|

Methodical bases of research of supposedly malicious software within the framework of forensic computer technical enquiry

Authors: Bayush A.A.
Published in issue: #5(34)/2019
DOI: 10.18698/2541-8009-2019-5-473


Category: Jurisprudence | Chapter: Criminal Law and Criminology

Keywords: forensic enquiry, forensic expert, expert evidence, special knowledge, forensic computer technical enquiry (FCTE), malicious software (malware), malware classification
Published: 14.05.2019

The main guidelines for the study of supposedly malicious software in the framework of forensic computer-technical enquiry (FCTE), designated by authorized bodies and officials, are considered. The method of expert research is determined, methodological bases (recommendations) of the research as a whole are given, a parallel is hold between the concepts of “virus” and “malware”. The general classification of modern malicious programs is presented and their general analysis is performed. The algorithm for the production of FCTE is described in the study of malicious software as a whole and its properties separately as an object of study for this forensic enquiry.


References

[1] Aver’yanova T.V., ed. Sudebnaya ekspertiza [Forensic enquiry]. Moscow, Norma Publ., 2006 (in Russ.).

[2] Usov A.I., ed. Proizvodstvo sudebnoy komp’yuterno-tekhnicheskoy ekspertizy. Ch. III. Spetsializirovannyy slovar’ komp’yuternoy leksiki dlya ekspertov sudebnoy komp’yuterno-tekhnicheskoy ekspertizy [Proceeding of computer forensic examination. P. III. Specialized of computer vocabulary for experts of computer forensic examination]. Moscow, RFTsSE pri Minyuste RF Publ., 2009 (in Russ.).

[3] Ugolovnyy kodeks RF ot 13.06.1996 № 63-FZ (red. ot 29.07.2017) [the Criminal Code of the Russian Federation of 13.06.1996 no. 63-FZ (ed. of 29.07.2017)]. Sobranie zakonodatel’stva RF [Official gazette], 17.06.1996, no. 25, art. 2954 (in Russ.).

[4] GOST R 57429-2017. Sudebnaya komp’yuterno-tekhnicheskaya ekspertiza: terminy i opredeleniya. Terminy i opredeleniya [State Standard R 57429-2017. Forensic Information technology examination. Terms and definitions]. Moscow, Standartinform Publ., 2017 (in Russ.).

[5] Eremenko S.P., Sapelkin A.I., Khitov S.B. Classification of malware. Vestnik Vestnik Sankt-Peterburgskogo universiteta GPS MChS Rossii, 2016, no. 3, pp. 55–61 (in Russ.).

[6] Usov A.I., ed. Proizvodstvo sudebnoy komp’yuterno-tekhnicheskoy ekspertizy. Ch. IV. Aktual’nye kompleksnye ekspertnye zadachi [Proceeding of computer forensic examination. P. IV. Current complex expert problems]. Moscow, RFTsSE pri Minyuste RF, 2011 (in Russ.).

[7] Vekhov V.B. Malware as a subject and tool of crime commission. Rassledovanie prestupleniy: problemy i puti ikh resheniya, 2015, no. 2(8), pp. 43–46 (in Russ.).

[8] Krivenok A.M. Using virtual machines for solving problem of detecting Trojan (or virus) traces at its execution at the PC. Teoriya i praktika sudebnoy ekspertizy, 2013, no. 3(31), pp. 53–55 (in Russ.).

[9] Karpukhina E.S., Sidorova A.K. research on malware at proceeding computer forensic examination. Teoriya i praktika sudebnoy ekspertizy, 2008, no. 3(11), pp. 127–136 (in Russ.).

[10] Usov A.I., red. Proizvodstvo sudebnoy komp’yuterno-tekhnicheskoy ekspertizy. Ch. I. Obshchaya chast’ II. Diagnosticheskie i identifikatsionnye issledovaniya apparatnykh sredstv [Proceeding of computer forensic examination. P. I. Main part II. Diagnostic and identity hardware study]. Moscow, RFTsSE pri Minyuste RF Publ., 2009 (in Russ.).

[11] Bayush A.A. [Conception, contents and meaning of forensic enquiry in conditions of nowdays clerical work]. Studencheskaya nauchnaya vesna, posvyashchennaya 165-letiyu so dnya rozhdeniya V.G. Shukhova. Sb. tez. dok. vseros. stud. konf. [Students science spring dedicated to 165 anniversary of Shukhov V.G. Coll. Abs. Russ. Stud. Conf.]. Moscow, Bauman MSTU Publ., 2018, pp. 181–182 (in Russ.).