Journal & Conference Proceeding Publications

Digital camcorders commonly have an in-built capability to export entire video files or a single image to storage media such as a digital versatile disc (DVD). In the event that a DVD is not properly finalised, its contents might not be easily readable. It is generally accepted that recovering video evidence from an unfinalised DVD in a forensically sound manner is an expensive and a challenging exercise. In this paper, we propose a digital camcorder forensics technique that allows digital forensics examiners to carve video files with timestamps without referring to a file system (file system independent technique). We then conduct a forensic analysis to validate our proposed technique.

The number of internet users in Malaysia fell by 1.1 per cent in 2010. Simultaneously, cyber crimes and cyber related crimes handled and resolved by CyberSecurity Malaysia's Digital Forensics Department increased by 101.9 per cent. Despite this accomplishment, there are two notable concerns: the increase in reported crimes when the number of internet users dropped, and the operation of digital forensics laboratories and research activities are not coordinated. This paper considers the digital forensics landscape in Malaysia by analyzing the problems encountered, its achievements and a brief comparison with Japan. A Digital Forensics Institute is proposed as a way forward.

Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and incompetence of the implementation. This paper proposes a model of technical security metric to measure the effectiveness of network security management. The measurement is based on the effectiveness of security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point, wireless controllers and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). We use the Goal-Question-Metric (GQM) paradigm [1] which links the measurement goals to measurement questions and produce the metrics that can easily be interpreted in compliance with the requirements. The outcome of this research method is the introduction of network security management metric as an attribute to the Technical Security Metric (TSM) model. Apparently, the proposed TSM model may provide guidance for organizations in complying with effective measurement requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model will provide a comprehensive measurement and guidance to support the use of ISO/IEC 27004 ISMS Measurement template.

Typically, in an assessment project for a web application or database with a large scale and scope, tasks required to be performed by a security analyst are such as SQL injection and penetration testing. To carry out these large-scale tasks, the analyst will have to perform 100 or more SQLi penetration tests on one or more target. This makes the process much more complex and much harder to implement. This paper attempts to compare large-scale SQL injections performed with Manual Methods, which is the benchmark, and the proposed SQLiAutoScript Method. The SQLiAutoScript method uses sqlmap as a tool, in combination with sqlmap scripting and logging features, to facilitate a more effective and manageable approach within a large scale of hundreds or thousands of SQL injection penetration tests. Comparison of the test results for both Manual and SQLiAutoScript approaches and their benefits is included in the comparative analysis. The tests were performed over a scope of 24 SQL injection (SQLi) tests that comprises over 100,000 HTTP requests and injections, and within a total testing run-time period of about 50 hours. The scope of testing also covers both SQLiAutoScript and Manual methods. In the SQLiAutoScript method, each SQL injection test has its own sub-folder and files for data such as results (output), progress (traffic logs) and logging. In this way across all SQLi tests, the results, data and details related to SQLi tests are logged, available, traceable, accurate and not missed out. Available and traceable data also facilitates traceability of failed SQLi tests, and higher recovery and reruns of failed SQLi tests to maximize increased attack surface upon the target.

Word stemming algorithm is a natural language morphological process of reducing derived words to their respective root words. Due to the importance of word stemming algorithm, many Malay word stemming algorithms have been developed in the past years. However, previous researchers only focused on improving affixation word stemming with various stemming approaches. There is no reduplication word stemming has been developed for Malay language thus far. In Malay language, affixation and reduplication are derived words in which have their own morphological rules. Therefore, the use of affixation word stemming to stem reduplication words is considered inappropriate. Hence this paper presents the proposed reduplication word stemming algorithm to stem full, rhythmic and partial reduplication words to their respective root words. This proposed stemming algorithm uses Rules Application Order with Stemming Errors Reducer to stem these reduplication words. Malay online newspaper articles have been used to evaluate this proposed stemming algorithm. The experimental results showed that the proposed stemming algorithm able to stem full, rhythmic, affixed and partial reduplication with better stemming accuracy. Hence, the future improvement of Malay word stemming algorithm should include affixation and reduplication word stemming.