Hubungi MAAMIIT
c/o Unit Forensik
Hospital UKM
Bandar Tun Razak
Cheras
56000 Kuala Lumpur
Tel: 03-91702366

Sektor Kajian Forensik



Hakcipta terpelihara MAAMIIT © 2002


Evidence Examinations

Computer Examinations

Content

Examinations can determine what type of data files are in a computer.

Comparison

Examinations can compare data files to known documents and data files.

Transaction

Examinations can determine the time and sequence that data files were created.

Extraction

Data files can be extracted from the computer.

Deleted Data Files

Deleted data files can be recovered from the computer.

Format Conversion

Data files can be converted from one format to another.

Keyword Searching

Data files can be searched for a word or phrase and all occurrences recorded.

Passwords

Passwords can be recovered and decrypted.

Limited Source Code

Source code can be analyzed and compared.

Storage Media

Storage media used with stand-alone word processors (typewriters) can be examined.

Requesting a Search or Field Examination

Submit requests for a search or field examination at least one week in advance.

Obtain as much of the following information as possible prior to submitting a request.

  • Determine the type of computers and operating systems.
  • If applicable, determine the type of network software, the location of the network servers, and the number of computers on the network.
  • Determine whether encryption and/or password protection is used.
  • Specify whether a seizure of computers and media or an on-site examination is required.

Submitting Computer Evidence

Questions concerning computer evidence should be directed to 03-9702366. Follow the Evidence Submission directions including Requesting Evidence Examinations and Packaging and Shipping Evidence.

  • For most examinations, submit only the central processing units and the internal and external storage media.
  • Use a sturdy cardboard container when shipping computer components. If possible, use the original packing case with the fitted padding. Use large, plastic bubble wrap or foam rubber pads as packing. Do not use loose StyrofoamJ because it lodges inside computers and/or components and creates static charges that can cause data loss or damage to circuit boards. Seal the container with a strong packing tape.
  • Pack and ship central processing units in the upright position. Label the outside container THIS END UP.
  • Disks, cartridges, tapes, and hard drives should be packed to avoid movement during shipping.
  • Label the outer container FRAGILE, SENSITIVE ELECTRONIC EQUIPMENT and KEEP AWAY FROM MAGNETS OR MAGNETIC FIELDS.

 

Projek Forensiknet disokongi oleh

Polis DiRaja Malaysia

DAGS, NITC