tag:blogger.com,1999:blog-1098571044839396272011-12-29T16:56:51.079+07:00This blog is developed to share the knowledge and science of computer forensic and its related stuff to those who would like to apply forensic investigation on computer crime.Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.comBlogger371100tag:blogger.com,1999:blog-109857104483939627.post-10514643568104089242011-06-20T01:20:00.002+07:002011-06-20T01:48:45.062+07:00

This week, I will deliver lecturing theory and hands-on practice on Audio Forensic. It will be conducted at Puslabfor Mabes Polri in which the participants are representatives from all Forensic Lab Branches in Indonesia. On this course, I will guide them on how to perform Audio Forensic for voice recognition purposes. Some topics I will lecture are: Theory of Voice Components of Voice Procedure

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-60832824777657283342011-06-20T00:58:00.000+07:002011-06-20T00:58:10.851+07:00

A couple weeks ago, I and my colleagues went to Netherlands for joining Computer Forensic Training at Netherlands Police Academy (NPA). It was conducted for 2 weeks. Personally I like to learn a lot about digital forensic and its related stuff, so that going to NPA for this training makes me happy. I could explore widely the world of computer forensic. On this training, I could obtain much

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-57792431216268022562011-06-20T00:42:00.000+07:002011-06-20T00:42:34.992+07:00

It's a very long time for me not to post a new thing on this blog. Actually I really want to do it, but honestly there are so much things which must be done soon and properly. It takes almost all my time, so that I cannot allocate my free time to open this blog. Sorry for this inconvenience. Tonight, I force my self to renew my lovely blog again with some new information.

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-46176172907474535732010-05-26T13:41:00.000+07:002010-05-26T13:41:50.015+07:00

On last April, I was awarded by British Council as one of "2010 Indonesian Super Six UK Alumni". It is really a pride and honour for me to be selected for this award. I've never dreamed it before. For this award, I thank my family for all supports given to me when I joined master degree, MSc in Forensic Informatics at the University of Strathclyde, UK. I am also gratefull to my lecturers teaching

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com1tag:blogger.com,1999:blog-109857104483939627.post-19471975951507913752010-05-26T13:16:00.000+07:002010-05-26T13:16:34.272+07:00

At the end of last April, I was invited to attend the first session of Cyber Crime Research which is conducted by Institutes for Advanced Studies (IAS) along with University of Strathclyde. This session was attended by representatives of UK universities, law enforcement agencies and private sectors. On this moment, I delivered presentation about ATM Crime in which I focused on modus operandi and

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-33174163877741564012010-02-26T23:42:00.000+07:002010-02-26T23:42:49.818+07:00

In the last two weeks, I was requested by some parties to share the knowledge on digital forensic at two different activities. The first is to be keynote speaker on the digital forensic preview seminar conducted by EC-Council Representative for Indonesia (i.e. PT. Datamation) along with PT. Andalan Nusantara Teknologi. This seminar carried out in Jakarta was attended by about sixty people which

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com2tag:blogger.com,1999:blog-109857104483939627.post-34919580042179894892010-01-02T22:29:00.000+07:002010-01-02T22:29:48.023+07:00

Dear All, Like or dislike, we have leaved the year 2009 behind and we encounter the new year 2010. So many things we have done in the last year. It could be good or bad thing. For the good thing, We hope that we could reach it again in the new year 2010 or even we could exceed it to be better than the previous year. For the bad thing, we have to leave it and do not repeat it in this year. With

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-55410891118279773632010-01-02T22:16:00.000+07:002010-01-02T22:16:33.460+07:00

Introduction Following the fast development of IT, computer crime becomes a complex crime with the use of high technology, so that it is not easy for forensic investigators to analyse this crime, even to trace back the perpetrators. The criminals can utilise the internet or intranet in order to commit this crime by exploiting vulnerabilities which might exist in the network, or even in the

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com1tag:blogger.com,1999:blog-109857104483939627.post-62119939845737963522010-01-02T22:08:00.000+07:002010-01-02T22:08:13.806+07:00

Introduction Handling the evidence found in the case of computer crime or computer-related crime is different from handling other evidence such as blood, tool marks, trace, and fibres. The evidence found at such crimes is grouped as computer-based electronic evidence. As the evidence from this type of crime is easy to volatile, digital forensic analyst should be able to understand how to handle

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-12169694910508904842010-01-02T21:57:00.000+07:002010-01-02T21:57:52.321+07:00

In this journal, the image file is a dd file which is obtained from the acquisition process previously. After checking the hash value of the dd image file which must be identical with the evidence of storage media, the dd is then analysed in the following further actions. Method: Physical analysis with the use of Autopsy Autopsy is graphical interface form of The Sleuthkit (TST) created by

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-58333771959054427962009-12-26T23:53:00.000+07:002009-12-26T23:53:35.401+07:00

Introduction When dealing with the evidence of storage media, a digital forensic analyst must be careful in the process of acquisition. Once he makes a mistake, then the next processes would be doubted, even it could be rejected by the court. As the process of acquisition is very important in digital forensic, it should be handled properly. To obtain the output of the acquisition process is

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-1357849348253777582009-12-19T04:44:00.000+07:002009-12-19T04:44:37.349+07:00

IntroductionThere are many types of digital evidence which could be encountered by digital forensic analyst in dealing with computer crime or computer-related crime. Not only files, videos, digital images, encrypted items, unallocated clusters, slacks and so forth, but also digital audio files might be analysed. In certain cases, the audio files become significant evidence to show the involvement

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-27737389545461569022009-12-01T09:04:00.000+07:002009-12-01T09:04:08.117+07:00

Background Ubuntu Forensic is the use of Ubuntu for digital forensic purposes. As it provides a wide range of forensic tools as well as anti-forensic and cracking tools, so it is reliable to investigate a computer crime and analyse digital evidence on it. The significant difference on forensic applications between Ubuntu and Ms Windows is that Ubuntu applications are freeware, while the

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com2tag:blogger.com,1999:blog-109857104483939627.post-76985044051836646462009-11-22T01:14:00.000+07:002009-11-22T01:14:00.423+07:00

A few weeks ago, I joined the Audio Forensic Training which was jointly conducted between Forensic Laboratory Centre of Indonesian National Police Headquarters and Cedar Cambridge. In this training, we developed the latest techniques on noise filtering by using Cedar instrument which was installed in the Audio Laboratory at my office. According to Dr. David Robinson who was also the instructor at

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-26641122289162364452009-11-19T12:41:00.000+07:002009-11-19T12:41:53.997+07:00

This material actually is my slides presentation when being requested to be instructor on Frontline Forensic Course in Indonesia. This course has been being conducted since 16 November till 4 December 2009. In this course, I deliver teaching materials about Digital Forensic, Face Sketching, Photography Forensic, Fire Investigation and GPS. In this post, I just describe my materials on Face

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-11495332792667848752009-11-02T12:11:00.000+07:002009-11-02T12:11:41.045+07:00

I think it is a long time for me not to post a new topic in this blog. For this reason, I apologise because I have been so busy with some crime scene processing and digital forensic analysis. In this post, I would like to describe a more detail about digital forensic from investigation flowchart and digital forensic procedure to study case. It is in the form of a presentation which will be

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com1tag:blogger.com,1999:blog-109857104483939627.post-78269636237350221592009-10-05T10:17:00.000+07:002009-10-05T10:17:50.257+07:00

Actually this journal is derived from my previous post concerning forensically write protect on Ubuntu which has been experimented successfully before. After considering this topic is so significant, so I take it to be an official journal. For this journal, I just put Introduction and Experiments Preparation for this post; therfore for full version of pdf of this journal, it can be downloaded at

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-32251005597022102492009-10-02T12:55:00.001+07:002009-10-02T12:56:17.341+07:00

This post is the form of development of previous post concerning the same topic. It is about similarities and differences between Ubuntu and Windows on forensic applications. The previous post only discuss it in general and is like brief summary of experiments performed before; therefore in order to make the topic becomes comprehensive view, this post in the form of journal is issued. I only put

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-5631905385195438692009-09-16T10:11:00.014+07:002009-10-01T13:16:02.738+07:00

The pdf version of this journal can be downloaded at http://www.scribd.com/doc/20461254/Forensic-Cop-Journal-11-2009Symmetric-and-Asymmetric-Cryptography-in-Brief-Practice Introduction   Since cryptography offers a tight security for people to encode their message to be unreadable by third party, most people are interested in utilizing it in order to keep their privacy. It is expected that

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-44288014867768652982009-09-13T10:02:00.002+07:002009-09-13T10:05:46.217+07:00

The investigators can perform forensics analysis either under Ubuntu 8.10 or under Windows XP in dealing with the case of computer crime. At certain extent, both operating systems have many similarities so that the forensics investigators do not need to be confused in deciding what operating system suitable for carrying out a particular analysis.  Based on the explanations supported by

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-86823120923846827312009-09-13T09:49:00.002+07:002009-09-13T09:51:03.138+07:00

I like Wine application on Ubuntu a lot. It makes a significant difference between Ubuntu and Ms Windows, although not all Windows applications can be installed into Ubuntu. For some cases, it is very helpful. I suggest anybody to install and use it so that the machine becomes more flexible. One of amazing tools under Ubuntu 8.10 is Wine. Through this application the forensics investigators can

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-24743502364003919012009-09-13T09:21:00.001+07:002009-09-13T09:29:34.207+07:00

This experiment was performed on December 2008 in order to support my statement on similarities of forensic applications running under between Ubuntu and Windows. From all experiments I carried out under Ubuntu, I can say that Ubuntu is excellent operating system, particulalry when it is used for forensic purposes. One of requests which is often asked to the forensics investigators is deleted

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-90271385413073657152009-09-13T09:10:00.003+07:002009-09-13T09:12:37.706+07:00

This experiment was part of class assignments performed at computer laboratory of CIS Strathclyde. Surprisingly in this laboratory, all machines run Ubuntu as the operating system, so that all forensic activities carried out under Ubuntu. All applications used during the activities are free and flexible, even some of them are more powerful than commercial applications running under Ms Windows.

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-36465646400869732112009-09-13T08:49:00.002+07:002009-09-13T08:56:11.899+07:00

This experiment is the same as the experiment 9, 10 and 11 which are part of a set of experiments related to the class assignments performed on December 2008. In my point of view, the assignment report will be more reliable if it is supported by a number of experiments as well as literature study; therefore for most of my assignments during my course at Strathclyde, I usually peformed some

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-44689807578797842022009-09-13T08:11:00.005+07:002009-09-13T08:34:10.022+07:00

This experiment was performed in order to seek similarity in forensic imaging between  applications running under Ubuntu and Windows XP. It was part of a big experiments related to class assignments at Strathclyde on December 2008. This is the first thing to do in performing forensics analysis to the hard drive evidence. If this is not handled appropriately, so the next phases of forensics

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-10316235416694361472009-09-11T13:12:00.004+07:002009-09-13T09:30:59.235+07:00

This experiment which was performed on December 2008 was part of a set of experiments related to the class assignments seeking the similarities of forensic analysis between Ubuntu and Windows XP. EXIF which stands for Exchangeable Image File Format is the image file format specification with the addition of metadata tags for JPEG, TIFF Rev. 6.0 and RIFF WAV file formats. The specific metadata

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com1tag:blogger.com,1999:blog-109857104483939627.post-49580577998647494702009-09-11T11:34:00.006+07:002009-09-13T09:31:31.269+07:00

This experiment was part of experiments regarding with essay assignment in my course (i.e MSc in Forensic Informatics at the University of Strathclyde, UK) about the differences of forensic applications between Ubuntu and Windows XP. It was performed on December 2008.   Forensically Sound Blocks Imaging is a small thing but it makes a significant difference between Ubuntu 8.10 and Windows XP on

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-8451023634345857892009-09-10T12:03:00.010+07:002009-09-13T09:32:29.796+07:00

This experiments were my private experiments in order to understand about file systems particularly FAT. Hopefully it could help anyone who would like to explore it. Introduction : Computer needs a method to deal with their files in order to arrange and manage them. This method is simply called File System which is useful for computer to manage the files stored in storage media such as magnetic

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-9438873000396424242009-09-08T11:57:00.003+07:002009-09-13T09:34:34.127+07:00

Before these experiments, I would like to have a flashdisk which can run live to boot a machine. The flashdisk contains Ms Windows system files. Below is my email contents sent by email to my colleagues at Strathclyde on 11 December 2008. I just wanna share again my successful experiment last night. It is about how to make Ms Windows OS Live Flash disk, so that we can boot a computer through

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-80344814716757199282009-09-08T11:50:00.000+07:002009-09-08T11:50:49.769+07:00

This poetry was sent to my colleagues at Strathclyde on 10 December 2008.  I would like to share my poetry. The title is 'FI and White Snow in the New Year'. Below is the complete poetry. --------------------------------------------------------- "FI and White Snow in the New Year" by Muhammad Nuh Al-Azhar on 9 December 2008 It's like a dream comes true When I was announced to be one of

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-77723919174501602642009-09-08T11:45:00.002+07:002009-09-13T09:35:40.653+07:00

This experiments were performed in order to install Ms Windows OS into a netbook which does not have a CD-ROM. The description of this successful experiments below are my email contents sent to my colleagues at Strathclyde on 9 December 2008. I just wanna share my successful experience in creating 'bootable Ms Windows OS flashdisk' which was carried out by me a few weeks ago. It is useful in

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-40003866400643443752009-09-08T10:28:00.004+07:002009-09-11T11:06:16.827+07:00

In Ms Windows OS, there are many forensically sound write protect tools either in software or hardware offered to users. Most of them are commercial. The same thing can be performed on Ubuntu, but this is for free. We just make a little modification on fstab file to configure Ubuntu machine becomes forensically sound write protect. The description below is my email contents I sent to my

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-37732692280627041382009-09-08T10:06:00.005+07:002009-09-13T09:36:23.377+07:00

This experiments were performed when I got free time after semester 1 finished and waiting for semester 2 commenced. FYI, at that time I still joined MSc in Forensic Informatics at the University of Strathclyde. It is same as other posts, below is the email I sent on 26 January 2009 to my colleagues after successful experiments on network scanning. For security purpose, I rename the website I

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-30144874176249723642009-09-08T09:49:00.002+07:002009-09-11T13:28:13.921+07:00

Below is my email contents I sent to my colleagues on 17 February 2009 regarding with my experiments on how to crack zip file and user account on Ubuntu machine. At that time, it was perfomed in order to refresh my mind from stuck on assignments. It's a long time for me not to share the experiments because too many assignments I've got in this semester (I've ever calculated the number of words

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-89531288589460719552009-09-08T09:31:00.001+07:002009-09-11T11:07:55.389+07:00

This is my second experiments on Ubuntu. It was performed when I was still joining MSc in Forensic Informatics at the University of Strathclyde. Below is the experiments results which I sent to my colleagues by email on 17 December 2008.  Again, I just wanna share my experiment on using Opchrack for cracking the password of Windows XP. I carried out experiment of Ophcrack application under my

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-7353881516237505682009-09-07T13:47:00.006+07:002009-09-11T11:08:48.555+07:00

Below is my email contents which was sent to my lecturers on 7 December 2008 after performing two successful forensic experiments on Ubuntu machine. It was performed when I was still joining MSc in Forensic Informatics at the University of Strathclyde, UK. Based on teaching materials of CS935 and CS936, I performed an experiment in the last few days with the result was successful. It is about

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0tag:blogger.com,1999:blog-109857104483939627.post-21159569370637301102009-09-07T12:22:00.000+07:002009-09-07T12:22:18.167+07:00

Dear All, Welcome to my blog, I dedicate this blog for everyone who would like to involve in computer forensic investigation. I realise this blog is still far from satisfaction of readers, nevertheless I try to deliver a good forensic stuff to know and understand. Perhaps some of them are obsolete and already known by some readers, but in my point of view, any knowledge particularly computer

Muhammad Nuh Al-Azharhttp://www.blogger.com/profile/16776878695198387238noreply@blogger.com0