Kota Kinabalu: The Coroner’s Court heard Thursday that the methodology used to analyse 15 mobile phones in the case of Zara Qairina Mahathir for forensic analysis was based on ISO 17025, a standard recognised by an international body.
Computer Crime Investigation Unit analyst ASP Mohd Zaidi Abu Hassan told the coroner that he applied the ISO 17025 Standard Operating Procedure (SOP) as a guideline in carrying out his analysis of digital evidence, namely mobile phones.
Responding to questions from Deputy Public Prosecutor Sofia S. Sawayan, he said ISO 17025 is a standard established by an international body to accredit laboratories conducting testing.
Sofia: How long have you been practising ISO 17025?
Mohd Zaidi: I have been practising it for three years, and it is applied in Polis Diraja Malaysia (PDRM) forensics.
Sofia: Is the methodology you use to analyse exhibits internationally recognised?
Mohd Zaidi: Yes.
Sofia: Can you explain your experience in the field of digital forensics?
Mohd Zaidi: I have served for 19 years, analysed approximately 7,000 cases, and have previously testified in court.
Sofia: What methodology do you use to analyse exhibits for forensic analysis?
Mohd Zaidi: I use the ISO 17025 SOP, which governs how I analyse digital evidence. This ISO is a standard set by an international body to accredit laboratories conducting testing.
The 70th deponent also told the court that he used XRY software to analyse the exhibits submitted to him.
Sofia: I refer you to paragraphs 13 and 18 of your witness statement. When you mention XRY, are you referring to a device or software?
Mohd Zaidi: XRY refers to software.
Sofia: Can you explain what XRY is and its function?
Mohd Zaidi: XRY is software used to analyse mobile phones to obtain data such as contacts, images, videos, WhatsApp messages, SMS, and data from social media.
The software can also analyse memory cards and SIM cards.
Sofia: Is the use of XRY carried out according to any specific standards such as ISO or international guidelines?
Mohd Zaidi: Yes.
Sofia: In this case, was the use of XRY for analysing the exhibits conducted according to the standards you mentioned earlier?
Mohd Zaidi: Yes.
Sofia: Where is XRY installed?
Mohd Zaidi: It is installed on my computer, which only I can access. The computer is in my office and is not installed on any other computer.
Sofia: How do you ensure the integrity of the equipment when installing the XRY software?
Mohd Zaidi: The software was not installed by me, but by the vendor.
Sofia: Who has access to the computer and the analysed data?
Mohd Zaidi: Only me.
Sofia: For the purpose of demonstrating the use of XRY to the court, are you able to do so today (Thursday)?
Mohd Zaidi: No, because the software is installed by the vendor and can only be used on a computer with relatively high specifications. That computer is only available in my office.
Sofia: Please explain to the court how XRY is used to analyse exhibits such as mobile phones, SIM cards and memory cards.
Mohd Zaidi: To begin analysing mobile phones, I first ensure the phone is functional. After that, the phone is connected to my analysis computer. The XRY software is then used to extract data from the phone.
The same process applies to SIM cards and memory cards, which are analysed simultaneously with the phone.
He added that in this case, no one else assisted him in analysing the exhibits using XRY.
