Topical issues of scientific and methodological support for the investigation of cyber incidents associated with the use of malicious software

Collection of Ukrainian Research Institute of Special Equipment and Forensic Expertise of the Security Service OF Ukraine Pub Date : 2021-01-28 DOI:10.54658/ssu.27097978.2021.1.pp.55-64

Yu. Nizovtsev, Oleg A. Parfylo

{"title":"Topical issues of scientific and methodological support for the investigation of\ncyber incidents associated with the use of malicious software","authors":"Yu. Nizovtsev, Oleg A. Parfylo","doi":"10.54658/ssu.27097978.2021.1.pp.55-64","DOIUrl":null,"url":null,"abstract":"The article is devoted to the problems of information security and the fight against\ncybercrime. Attention is focused on the use of software specially designed or modified for\nimplementation of cyberattacks, which, according to the formulations of the current\nlegislation, falls under the definition of «malicious program».\nThe article examines the most well-known cases of large-scale cyberattacks in\nUkraine, analyzes the course of these attacks and the destructive effectiveness of\nmalicious software.\nThe importance of forensic expertise support of the investigation of cyber incidents\nin terms of research of malicious software is substantiated. The need for proper scientific\nand methodological support of the above forensic expertise research is noted.\nThe state of scientific and methodological support of forensic expertise researches\nof malicious software is analyzed, chronological description of the development and\nimplementation of scientific and methodological materials for expertise during the\ninvestigation of cyber incidents related to the use of malicious software is presented.\nProblematic points in the study of malicious software are indicated. The limits of the\nforensic expert's competence are outlined and the impossibility to determine the\nprogram's affiliation to malicious software by a purely expert basis is substantiated. The\nclassification of malicious software proposed in the methodical recommendations is given\nin an abbreviated form.\nA comparative analysis is conducted and the advantages of the methodological\nrecommendations of the Security Service of Ukraine are specified, both in training and\ncertification of forensic experts, and actually during conducting of malicious software\nexpert researches.","PeriodicalId":427922,"journal":{"name":"Collection of Ukrainian Research Institute of Special Equipment and Forensic Expertise of the Security Service OF Ukraine","volume":"106 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Collection of Ukrainian Research Institute of Special Equipment and Forensic Expertise of the Security Service OF Ukraine","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54658/ssu.27097978.2021.1.pp.55-64","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The article is devoted to the problems of information security and the fight against cybercrime. Attention is focused on the use of software specially designed or modified for implementation of cyberattacks, which, according to the formulations of the current legislation, falls under the definition of «malicious program». The article examines the most well-known cases of large-scale cyberattacks in Ukraine, analyzes the course of these attacks and the destructive effectiveness of malicious software. The importance of forensic expertise support of the investigation of cyber incidents in terms of research of malicious software is substantiated. The need for proper scientific and methodological support of the above forensic expertise research is noted. The state of scientific and methodological support of forensic expertise researches of malicious software is analyzed, chronological description of the development and implementation of scientific and methodological materials for expertise during the investigation of cyber incidents related to the use of malicious software is presented. Problematic points in the study of malicious software are indicated. The limits of the forensic expert's competence are outlined and the impossibility to determine the program's affiliation to malicious software by a purely expert basis is substantiated. The classification of malicious software proposed in the methodical recommendations is given in an abbreviated form. A comparative analysis is conducted and the advantages of the methodological recommendations of the Security Service of Ukraine are specified, both in training and certification of forensic experts, and actually during conducting of malicious software expert researches.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

为调查与使用恶意软件有关的网络事件提供科学和方法支持的专题问题

这篇文章专门讨论信息安全和打击网络犯罪的问题。关注的重点是使用专门设计或修改的软件来实施网络攻击，根据现行立法的规定，这属于“恶意程序”的定义。本文研究了乌克兰最著名的大规模网络攻击案例，分析了这些攻击的过程和恶意软件的破坏性效果。在恶意软件研究方面，法医专业知识支持网络事件调查的重要性得到了证实。注意到上述法医鉴定研究需要适当的科学和方法支持。分析了恶意软件司法鉴定研究的科学和方法支持状况，按时间顺序描述了在调查与使用恶意软件相关的网络事件期间，科学和方法材料的开发和实施。指出了恶意软件研究中存在的问题。概述了法医专家能力的限制，并证实了纯粹的专家基础无法确定程序与恶意软件的关联。在系统建议中提出的恶意软件分类以缩写形式给出。本文进行了比较分析，并指出了乌克兰安全局在法医专家的培训和认证以及恶意软件专家研究方面的方法建议的优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Collection of Ukrainian Research Institute of Special Equipment and Forensic Expertise of the Security Service OF Ukraine

自引率

0.00%

发文量