Specifics of the organization and planning of the investigation of crimes committed with the malware

Abstract

The number of cases of malicious computer programs in Russia has increased significantly over the past few years. The authors set out to establish the features of the organization and planning of the investigation of crimes of this type and to analyze the investigative activities in order to find ways to further improve the fight against computer crime. The purpose of the study is to determine the most promising areas of organizing and planning the investigation of crimes involving malware. The results of the study are expressed as follows: 1. At the stage of checking a crime report, where there is a high probability of malicious computer programs being used by the perpetrators, the investigator immediately establishes full control over the victim's computer equipment and access to his electronic accounts. The selection of explanations from the applicant, the examination of computer equipment and the appointment of a forensic computer-technical examination in order to establish the fact of infection with malware. 2. The focus of the investigator's actions is based on the promotion and verification of versions about the existence of a crime, the time of its commission, the establishment of harm to the applicant, the classification of malicious computer programs, the mechanism of infection of the victim's software and the methods of harming him. All this information is defined as the circumstances to be established for the initiation of a criminal case. 3. The tactical risks of organizing the investigation are the inability of the expert to classify the program as malicious in the presence of harm, as well as the use of a set of measures to anonymize the perpetrators of their actions, and even the unreliability of the information about the incident reported by the applicant himself. 4. The method of malware infection and the resulting traces depend on the model of interaction with the victim chosen by the criminals. Here you can find both the distribution of the program under the guise of a service, service, complementing other and expanding the capabilities of the computer, and the notification of the victim that the use of the program is illegal, but will bring him benefits from its use. In such cases, the investigator has to deal with organized, secret groups of criminals.