Computer crime-busters
By RINA DE SILVA
18th August 2003 (Computimes)

IN the world of computer networks, sharing of files is common, so are the risks of hacking, viruses and cybercrimes. Besides anti-virus software, much more is needed to curb such illegal practices.

Along comes the computer detective, or computer forensic analyst. The job basically entails solving crimes committed on computers and networks which have resulted in losses that sometimes run into billions.

In a way, cracking computer crimes is similar to the normal work of law enforcement officers. Computer detectives will go to the scene of the crime, examine the evidence and question the suspects.

They practise computer forensics, which involves the use of computer investigation and analytic techniques to identify, examine and preserve potential electronic evidence which can be used for legal action.

Computer forensic activities are not something new in developed countries. In Malaysia, such activities became more prominent with the setting up of the National ICT Security and Emergency Response Centre (Niser), which has a computer forensic team to handle incident reports.

Niser's deputy director for technical and operations Raja Azrina Raja Othman says there has been a need for computer forensic analysis on the local front since 1997. "Disgruntled employees, for example, can cause damage to the system and data, and as such specialists are needed to recover lost data."

She says there are various types of computer abuses, and that sometimes, as a result of human errors, important files are deleted accidentally.

Members of the Niser computer forensic team also deal with incidents of computer abuse even though these may not necessarily be a criminal act.

"It could be an activity that is against company policy such as surfing pornographic Web sites or gambling online," Raja Azrina says.

She adds that activities such as the transaction or selling of credit card details, hacking and spreading viruses are considered serious computer crimes that Niser has to deal with.

According to Raja Azrina, the computer forensic team will carry out an analysis of the computer system of the victim, which is usually a company. The team will also attempt to recover files which have been deleted as well as folders or directories that have been formatted.

"Most of the files have passwords or are encrypted. So we have to decrypt the password," she says. "There would also be an internal enquiry on the IT (information technology) activities of the employees to dig up more information."

Raja Azrina says computer forensics is a process that should be tested and updated continuously to ensure results. For example, the team will ensure that evidence at the scene, such as the hard disk, is not tampered with in any way. "This is to preserve the integrity of the information," she explains.

She says if the original is used, it can accidentally get overwritten and as such will not be admissible as evidence in a court of law should prosecution be carried out against any suspects. What the computer forensic team does is to copy the original disc to another disc and then make an analysis of the data. Findings made by the team on the computer hardware and software concerned are expected to help the authorities in determining the course for further action.

Niser, which is funded by the Government and set up on a budget of about RM4 million, is currently hosted at Mimos Berhad. Since 2002, the team has solved 81 of the 86 cases, all with a relatively small team of five.

Raja Azrina acknowledges that the computer forensic job comes with many challenges. "There are plenty of ways the identity of the perpetrators can be hidden," she says, adding that most of the computer crimes and abuses are committed by young tech-savvy executives.

She expects computer forensic analysis to get tougher in the future with the increasing dependence on technology among Government, corporate and home users. The Niser team, she adds, plans to embark on a research to analyse computer crimes committed through handphones and personal digital assistants.