Specifics of the organization and planning of the investigation of crimes committed with the malware

The number of cases of malicious computer programs in Russia has increased significantly over the past few years. The authors set out to establish the features of the organization and planning of the investigation of crimes of this type and to analyze the investigative activities in order to find ways to further improve the fight against computer crime. The purpose of the study is to determine the most promising areas of organizing and planning the investigation of crimes involving malware. The results of the study are expressed as follows:

1. At the stage of checking a crime report, where there is a high probability of malicious computer programs being used by the perpetrators, the investigator immediately establishes full control over the victim's computer equipment and access to his electronic accounts. The selection of explanations from the applicant, the examination of computer equipment and the appointment of a forensic computer-technical examination in order to establish the fact of infection with malware.

2. The focus of the investigator's actions is based on the promotion and verification of versions about the existence of a crime, the time of its commission, the establishment of harm to the applicant, the classification of malicious computer programs, the mechanism of infection of the victim's software and the methods of harming him. All this information is defined as the circumstances to be established for the initiation of a criminal case.

3. The tactical risks of organizing the investigation are the inability of the expert to classify the program as malicious in the presence of harm, as well as the use of a set of measures to anonymize the perpetrators of their actions, and even the unreliability of the information about the incident reported by the applicant himself.

4. The method of malware infection and the resulting traces depend on the model of interaction with the victim chosen by the criminals. Here you can find both the distribution of the program under the guise of a service, service, complementing other and expanding the capabilities of the computer, and the notification of the victim that the use of the program is illegal, but will bring him benefits from its use. In such cases, the investigator has to deal with organized, secret groups of criminals.

1. Aliev A.T. Proactive protection systems against malicious software // News of the Southern Federal University. Technical sciences. 2014. № 2. Pp. 26-33.

2. Kravets E.G., Shuvalov N.V. Complex of special knowledge necessary in the investigation of theft committed with the use of malicious computer programs // Legal science and law enforcement practice. 2020. № 3. Pp. 119-126.

3. Rossinskaya E.R. Theory of information and computer support of criminalistics activities: concept, system, basic laws // Bulletin of the East Siberian Institute of the Ministry of Internal Affairs of Russia. 2019. № 2. Pp. 193-202.

4. Rudenko A.V. Substantial logic of proof: monograph. M., 2016.

5. Ruchkin V.N., Fomin V.V. Modern technologies of virtualization for ensuring criminal security in the process of investigation // Informatics and Applied Mathematics. 2018. № 24. Pp. 112‒118.

6. The state of crime in the Russian Federation for January-December 2020: Official Website of the Ministry of Internal Affairs of the Russian Federation // URL https://мвд.рф/reports/item/22678184/

7. Trubchaninov A.V. Features of criminal case initiation and planning at the initial stage of investigation of crimes related to the creation, use and distribution of malicious computer programs // Bulletin of the Volgograd Academy of the Ministry of Internal Affairs of Russia. 2019. № 1. Pp. 153-159.

8. Hiray S., Ranveer S. Comparative Analysis of Feature Extraction Methods of Malware Detection // International Journal of Computer Applications. 2015. № 120 (5) // https://doi.org/10.5120/21220-3960

9. Iliev A., Kyurkchiev N., Rahnev A., Terzieva T. Some New Approaches for Modelling LargeScale Worm Spreading on the Internet // Neural, Parallel and Scientific Computation. 2019. № 1. Pp. 23‒34.

10. Karbab E.M.B., Debbabi M. MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports // Digital Investigation. 2019. Vol. 28. Pp. S77‒S87.

11. MadhuSudanan V., Geetha R. Dynamics of Epidemic Computer Virus Spreading Model with Delays // Wireless Personal Communications. 2020. https://doi.org/10.1007/s11277-020-07668-6.

12. Maimon D., Louderback E.R. Cyber-Dependent Crimes: An Interdisciplinary Review // Annual Review of Criminology. 2019. № 2. Pp. 191‒216.

13. Niveditha V.R., Ananthan T.V, Amudha S., Dahlia S., Srinidhi S. Detect and Classify Zero Day Malware Efficiently In Big Data Platform // International Journal of Advanced Science and Technology. 2020. Vol. 29. № 4s. Pp. 1947‒1954.

14. Singh A., Ikuesan A.R., Venter H.S. Digital Forensic Readiness Framework for Ransomware Investigation // ICDF2C 2018: Digital Forensics and Cyber Crime. 2018. Pp. 91‒105.

15. Souri A.A., Hosseini R. State-of-the-art survey of malware detection approaches using data mining techniques // Human-centric Computing and Information Sciences. 2018. № 8 // https://doi.org/10.1186/s13673-018-0125-x.

16. Zhang X., Li Y. Modelling and Analysis of Propagation Behavior of Computer Viruses with Nonlinear Countermeasure Probability and Infected Removable Storage Media // Discrete Dynamics in Nature and Society. 2020. // https://doi.org/10.1155/2020/8814319.