Upload
scholarsassist
View
520
Download
3
Embed Size (px)
Citation preview
SAMPLE OF SHORT PHD PROPOSAL
By Ahmad Rawi
The writer can be contacted at
THESIS PROPOSAL
1.0 TITLE OF THE RESEARCH
The Forensic Aspects of Electronic Evidence : A Critical Study on the Provisions Relating to
Electronic Evidence under the Malaysian Evidence Act 1950 and its Adequacy in Ensuring That
Only Forensically Sound Evidence is Admissible in Trial.
2.0 BACKGROUND TO THE RESEARCH
Forensic ,from the Latin word forensis meaning ‘on or before the forum’ has been defined as the
science of examining evidence and drawing conclusions for presentations in a court of law1.As
technology evolved, so does the locus and tools for the commission of crimes. The advent of the
technological construct known as cyberspace has shifted the place of the commission of the
crime from the real world to the conceptual world which exists only in the human (computer
users) mind though physically represented by the computer screen in front of them. With the
advent of internet and computer technologies, another niche is carved in the forensic discipline,
invariably known as ‘computer forensic’ and ‘digital forensic’.
1 Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414
1
McKemmish2 has succinctly defined computer forensic as ‘the process of identifying, preserving,
analyzing and presenting digital evidence in a manner that is legally acceptable’. According to
Palmer3, computer forensic is “The use of scientifically derived and proven methods towards the
preservation, collection, validation, identification, analysis, interpretation, documentation and
presentation of digital evidence derived from digital sources for the purpose of facilitating or
furthering the reconstructions of events found to be criminal, or helping to anticipate
unauthorized actions shown to be disruptive to planned operations”.
The other terms invariably used interchangeably with computer forensic is digital forensic4.
Jones and Valli5 have compiled a number of definitions of digital forensic as follow:
1) Any information of probative value that is either stored or transmitted in binary form
(this is one of the earliest definition coming from the respectable Scientific Working
Group for Digital Evidence).
2) Digital forensic is the collection, preservation, analysis and court presentation of digital
related evidence.
3) Digital forensic is the application of science and engineering to the legal problem of
digital evidence. It is a synthesis of science and law.
4) Digital forensic is the discipline that combines elements of law and digital science to
collect and analyze data from digital systems, networks, wireless communications, and
storage devices in a way that is admissible as evidence in a court of law.
2 McKemmish,R.,”What is Forensic Computing”,(1999) 118 Australian Institute of Criminology: Trends and Issues In Crime and Criminal Justice,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf3 Palmer,G,”A Road Map for Digital Forensic Research”, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,”Computer Forensic and Culture”, in Yang,C.C. et. al (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290.4 McKemmish,R.,”When is Digital Evidence Forensically Sound?”, in : Ray, I. & Shenoi, S.(eds.) Advances in Digital Forensic IV (Springer New York 2008) p.35 Jones,A. & Valli,C., Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility,(Elsevier Inc. USA 2009),p.7.
2
As can be seen from the last definition computer forensic or digital forensic is a dynamic
discipline constantly evolving to catch up with the advance in Information and
Telecommunication Technologies (ICT).For example, a sub-niche discipline that grew out of
computer forensic is network forensic which has its own specific definition. Network forensic
has been defined by the Digital Forensic Research Workshop as ‘the use of scientifically proven
techniques to collect, fuse, identify, examine, correlate, analyze and document digital evidence
from multiple, actively processing and transmitting digital sources for the purpose of uncovering
facts related to the planned intent, or measured success of unauthorized activities meant to
disrupt, corrupt and or compromise system components as well as providing information to assist
in response to or recover from these activities’6.
It has been argued that the birth of computer forensic or digital forensic as a discipline was due
to the need to provide technical solutions to legal problems, the technical solutions offered by the
discipline being the methodology of extraction of electronic/digital data by processes that ensure
that such extracts is legally acceptable as evidence7, or in other words, it is forensically sound.
By forensically sound, it is meant that the forensic process is done with two clear objectives8 :
1. The acquisition and subsequent analysis of electronic data has been undertaken with all
due regard to preserving the data in the state in which it was first discovered.
2. The forensic process does not in any way diminish the evidentiary value of the electronic
data through technical, procedural or interpretive errors.
In line with the advent in ICT technologies, the Malaysian Evidence Act 1950 was amended to
cope with the complexities brought about by such technological advancement. But questions
linger whether the Malaysian Evidence Act 1950 provides adequate mechanisms and safeguards
to ensure that in the context of electronic or digital evidence, only forensically sound electronic
6 Redding,S.,”Using Peer-to-Peer Technology for Network Forensic”, in : Pollitt,M. & Shenoi,S.(eds.) Advances in digital forensic (Springer USA 2008),p.143.7 Note 4 at p.48 Note 4 at p.6
3
or digital evidence is admissible in trial. In view of this, it is submitted that, if needs be, a
thorough revision of the provisions relating to admissibility of electronic evidence must be done
to ensure that the basic rights of the accused in cases which involves electronic/digital evidences
is not violated and to prevent abuse of power by the prosecution and investigation authority.
3.0 PROBLEM STATEMENT/RESEARCH QUESTION
This research attempts to answer the following two questions: Whether the provisions relating to
electronic/computer evidence in the Malaysian Evidence Act 1950 provides safeguard
mechanisms to ensure that only electronic/digital evidence which is forensically sound will be
admissible. Secondly, if the finding to question one is in the negative, what measures is
necessary to be introduced into the Evidence Act to fill in this gap.
4.0 OBJECTIVE OF THE STUDY
The purpose of this research is to critically analyze to what extent the provisions relating to
electronic evidence in the Malaysian Evidence Act 1950 is adequate in ensuring only
‘forensically sound evidence’ is admissible in trial. Apart from that, this research will also
comparatively analyze the said provisions with the practice of electronic evidence handling as
found in other jurisdiction, for example, under the Indian Evidence Act, 1872. Finally, if the
outcome of the research points to the conclusion that the relevant provisions in the Malaysian
Evidence Act, 1950 need to be revamped, this research seeks to recommend/propose a
comprehensive legislative amendment to the said Act which shall address the
loopholes/inadequacies/gaps found in the said Act.
5.0 SCOPE AND LIMITATION OF THE STUDY
The subject matter of this research is the provisions relating to electronic evidence in the
Malaysian Evidence Act 1950. Comparison will be made with the actual practice in electronic
evidence handling as found in other jurisdiction, for example, in India as provided under the
4
Indian Evidence Act, 1872. This research however, will mainly focus on the tendering of
electronic evidence in criminal trial.
This research will also look into how the Criminal Procedure Code and other digital law
legislations e.g. Computer Crimes Act 1997 complements the evidence Act in respect of
ensuring only ‘forensically sound evidence’ is admissible in trial. Study which put an enacted
piece of legislation as its core subject matter is invariably faced with the risk that its subject
matters is liable to be amended by the Parliament midway during the study. Should this thing
happens, the direction of this research will need to be re-planned accordingly.
6.0 RESEARCH METHODOLOGY/RESEARCH DESIGN
This research is proposed to be carried out by employing a fully qualitative approach in order to
analyze the status quo in electronic/digital evidence forensic practice in Malaysia and also the
status quo in the relevant legislation (The Malaysian Evidence Act 1950).Towards this end, both
primary data and secondary data will be collected to be analyzed. According to Patton9, using
more than one data collection or triangulation approach permits the evaluator to combine
strengths and correct some of the deficiencies of any one source of data and thus increase the
strength and rigour of an evaluation.
Primary data of this research will be obtained through semi-structured interviews with
stakeholders in the criminal justice system in Malaysia e.g. lawyers, prosecutors, judges, police,
relevant officers from the Attorney General Chambers and also from stakeholders in the field of
ICT such as MIMOS, Malaysian Communications and Multimedia Commission (MCMC) and
Ministry of Science, Technology and Innovation (MOSTI) especially officers from one of its
agency, CyberSecurity Malaysia. Secondary data will be collected through content analysis
method where the researcher will deduct and analyze data from various materials such as books
and journals which relate with the issue of electronic/digital/computer evidence and evidence law
in general.
9 Patton, M.Q.,How To use qualitative methods in evaluation (SAGE Publications Inc. California 1987),p.60. 5
7.0 SIGNIFICANCE OF STUDY
It is hoped that the findings of this research will add up to the corpus of literature on
electronic/digital/computer evidence and evidence law in general. Further, it is hoped that the
findings of this research on the electronic/digital/computer forensic practice would provide
knowledge on the best practice in handling electronic/digital/computer evidence. Lastly, it is
hoped that the findings of this research will provide useful assistance to policy makers in fine-
tuning the relevant law, policies and guidelines on the handling of electronic/digital/computer
evidence in Malaysia.
8.0 LITERATURE REVIEW
Computer forensic or digital forensic is the process of identifying, preserving, analyzing and
preserving digital evidence in a manner that is legally acceptable10. Digital or electronic evidence
requires a completely different set of tools and expertise to analyze11. According to McKemmish,
computer forensic or digital forensic encompasses four key elements namely, the identification
of digital evidence, the preservation of digital evidence, the analysis of digital evidence and the
presentation of the digital evidence to the court of law. Each step is critical as any anomaly may
have bearing on the legal acceptability of the evidence12. In the Malaysian context, a computer
forensic or digital forensic best practice framework (called Digital Investigation Model (DIM))
has been put forward by Perumal13 (2009) which is built upon other DIMs but improved in term
of preservation of the fragile evidence and on data acquisition process.
Rapid progress in the field of ICT poses new challenge for the criminal justice system. A new
type of evidence, namely electronic/digital/computer evidence has emerged which necessitate
10 Note 2 at p.111 Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, 4 Issues in Informing Science and Information Technology,p.66 12 Note 2 at p.1-p.213 Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 available at paper.ijcsns.org/07_book/200908/20090805.pdf
6
responds in the legislation to cope with the complexities brought about by the same. The
Evidence Act 1950 currently do away with Best Evidence Rule as under the Act the content
(including digital content) of document (the term which also encompass matrix holding any
digital content) may be proved by primary evidence (the originals) and also secondary evidence
(the copies). The ease with which digital items (e.g. documents, digital photograph etc) can be
altered by using commercially available software (e.g. Adobe Photoshop) necessitates a
rethinking of some of the principles in the Evidence Act 1950. This situation (the ease of
compromising digital evidence) may, when wrongly admissible as evidence, prejudice the
accused’s defence further. Due to the specific nature of the electronic digital evidence, an
introduction of a new act i.e. Electronic Evidence Act is not too farfetched. This has been done in
at least one jurisdiction i.e. the Canadian province of Prince Edward Island’s Electronic
Evidence Act14.
9.0 CONCLUSION
As a conclusion, it is submitted that a legislative framework (whether new or amended version of
currently available legislation) which provide guidelines as to the handling of electronic evidence
will prove to be a ‘win-win’ situation for those involved in the criminal justice system in
Malaysia.
10.0 LIST OF REFERENCE
Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, 4 Issues in Informing Science and Information Technology,p.66
Jones,A. & Valli,C., Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility,(Elsevier Inc. USA 2009),p.7.
McKemmish,R.,”When is Digital Evidence Forensically Sound?”, in : Ray, I. & Shenoi, S.(eds.) Advances in Digital Forensic IV (Springer New York 2008) p.3
14 Available from www.gov.pe.ca/law/statutes/pdf/e-04_3.pdf7
McKemmish,R.,”What is Forensic Computing”,(1999) 118 Australian Institute of Criminology: Trends and Issues In Crime and Criminal Justice,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf
Palmer,G,”A Road Map for Digital Forensic Research”, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,”Computer Forensic and Culture”, in Yang,C.C. et. al (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290.
Patton, M.Q.,How To use qualitative methods in evaluation (SAGE Publications Inc. California 1987),p.60.
Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 available at paper.ijcsns.org/07_book/200908/20090805.pdf
Redding,S.,”Using Peer-to-Peer Technology for Network Forensic”, in : Pollitt,M. & Shenoi,S.(eds.) Advances in digital forensic (Springer USA 2008),p.143.
Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414
8
9