Journal & Conference Proceeding Publications

Aimed at providing quality and impartial service, the Digital Forensics Department (DFD) of CyberSecurity Malaysia (CSM) decided, in January 2007, to obtain accreditation from an accreditation body, American Society for Crime Lab Director/Laboratory Accreditation Board (ASCLD/LAB) for its forensics services. The project was scheduled to be delivered in November 2011. The accreditation from ASCLD/LAB was based on the ISO/IEC 17025 General Requirements for the Competence of Testing and Calibration Laboratories and ASCLD/LAB’s own Supplemental Requirements [1]. In the same year, CSM had successfully been certified with ISO/IEC 27001 Information Security Management System. The scope of the certification covered all departments under the CSM. DFD had to conform to both ISO standards, ISO/IEC 27001 as well as ISO/IEC 17025, if they were to succeed in obtaining the accreditation.

Research on computer memory analysis has been quite intensive in the past years. A number of tools and techniques have been designed and developed to retrieve critical information from the computer memory. However, most of the tools and techniques have their limitation in the ability to retrieve important information. Hence, in the present study, an alternative approach is proposed to combine the process signature search with page table tracking in order to trace all objects that link with the process block. The result from the experiment shows that the new approach is able to retrieve a large number of objects that link with the process block. A good comparison with the previous studies is conducted as to test the efficiency of the new approach.

Critical infrastructures are found in the modern world and include power generation and transmission, gas, water, and other utilities, transportation systems and others. This paper is concerned with securing Industrial Control Systems (ICS) that are controlling many critical infrastructures. TCP/IP is being used to connect ICS systems because it is more efficient than the proprietary protocols of decades ago and is also more cost effective. However, the convergence of ICS systems into the corporate IT network presents challenges for the security team to ensure the entire connected system is secure. One of the unique challenges is how to safely perform security assessments on ICS systems due to its proprietary protocols and intolerance to down time. To address these challenges, this paper seeks to explain how ICS systems can be secured from a cyber security standpoint by a hybrid approach that combines conventional vulnerability assessment methods and strategies to increase the resilience of the ICS components by making it more robust and less fragile. The methods are chosen from existing security assessment methodologies and best practices. Using this approach we will be able to assess the vulnerabilities and offer another perspective on how to defend against them which is not so much tied to risk but performance and control driven. The results of this work could offer solutions to increase cyber security within the critical infrastructures.

Random Access Memory (RAM) is an important device in computer system. It can represent the snapshot on how the computer has been used by the user. With the growth of its importance, the computer memory has been an issue that has been discussed in digital forensics. A number of tools have been developed to retrieve the information from the memory. However, most of the tools have their limitation in the ability of retrieving the important information from the computer memory. Hence, this paper is aimed to discuss the limitation and the setback for two main techniques such as process signature search and process enumeration. Then, a new hybrid approach will be presented to minimize the setback in both individual techniques. This new approach combines both techniques with the purpose to retrieve the information from the process block and other objects in the computer memory. Nevertheless, the basic theory in address translation for x86 platforms will be demonstrated in this paper.

Cyberspace is an attractive medium for computer-savvy generation of terrorists due to its anonymity, psychological impact and also it’s potential to inflict massive damage. There have been numerous studies by researchers in Europe, the Middle East and North America in analyzing the illicit activities and terrorism in cyberspace. However, there are limited studies on similar cases in the Southeast Asian region. This paper presents an exploratory research on illicit activities and terrorism in cyberspace, focusing in the Southeast Asian region. We examined the Web 2.0 media by using an automated collection and analysis tool. Our findings indicate that the Web 2.0 media hosted in the Southeast Asian region supports illicit activities and terrorism in cyberspace such as the spreading of propaganda, recruitment, as well as planning and coordination. Although our findings are still at the preliminary stage, there is a great possibility that the virtual world evolves and plays a critical role in promoting illicit activities and terrorism in cyberspace. Future studies in this area can be conducted, which may lead to the development of better strategy and policy framework to counter cyber terrorism.