Topical issues of scientific and methodological support for the investigation of cyber incidents associated with the use of malicious software

Abstract

The article is devoted to the problems of information security and the fight against cybercrime. Attention is focused on the use of software specially designed or modified for implementation of cyberattacks, which, according to the formulations of the current legislation, falls under the definition of «malicious program». The article examines the most well-known cases of large-scale cyberattacks in Ukraine, analyzes the course of these attacks and the destructive effectiveness of malicious software. The importance of forensic expertise support of the investigation of cyber incidents in terms of research of malicious software is substantiated. The need for proper scientific and methodological support of the above forensic expertise research is noted. The state of scientific and methodological support of forensic expertise researches of malicious software is analyzed, chronological description of the development and implementation of scientific and methodological materials for expertise during the investigation of cyber incidents related to the use of malicious software is presented. Problematic points in the study of malicious software are indicated. The limits of the forensic expert's competence are outlined and the impossibility to determine the program's affiliation to malicious software by a purely expert basis is substantiated. The classification of malicious software proposed in the methodical recommendations is given in an abbreviated form. A comparative analysis is conducted and the advantages of the methodological recommendations of the Security Service of Ukraine are specified, both in training and certification of forensic experts, and actually during conducting of malicious software expert researches.