Sample of Short PhD Proposal

SAMPLE OF SHORT PHD PROPOSAL By Ahmad Rawi The writer can be contacted at

[email protected]

THESIS PROPOSAL

1.0

TITLE OF THE RESEARCH

The Forensic Aspects of Electronic Evidence : A Critical Study on the Provisions Relating to Electronic Evidence under the Malaysian Evidence Act 1950 and its Adequacy in Ensuring That Only Forensically Sound Evidence is Admissible in Trial.

2.0

BACKGROUND TO THE RESEA SEARCH

Forensic ,from the Latin word forens word forensis is meaning ‘on or before the forum’ has been defined as the science of examining evidence and drawing conclusions for presentations in a court of law1.As technology evolved, so does the locus and tools for the commission of crimes. The advent of the technological construct known as cyberspace has shifted the place of the commission of the crime from the real world to the conceptual world which exists only in the human (computer users) mind though physically represented by the computer screen in front of them. With the advent of internet and computer technologies, technologies, another niche is carved in the forensic discipline, discipline, invariably known as ‘computer forensic’ and ‘digital forensic’.

1

Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414

1

Trusted by over 1 million members

Try Scribd FREE for 30 days to access over 125 million titles without ads or interruptions! Start Free Trial Cancel Anytime.





McKemmish2 has succinctly defined computer computer forensic as ‘the process of identifying, identifying, preserving, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable’. According to Palmer 3, computer forensic is “The use of scientifically derived and proven methods towards the preservation, preservation, collection, collection, validation, validation, identification, identification, analysis, analysis, interpretat interpretation, ion, documentation documentation and presentation presentation of digital digital evidence derived derived from digital sources sources for the purpose purpose of facilitating facilitating or furthering the reconstructions of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations”.

The other terms invariably invariably used interchangeably interchangeably with computer forensic is digital digital forensic forensic4. Jones and Valli5 have compiled a number of definitions of digital forensic as follow:

1)

Any Any infor informa mati tion on of prob probat ativ ivee value value that that is eit eithe herr store stored d or trans transmi mitt tted ed in bina binary ry for form m (this is one of the earliest definition coming from the respectable Scientific Working Group for Digital Evidence).

2)

Digi Digital tal for foren ensic sic is is the col colle lect ction ion,, prese preserva rvati tion, on, anal analys ysis is and and court court pre prese senta ntati tion on of digi digita tall related evidence.

3)

Digi Digita tall foren forensi sicc is the appl applic icat atio ion n of scien science ce and and engin enginee eeri ring ng to the the legal legal prob proble lem m of digital evidence. It is a synthesis of science and law.

4)

Digi Digita tall foren forensi sicc is the disc discip ipli line ne that that comb combin ines es elem elemen ents ts of law law and digi digita tall scien science ce to collect and analyze data from digital systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.

2

Australian Institute Institute of Criminology: Criminology: McKemmish,R.,”What is Forensic Computing”,(1999) 118 Australian Trends and Issues In Crime and Criminal Justice ,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-989464E0DF87BDF7%7Dti118.pdf 3 Palmer,G,”A Road Map for Digital Forensic Research”, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,”Computer Forensic and Culture”, in





As can be seen from the last definition computer forensic or digital forensic is a dynamic discipline const constant antly ly evol evolvi ving ng to catch catch up with with the the advan advance ce in Info Inform rmat atio ion n and Tele Telecom commu munic nicat ation ion Technologies (ICT).For example, a sub-niche discipline that grew out of computer forensic is network forensic which has its own specific definition. Network forensic has been defined by the Digital Forensic Research Workshop as ‘the use of scientifically proven techniques to collect, fuse, identif identify, y, examine examine,, correla correlate, te, analyze analyze and document document digital digital evidence evidence from from multip multiple, le, activel actively y processing processing and transmitting transmitting digital sources sources for the purpose purpose of uncovering uncovering facts related related to the planned intent, or measured measured success of unauthorized unauthorized activities activities meant to disrupt, disrupt, corrupt corrupt and or compro compromis misee system system component componentss as well well as providi providing ng inform informatio ation n to assist assist in respon response se to or recover from these activities’6.

It has been argued that the birth of computer forensic or digital forensic as a discipline was due to the need to provide technical solutions to legal problems, the technical solutions offered by the discipline being the methodology of extraction of electronic/digital data by processes that ensure that such extracts is legally legally acceptable acceptable as evidence7, or in other words, it is forensically forensically sound. By forensically sound, it is meant that the forensic process is done with two clear objectives8 :

1.

The The acqui acquisi siti tion on and and subse subsequ quen entt analy analysi siss of elect electro roni nicc data data has been been unde undert rtak aken en with with all all due regard to preserving the data in the state in which it was first discovered.

2.

The fore forensi nsicc proce process ss doe doess not not in any way way dimi diminis nish h the the evide evidenti ntiar ary y valu valuee of the the ele electr ctroni onicc data through technical, procedural or interpretive errors.

In line with the advent in ICT technologies, the Malaysian Evidence Act 1950 was amended to cope with the complexities brought about by such technological advancement. But questions linger whether whether the Malays Malaysian ian Evidenc Evidencee Act 1950 1950 provide providess adequat adequatee mechani mechanisms sms and safegu safeguards ards to ensure that in the context of electronic or digital evidence, only forensically sound electronic or





revision of the provisions relating to admissibility of electronic evidence must be done to ensure that the basic rights of the accused in cases which involves electronic/digital evidences is not violated and to prevent abuse of power by the prosecution and investigation authority.

3.0 3.0

PROB PROBLE LEM M STAT STATEM EMEN ENT/ T/RE RESE SEAR ARCH CH QUES QUESTI TION ON

This research attempts to answer the following two questions: Whether the provisions relating to electronic/computer evidence in the Malaysian Evidence Act 1950 provides safeguard mechanisms to ensure that only electronic/digital evidence which is forensically sound will be admissible. Secondly, if the finding to question one is in the negative, what measures is necessary to be introduced into the Evidence Act to fill in this gap.

4.0

OBJECTIVE OF THE STUDY

The purpose of this research is to critically analyze to what extent the provisions relating to electronic evidence in the Malaysian Evidence Act 1950 is adequate in ensuring only ‘forensically sound sound evidence evidence’’ is admissi admissible ble in trial. trial. Apart Apart from from that, that, this research research will will also also compar comparati ativel vely y analyze the said provisions with the practice of electronic evidence handling as found in other jurisdiction, jurisdiction, for example, example, under the Indian Evidence Act, 1872. Finally, Finally, if the outcome outcome of the research points to the conclusion that the relevant provisions in the Malaysian Evidence Act, 1950 need need to be revamp revamped, ed, this researc research h seeks seeks to recomm recommend/ end/pro propos posee a compre comprehens hensive ive legisla legislative tive amendment to the said Act which shall address the loopholes/inadequacies/gaps found in the said Act.

5.0 5.0

SCO SCOPE AND LIM LIMITAT ITATIO ION N OF THE THE STU STUD DY

The The subje subject ct matt matter er of this this rese resear arch ch is the the provi provisi sions ons relat relating ing to elect electro ronic nic evide evidence nce in the the Malaysian Evidence Act 1950. Comparison will be made with the actual practice in electronic





This This rese researc arch h will will also also look look into into how the Crim Crimina inall Proc Proced edure ure Code Code and other other digi digital tal law law legislations legislations e.g. Computer Computer Crimes Act 1997 complements complements the evidence Act in respect respect of ensuring ensuring only ‘forensically sound evidence’ is admissible in trial. Study which put an enacted piece of legislation as its core subject matter is invariably faced with the risk that its subject matters is liable to be amended by the Parliament midway during the study. Should this thing happens, the direction of this research will need to be re-planned accordingly.

6.0 6.0

RESE RESEAR ARCH CH METH METHOD ODOL OLOG OGY/ Y/RE RESE SEAR ARCH CH DESI DESIGN GN

This research is proposed to be carried out by employing a fully qualitative approach in order to analyze the status quo in electronic/digital evidence forensic practice in Malaysia and also the status quo in the relevant legislation (The Malaysian Evidence Act 1950).Towards this end, both primary primary data and and secondary secondary data will will be collected collected to be analyzed. analyzed. According According to Patton Patton9, using more than one data collection or triangulation approach permits the evaluator to combine strengths and correct some of the deficiencies of any one source of data and thus increase the strength and rigour of an evaluation.

Primary data of this research will be obtained through semi-structured interviews with stakeholders in the criminal criminal justice justice system system in Malaysi Malaysiaa e.g. e.g. lawyers lawyers,, prosec prosecutor utors, s, judges judges,, police police,, relevan relevantt officers from the Attorney General Chambers and also from stakeholders in the field of ICT such as MIMOS, Malaysian Communications and Multimedia Commission (MCMC) and Ministry of Scie Science nce,, Techn Technol olog ogy y and Innov Innovat atio ion n (MOS (MOSTI TI)) espe especi ciall ally y offi office cers rs from from one of its its agenc agency, y, CyberSecurity Malaysia. Secondary data will be collected through content analysis method where the researcher will deduct and analyze data from various materials such as books and journals which relate with the issue of electronic/digital/computer evidence and evidence law in general.

7.0

SIGNIFICANCE OF STUDY





It is hope hoped d that that the the find findin ings gs of this this rese resear arch ch will will add add up to the the corp corpus us of lite litera ratu ture re on electronic/digital/computer evidence and evidence law in general. Further, it is hoped that the finding findingss of this this resear research ch on the electro electronic/ nic/dig digital ital/com /compute puterr forensi forensicc practi practice ce would would provide provide knowledge on the best practice in handling electronic/digital/computer evidence. Lastly, it is hoped that the findings of this research research will provide useful assistance assistance to policy makers makers in fine-tuning fine-tuning the relevant law, policies and guidelines on the handling of electronic/digital/computer evidence in Malaysia.

8.0

LITERATURE RE REVIEW

Computer forensic or digital forensic is the process of identifying, preserving, analyzing and preserving preserving digital evidence in a manner that is legally legally acceptable acceptable10. Digital Digital or electronic evidence requires a completely different set of tools and expertise to analyze 11. According According to McKemmish, McKemmish, computer computer forensic or digital forensic encompasses encompasses four key elements namely, the identification identification of digital evidence, the preservation of digital evidence, the analysis of digital evidence and the presentation presentation of the digital evidence to the court of law. Each step is critical as any anomaly may have bearing on the legal acceptability of the evidence12. In the Malaysian context, a computer forensic or digital forensic best practice framework (called Digital Investigation Model (DIM)) has been put forward forward by Perumal Perumal13 (2009) which is built upon other DIMs but improved in term of preservation preservation of of the fragile fragile evidence evidence and on on data acquisitio acquisition n process. process.

Rapid progress in the field of ICT poses new challenge for the criminal justice system. A new type of evidence, namely electronic/digital/computer evidence has emerged which necessitate responds in the legislation to cope with the complexities brought about by the same. The Evidence Act 1950 currently do away with Best Evidence Rule as under the Act the content (including digital content) of document (the term which also encompass matrix holding any digital content) may be proved by 10

Note 2 at p.1 Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007) The need for and

11







primary primary evidence (the originals) originals) and also secondary secondary evidence (the copies). copies). The ease with which digital digital items (e.g. (e.g. document documents, s, digital digital photog photograp raph h etc) etc) can be altere altered d by using using commer commercial cially ly available software (e.g. Adobe Photoshop) necessitates a rethinking of some of the principles in the Evidence Act 1950. This situation (the ease of compromising digital evidence) may, when wrongly admissible as evidence, prejudice the accused’s defence further. Due to the specific nature of the electronic digital evidence, an introduction of a new act i.e. Electronic Evidence Act is not too farfetched. This has been done in at least one jurisdiction i.e. the Canadian province of Prince Edward Island’s Electronic Evidence Act14.

9.0

CONCLUSION

As a conclusion, conclusion, it is submitted that a legislative legislative framework framework (whether (whether new or amended version of currently currently available legislation) which provide guidelines as to the handling of electronic electronic evidence will prove to be a ‘win-win’ situation for those involved in the criminal justice system in Malaysia.

10.0

LIST OF REFER FERENCE

Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, Town, 4 Issues in Informing Science and Information Technology,p.66 Jones,A. & Valli,C., Buildin Valli,C., Building g a Digital Digital Forensic Forensic Laborato Laboratory: ry: Establishin Establishing g and Managing Managing a Successful Facility,(Elsevier Facility,(Elsevier Inc. USA 2009),p.7.





Palmer,G,”A Road Map for Digital Forensic Research”, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,”Computer Forensic and Culture”, in Yang,C.C. et. al (eds.) (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290.

Patton, M.Q., How How To To use qualitative qualitative methods methods in evaluation evaluation (SAGE Publications Inc. California 1987),p.60.

Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS Process, IJCSNS International International Journal Journal of of Computer Computer Science Science and Network Network Security Security,, VOL.9 No.8, August 2009 ns.org/07_boo /07_book/200908 k/200908/200908 /20090805.pdf 05.pdf available at paper.ijcs at paper.ijcsns.org

Redding,S.,”Using Peer-to-Peer Technology for Network Forensic”, in : Pollitt,M. & Shenoi,S. (eds.) Advances (eds.) Advances in digital digital forensic forensic (Springer USA 2008),p.143.

Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414

Sample of Short PhD Proposal

Recommend Documents