SAMPLE OF SHORT PHD PROPOSAL

By Ahmad Rawi

The writer can be contacted at

scholars.assist@gmail.com

THESIS PROPOSAL

1.0 TITLE OF THE RESEARCH

The Forensic Aspects of Electronic Evidence : A Critical Study on the Provisions Relating to

Electronic Evidence under the Malaysian Evidence Act 1950 and its Adequacy in Ensuring That

Only Forensically Sound Evidence is Admissible in Trial.

2.0 BACKGROUND TO THE RESEARCH

Forensic ,from the Latin word forensis meaning ‘on or before the forum’ has been defined as the

science of examining evidence and drawing conclusions for presentations in a court of law1.As

technology evolved, so does the locus and tools for the commission of crimes. The advent of the

technological construct known as cyberspace has shifted the place of the commission of the

crime from the real world to the conceptual world which exists only in the human (computer

users) mind though physically represented by the computer screen in front of them. With the

advent of internet and computer technologies, another niche is carved in the forensic discipline,

invariably known as ‘computer forensic’ and ‘digital forensic’.

1 Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414

1

McKemmish2 has succinctly defined computer forensic as ‘the process of identifying, preserving,

analyzing and presenting digital evidence in a manner that is legally acceptable’. According to

Palmer3, computer forensic is “The use of scientifically derived and proven methods towards the

preservation, collection, validation, identification, analysis, interpretation, documentation and

presentation of digital evidence derived from digital sources for the purpose of facilitating or

furthering the reconstructions of events found to be criminal, or helping to anticipate

unauthorized actions shown to be disruptive to planned operations”.

The other terms invariably used interchangeably with computer forensic is digital forensic4.

Jones and Valli5 have compiled a number of definitions of digital forensic as follow:

1) Any information of probative value that is either stored or transmitted in binary form

(this is one of the earliest definition coming from the respectable Scientific Working

Group for Digital Evidence).

2) Digital forensic is the collection, preservation, analysis and court presentation of digital

related evidence.

3) Digital forensic is the application of science and engineering to the legal problem of

digital evidence. It is a synthesis of science and law.

4) Digital forensic is the discipline that combines elements of law and digital science to

collect and analyze data from digital systems, networks, wireless communications, and

storage devices in a way that is admissible as evidence in a court of law.

2 McKemmish,R.,”What is Forensic Computing”,(1999) 118 Australian Institute of Criminology: Trends and Issues In Crime and Criminal Justice,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf3 Palmer,G,”A Road Map for Digital Forensic Research”, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,”Computer Forensic and Culture”, in Yang,C.C. et. al (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290.4 McKemmish,R.,”When is Digital Evidence Forensically Sound?”, in : Ray, I. & Shenoi, S.(eds.) Advances in Digital Forensic IV (Springer New York 2008) p.35 Jones,A. & Valli,C., Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility,(Elsevier Inc. USA 2009),p.7.

2

As can be seen from the last definition computer forensic or digital forensic is a dynamic

discipline constantly evolving to catch up with the advance in Information and

Telecommunication Technologies (ICT).For example, a sub-niche discipline that grew out of

computer forensic is network forensic which has its own specific definition. Network forensic

has been defined by the Digital Forensic Research Workshop as ‘the use of scientifically proven

techniques to collect, fuse, identify, examine, correlate, analyze and document digital evidence

from multiple, actively processing and transmitting digital sources for the purpose of uncovering

facts related to the planned intent, or measured success of unauthorized activities meant to

disrupt, corrupt and or compromise system components as well as providing information to assist

in response to or recover from these activities’6.

It has been argued that the birth of computer forensic or digital forensic as a discipline was due

to the need to provide technical solutions to legal problems, the technical solutions offered by the

discipline being the methodology of extraction of electronic/digital data by processes that ensure

that such extracts is legally acceptable as evidence7, or in other words, it is forensically sound.

By forensically sound, it is meant that the forensic process is done with two clear objectives8 :

1. The acquisition and subsequent analysis of electronic data has been undertaken with all

due regard to preserving the data in the state in which it was first discovered.

2. The forensic process does not in any way diminish the evidentiary value of the electronic

data through technical, procedural or interpretive errors.

In line with the advent in ICT technologies, the Malaysian Evidence Act 1950 was amended to

cope with the complexities brought about by such technological advancement. But questions

linger whether the Malaysian Evidence Act 1950 provides adequate mechanisms and safeguards

to ensure that in the context of electronic or digital evidence, only forensically sound electronic

6 Redding,S.,”Using Peer-to-Peer Technology for Network Forensic”, in : Pollitt,M. & Shenoi,S.(eds.) Advances in digital forensic (Springer USA 2008),p.143.7 Note 4 at p.48 Note 4 at p.6

3

or digital evidence is admissible in trial. In view of this, it is submitted that, if needs be, a

thorough revision of the provisions relating to admissibility of electronic evidence must be done

to ensure that the basic rights of the accused in cases which involves electronic/digital evidences

is not violated and to prevent abuse of power by the prosecution and investigation authority.

3.0 PROBLEM STATEMENT/RESEARCH QUESTION

This research attempts to answer the following two questions: Whether the provisions relating to

electronic/computer evidence in the Malaysian Evidence Act 1950 provides safeguard

mechanisms to ensure that only electronic/digital evidence which is forensically sound will be

admissible. Secondly, if the finding to question one is in the negative, what measures is

necessary to be introduced into the Evidence Act to fill in this gap.

4.0 OBJECTIVE OF THE STUDY

The purpose of this research is to critically analyze to what extent the provisions relating to

electronic evidence in the Malaysian Evidence Act 1950 is adequate in ensuring only

‘forensically sound evidence’ is admissible in trial. Apart from that, this research will also

comparatively analyze the said provisions with the practice of electronic evidence handling as

found in other jurisdiction, for example, under the Indian Evidence Act, 1872. Finally, if the

outcome of the research points to the conclusion that the relevant provisions in the Malaysian

Evidence Act, 1950 need to be revamped, this research seeks to recommend/propose a

comprehensive legislative amendment to the said Act which shall address the

loopholes/inadequacies/gaps found in the said Act.

5.0 SCOPE AND LIMITATION OF THE STUDY

The subject matter of this research is the provisions relating to electronic evidence in the

Malaysian Evidence Act 1950. Comparison will be made with the actual practice in electronic

evidence handling as found in other jurisdiction, for example, in India as provided under the

4

Indian Evidence Act, 1872. This research however, will mainly focus on the tendering of

electronic evidence in criminal trial.

This research will also look into how the Criminal Procedure Code and other digital law

legislations e.g. Computer Crimes Act 1997 complements the evidence Act in respect of

ensuring only ‘forensically sound evidence’ is admissible in trial. Study which put an enacted

piece of legislation as its core subject matter is invariably faced with the risk that its subject

matters is liable to be amended by the Parliament midway during the study. Should this thing

happens, the direction of this research will need to be re-planned accordingly.

6.0 RESEARCH METHODOLOGY/RESEARCH DESIGN

This research is proposed to be carried out by employing a fully qualitative approach in order to

analyze the status quo in electronic/digital evidence forensic practice in Malaysia and also the

status quo in the relevant legislation (The Malaysian Evidence Act 1950).Towards this end, both

primary data and secondary data will be collected to be analyzed. According to Patton9, using

more than one data collection or triangulation approach permits the evaluator to combine

strengths and correct some of the deficiencies of any one source of data and thus increase the

strength and rigour of an evaluation.

Primary data of this research will be obtained through semi-structured interviews with

stakeholders in the criminal justice system in Malaysia e.g. lawyers, prosecutors, judges, police,

relevant officers from the Attorney General Chambers and also from stakeholders in the field of

ICT such as MIMOS, Malaysian Communications and Multimedia Commission (MCMC) and

Ministry of Science, Technology and Innovation (MOSTI) especially officers from one of its

agency, CyberSecurity Malaysia. Secondary data will be collected through content analysis

method where the researcher will deduct and analyze data from various materials such as books

and journals which relate with the issue of electronic/digital/computer evidence and evidence law

in general.

9 Patton, M.Q.,How To use qualitative methods in evaluation (SAGE Publications Inc. California 1987),p.60. 5

7.0 SIGNIFICANCE OF STUDY

It is hoped that the findings of this research will add up to the corpus of literature on

electronic/digital/computer evidence and evidence law in general. Further, it is hoped that the

findings of this research on the electronic/digital/computer forensic practice would provide

knowledge on the best practice in handling electronic/digital/computer evidence. Lastly, it is

hoped that the findings of this research will provide useful assistance to policy makers in fine-

tuning the relevant law, policies and guidelines on the handling of electronic/digital/computer

evidence in Malaysia.

8.0 LITERATURE REVIEW

Computer forensic or digital forensic is the process of identifying, preserving, analyzing and

preserving digital evidence in a manner that is legally acceptable10. Digital or electronic evidence

requires a completely different set of tools and expertise to analyze11. According to McKemmish,

computer forensic or digital forensic encompasses four key elements namely, the identification

of digital evidence, the preservation of digital evidence, the analysis of digital evidence and the

presentation of the digital evidence to the court of law. Each step is critical as any anomaly may

have bearing on the legal acceptability of the evidence12. In the Malaysian context, a computer

forensic or digital forensic best practice framework (called Digital Investigation Model (DIM))

has been put forward by Perumal13 (2009) which is built upon other DIMs but improved in term

of preservation of the fragile evidence and on data acquisition process.

Rapid progress in the field of ICT poses new challenge for the criminal justice system. A new

type of evidence, namely electronic/digital/computer evidence has emerged which necessitate

10 Note 2 at p.111 Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, 4 Issues in Informing Science and Information Technology,p.66 12 Note 2 at p.1-p.213 Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 available at paper.ijcsns.org/07_book/200908/20090805.pdf

6

responds in the legislation to cope with the complexities brought about by the same. The

Evidence Act 1950 currently do away with Best Evidence Rule as under the Act the content

(including digital content) of document (the term which also encompass matrix holding any

digital content) may be proved by primary evidence (the originals) and also secondary evidence

(the copies). The ease with which digital items (e.g. documents, digital photograph etc) can be

altered by using commercially available software (e.g. Adobe Photoshop) necessitates a

rethinking of some of the principles in the Evidence Act 1950. This situation (the ease of

compromising digital evidence) may, when wrongly admissible as evidence, prejudice the

accused’s defence further. Due to the specific nature of the electronic digital evidence, an

introduction of a new act i.e. Electronic Evidence Act is not too farfetched. This has been done in

at least one jurisdiction i.e. the Canadian province of Prince Edward Island’s Electronic

Evidence Act14.

9.0 CONCLUSION

As a conclusion, it is submitted that a legislative framework (whether new or amended version of

currently available legislation) which provide guidelines as to the handling of electronic evidence

will prove to be a ‘win-win’ situation for those involved in the criminal justice system in

Malaysia.

10.0 LIST OF REFERENCE

Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, 4 Issues in Informing Science and Information Technology,p.66

Jones,A. & Valli,C., Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility,(Elsevier Inc. USA 2009),p.7.

McKemmish,R.,”When is Digital Evidence Forensically Sound?”, in : Ray, I. & Shenoi, S.(eds.) Advances in Digital Forensic IV (Springer New York 2008) p.3

14 Available from www.gov.pe.ca/law/statutes/pdf/e-04_3.pdf7

McKemmish,R.,”What is Forensic Computing”,(1999) 118 Australian Institute of Criminology: Trends and Issues In Crime and Criminal Justice,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf

Palmer,G,”A Road Map for Digital Forensic Research”, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,”Computer Forensic and Culture”, in Yang,C.C. et. al (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290.

Patton, M.Q.,How To use qualitative methods in evaluation (SAGE Publications Inc. California 1987),p.60.

Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 available at paper.ijcsns.org/07_book/200908/20090805.pdf

Redding,S.,”Using Peer-to-Peer Technology for Network Forensic”, in : Pollitt,M. & Shenoi,S.(eds.) Advances in digital forensic (Springer USA 2008),p.143.

Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414

8

9