ON THE PREPARATION AND APPOINTMENT OF FORENSIC EXPERTISE WITHIN THE INVESTIGATION OF CRIMINAL OFFENSES RELATED TO CYBERATRAKS
DOI:
https://doi.org/10.37025/1992-4437/2021-36-2-59Keywords:
forensic expertise, computer and technical expertise, telecommunication expertise, informational security, cyber threat, cybercrime, cyberattack, cyber incident, malicious software, log file.Abstract
The purpose of the article is to scientifically substantiate the theoretical principles of preparation and appointment of forensic expertise within the investigation of criminal offenses related to cyberattacks, to form appropriate scientific and applied recommendations. Methodology. The reliability of the obtained results and conclusions are ensured by a set of methods of general scientific and specific scientific levels. In particular, the main is the general dialectical method of scientific knowledge of phenomena, processes and objects, as well as modeling and forecasting, formallogical, system-structural methods. Scientific novelty. The list of questions that can be put to a forensic expertise in case of interference in the work of information and telecommunications systems through remote attacks on denial of service and the use of malicious software has been clarified. Conclusions. It was stated that the objects of research in the investigation of cybercrime include media or their clones or bit images; RAM dumps; log files; diagnostic utility report files; login settings; setting up diagnostic utilities; schemes of structure of automated systems and networks; hardware and software settings; email correspondence; source code of malicious programs and the most malicious programs, means of their development and administration. The peculiarities of the seizure of research objects within the framework of the investigation of cybercrimes, which consist in the fact that forensically significant information is seized both from the computers under attack and from the computers of the suspects, are highlighted. It should be borne in mind that cybercriminals, as a rule, try to hide the traces of a cyberattack on the attacked computer, and take «countercriminalistic» measures on their own computer. Scientific and applied recommendations for the preparation and appointment of forensic expertise in the framework of investigating cybercrimes have been developed, promising directions for expanding the possibilities of forensic expertise have been identified with a competent formulation of the questions that are posed for its solution.
Downloads
