Utusan Malaysia di sini hari ini.

Beliau mengulas isu pindaan Seksyen 114A Akta Keterangan 1950 yang heboh diperkatakan di alam maya sehingga menyebabkan Kabinet kembali meneliti pindaan akta tersebut selepas diarahkan oleh Perdana Menteri, Datuk Seri Najib Tun Razak untuk berbuat demikian.

Seksyen 114A adalah satu daripada dua pindaan terhadap Akta Keterangan yang digazet Julai lalu dan mendapat pelbagai reaksi para pengguna internet.

Menurut Zulfakar, peruntukan dalam bentuk ‘andaian’ itu bukan perkara baru dalam undang-undang malah telah diguna pakai dalam akta-akta lain juga.

“Dalam kesalahan lain tidak ada pula orang hendak pertikaikan sedangkan isu tahap pembuktian (standard of proof) tetap sama di akhir sesuatu kes pendakwaan iaitu tahap pembuktian melampaui sebarang keraguan yang munasabah sebagaimana di dalam kes kesalahan-kesalahan jenayah yang lain adalah diperlukan," katanya.

Katanya, pindaan terhadap akta berkenaan tidak bermaksud untuk menzalimi suspek kerana andaian atau dakwaan itu boleh disangkal dengan tahap pembuktian yang ringan.

Sebaliknya kata beliau, pihak berkuasa atau pendakwaraya yang pada akhirnya memikul beban membuktikan kesalahan tersebut melampaui keraguan munasabah.

“Pihak polis akan membuat siasatan terlebih dahulu, selepas mendapat kepastian bahawa entri atau posting yang menyalahi undang-undang itu dihantar atau ditulis oleh suspek, barulah pendakwaan akan dibuat," ujarnya.

Sementara itu, peguam Khairul Mukhtar pula berkata, pelaksanaan akta itu perlu bagi mengawal pengguna Internet khususnya daripada mengeluarkan kenyataan sewenang-wenangnya yang bercanggah dengan prinsip undang-undang