Você está na página 1de 8

SAMPLE OF SHORT PHD PROPOSAL By Ahmad Rawi The writer can be contacted at

scholars.assist@gmail.com
THESIS PROPOSAL

1.0

TITLE OF THE RESEARCH

The Forensic Aspects of Electronic Evidence : A Critical Study on the Provisions Relating to Electronic Evidence under the Malaysian Evidence Act 1950 and its Adequacy in Ensuring That Only Forensically Sound Evidence is Admissible in Trial. 2.0 BACKGROUND TO THE RESEARCH

Forensic ,from the Latin word forensis meaning on or before the forum has been defined as the science of examining evidence and drawing conclusions for presentations in a court of law1.As technology evolved, so does the locus and tools for the commission of crimes. The advent of the technological construct known as cyberspace has shifted the place of the commission of the crime from the real world to the conceptual world which exists only in the human (computer users) mind though physically represented by the computer screen in front of them. With the advent of internet and computer technologies, another niche is carved in the forensic discipline, invariably known as computer forensic and digital forensic.

Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414

McKemmish2 has succinctly defined computer forensic as the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable. According to Palmer3, computer forensic is The use of scientifically derived and proven methods towards the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstructions of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. The other terms invariably used interchangeably with computer forensic is digital forensic4. Jones and Valli5 have compiled a number of definitions of digital forensic as follow: 1) Any information of probative value that is either stored or transmitted in binary form (this is one of the earliest definition coming from the respectable Scientific Working Group for Digital Evidence). 2) Digital forensic is the collection, preservation, analysis and court presentation of digital related evidence. 3) Digital forensic is the application of science and engineering to the legal problem of digital evidence. It is a synthesis of science and law. 4) Digital forensic is the discipline that combines elements of law and digital science to collect and analyze data from digital systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.
2

McKemmish,R.,What is Forensic Computing,(1999) 118 Australian Institute of Criminology: Trends and Issues In Crime and Criminal Justice,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-989464E0DF87BDF7%7Dti118.pdf 3 Palmer,G,A Road Map for Digital Forensic Research, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,Computer Forensic and Culture, in Yang,C.C. et. al (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290.
4

McKemmish,R.,When is Digital Evidence Forensically Sound?, in : Ray, I. & Shenoi, S.(eds.) Advances in Digital Forensic IV (Springer New York 2008) p.3
5

Jones,A. & Valli,C., Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility,(Elsevier Inc. USA 2009),p.7.

As can be seen from the last definition computer forensic or digital forensic is a dynamic discipline constantly evolving to catch up with the advance in Information and Telecommunication Technologies (ICT).For example, a sub-niche discipline that grew out of computer forensic is network forensic which has its own specific definition. Network forensic has been defined by the Digital Forensic Research Workshop as the use of scientifically proven techniques to collect, fuse, identify, examine, correlate, analyze and document digital evidence from multiple, actively processing and transmitting digital sources for the purpose of uncovering facts related to the planned intent, or measured success of unauthorized activities meant to disrupt, corrupt and or compromise system components as well as providing information to assist in response to or recover from these activities6. It has been argued that the birth of computer forensic or digital forensic as a discipline was due to the need to provide technical solutions to legal problems, the technical solutions offered by the discipline being the methodology of extraction of electronic/digital data by processes that ensure that such extracts is legally acceptable as evidence7, or in other words, it is forensically sound. By forensically sound, it is meant that the forensic process is done with two clear objectives8 : 1. The acquisition and subsequent analysis of electronic data has been undertaken with all due regard to preserving the data in the state in which it was first discovered. 2. The forensic process does not in any way diminish the evidentiary value of the electronic data through technical, procedural or interpretive errors. In line with the advent in ICT technologies, the Malaysian Evidence Act 1950 was amended to cope with the complexities brought about by such technological advancement. But questions linger whether the Malaysian Evidence Act 1950 provides adequate mechanisms and safeguards to ensure that in the context of electronic or digital evidence, only forensically sound electronic or digital evidence is admissible in trial. In view of this, it is submitted that, if needs be, a thorough
6

Redding,S.,Using Peer-to-Peer Technology for Network Forensic, in : Pollitt,M. & Shenoi,S. (eds.) Advances in digital forensic (Springer USA 2008),p.143. 7 Note 4 at p.4 8 Note 4 at p.6

revision of the provisions relating to admissibility of electronic evidence must be done to ensure that the basic rights of the accused in cases which involves electronic/digital evidences is not violated and to prevent abuse of power by the prosecution and investigation authority. 3.0 PROBLEM STATEMENT/RESEARCH QUESTION

This research attempts to answer the following two questions: Whether the provisions relating to electronic/computer evidence in the Malaysian Evidence Act 1950 provides safeguard mechanisms to ensure that only electronic/digital evidence which is forensically sound will be admissible. Secondly, if the finding to question one is in the negative, what measures is necessary to be introduced into the Evidence Act to fill in this gap. 4.0 OBJECTIVE OF THE STUDY

The purpose of this research is to critically analyze to what extent the provisions relating to electronic evidence in the Malaysian Evidence Act 1950 is adequate in ensuring only forensically sound evidence is admissible in trial. Apart from that, this research will also comparatively analyze the said provisions with the practice of electronic evidence handling as found in other jurisdiction, for example, under the Indian Evidence Act, 1872. Finally, if the outcome of the research points to the conclusion that the relevant provisions in the Malaysian Evidence Act, 1950 need to be revamped, this research seeks to recommend/propose a comprehensive legislative amendment to the said Act which shall address the loopholes/inadequacies/gaps found in the said Act. 5.0 SCOPE AND LIMITATION OF THE STUDY

The subject matter of this research is the provisions relating to electronic evidence in the Malaysian Evidence Act 1950. Comparison will be made with the actual practice in electronic evidence handling as found in other jurisdiction, for example, in India as provided under the Indian Evidence Act, 1872. This research however, will mainly focus on the tendering of electronic evidence in criminal trial.
4

This research will also look into how the Criminal Procedure Code and other digital law legislations e.g. Computer Crimes Act 1997 complements the evidence Act in respect of ensuring only forensically sound evidence is admissible in trial. Study which put an enacted piece of legislation as its core subject matter is invariably faced with the risk that its subject matters is liable to be amended by the Parliament midway during the study. Should this thing happens, the direction of this research will need to be re-planned accordingly. 6.0 RESEARCH METHODOLOGY/RESEARCH DESIGN

This research is proposed to be carried out by employing a fully qualitative approach in order to analyze the status quo in electronic/digital evidence forensic practice in Malaysia and also the status quo in the relevant legislation (The Malaysian Evidence Act 1950).Towards this end, both primary data and secondary data will be collected to be analyzed. According to Patton9, using more than one data collection or triangulation approach permits the evaluator to combine strengths and correct some of the deficiencies of any one source of data and thus increase the strength and rigour of an evaluation. Primary data of this research will be obtained through semi-structured interviews with stakeholders in the criminal justice system in Malaysia e.g. lawyers, prosecutors, judges, police, relevant officers from the Attorney General Chambers and also from stakeholders in the field of ICT such as MIMOS, Malaysian Communications and Multimedia Commission (MCMC) and Ministry of Science, Technology and Innovation (MOSTI) especially officers from one of its agency, CyberSecurity Malaysia. Secondary data will be collected through content analysis method where the researcher will deduct and analyze data from various materials such as books and journals which relate with the issue of electronic/digital/computer evidence and evidence law in general. 7.0 SIGNIFICANCE OF STUDY

Patton, M.Q.,How To use qualitative methods in evaluation (SAGE Publications Inc. California 1987),p.60.

It is hoped that the findings of this research will add up to the corpus of literature on electronic/digital/computer evidence and evidence law in general. Further, it is hoped that the findings of this research on the electronic/digital/computer forensic practice would provide knowledge on the best practice in handling electronic/digital/computer evidence. Lastly, it is hoped that the findings of this research will provide useful assistance to policy makers in fine-tuning the relevant law, policies and guidelines on the handling of electronic/digital/computer evidence in Malaysia. 8.0 LITERATURE REVIEW

Computer forensic or digital forensic is the process of identifying, preserving, analyzing and preserving digital evidence in a manner that is legally acceptable10. Digital or electronic evidence requires a completely different set of tools and expertise to analyze11. According to McKemmish, computer forensic or digital forensic encompasses four key elements namely, the identification of digital evidence, the preservation of digital evidence, the analysis of digital evidence and the presentation of the digital evidence to the court of law. Each step is critical as any anomaly may have bearing on the legal acceptability of the evidence12. In the Malaysian context, a computer forensic or digital forensic best practice framework (called Digital Investigation Model (DIM)) has been put forward by Perumal13 (2009) which is built upon other DIMs but improved in term of preservation of the fragile evidence and on data acquisition process. Rapid progress in the field of ICT poses new challenge for the criminal justice system. A new type of evidence, namely electronic/digital/computer evidence has emerged which necessitate responds in the legislation to cope with the complexities brought about by the same. The Evidence Act 1950 currently do away with Best Evidence Rule as under the Act the content (including digital content) of document (the term which also encompass matrix holding any digital content) may be proved by
10 11

Note 2 at p.1 Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, 4 Issues in Informing Science and Information Technology,p.66 12 Note 2 at p.1-p.2 13 Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 available at paper.ijcsns.org/07_book/200908/20090805.pdf

primary evidence (the originals) and also secondary evidence (the copies). The ease with which digital items (e.g. documents, digital photograph etc) can be altered by using commercially available software (e.g. Adobe Photoshop) necessitates a rethinking of some of the principles in the Evidence Act 1950. This situation (the ease of compromising digital evidence) may, when wrongly admissible as evidence, prejudice the accuseds defence further. Due to the specific nature of the electronic digital evidence, an introduction of a new act i.e. Electronic Evidence Act is not too farfetched. This has been done in at least one jurisdiction i.e. the Canadian province of Prince Edward Islands Electronic Evidence Act14. 9.0 CONCLUSION

As a conclusion, it is submitted that a legislative framework (whether new or amended version of currently available legislation) which provide guidelines as to the handling of electronic evidence will prove to be a win-win situation for those involved in the criminal justice system in Malaysia. 10.0 LIST OF REFERENCE

Dathan,B.,Fitzgerald,S.,Gottschalk,L.,Liu,J. & Stein,M.(2005) Computer forensic programs in higher education: A preliminary study in Stander,A. & Johnston,K.(2007)The need for and contents of a course in forensic information system & computer science at the university of Cape Town, 4 Issues in Informing Science and Information Technology,p.66 Jones,A. & Valli,C., Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility,(Elsevier Inc. USA 2009),p.7. McKemmish,R.,When is Digital Evidence Forensically Sound?, in : Ray, I. & Shenoi, S.(eds.) Advances in Digital Forensic IV (Springer New York 2008) p.3 McKemmish,R.,What is Forensic Computing,(1999) 118 Australian Institute of Criminology: Trends and Issues In Crime and Criminal Justice,online,accessed on 20 April 2011, available at http://www.aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-989464E0DF87BDF7%7Dti118.pdf

14

Available from www.gov.pe.ca/law/statutes/pdf/e-04_3.pdf

Palmer,G,A Road Map for Digital Forensic Research, in : The First Digital Forensic Research Workshop (2001) cited in Lin,Y.C., Slay,J. and Lin,I.L,Computer Forensic and Culture, in Yang,C.C. et. al (eds.) Intelligence and security informatics: IEEE ISI 2008 international workshops proceedings (Springer Germany 2008) p.290. Patton, M.Q.,How To use qualitative methods in evaluation (SAGE Publications Inc. California 1987),p.60. Perumal,S., Digital Forensic Model Based On Malaysian Investigation Process, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009 available at paper.ijcsns.org/07_book/200908/20090805.pdf Redding,S.,Using Peer-to-Peer Technology for Network Forensic, in : Pollitt,M. & Shenoi,S. (eds.) Advances in digital forensic (Springer USA 2008),p.143. Zeidman,B., The Software IP Detective's Handbook: Measurement, Comparison and Infringement Detection (Pearson Education Inc USA 2011), P.414

Você também pode gostar