CC BY
0PPSUTLSC-2024
PRACTICAL PROBLEMS AND SOLUTIONS TO THE USE OF THEORETICAL LAWS IN THE SCIENCES OF THE 2IST CENTURY
tashkent, o-8 MAv 2004 www.in~academy.uz
PROSPECTS FOR THE DEVELOPMENT OF DIGITAL FORENSICS IN ENSURING INFORMATION SECURITY
Murodbek Melikuziev 1, Rustambek Melikuziev2, Iskhakov Akmaljon3 and Otabek Abdirizikov4
1Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Amir TemurStr 108, Tashkent 100202, Uzbekistan 2University of Tashkent for applied sciences, Gavhar Str. 1, 100149 Tashkent, Uzbekistan 3,4Military Institute of Information Communication Technologies and Communication, Kuyoshli fortress, Tashkent 100202, Uzbekistan melikuziyevmurodbek7@gmail.com, rustam.timur4323@gmail.com, iskhakovaodina87@mail.ru
https://doi.org/10.5281/zenodo.13358875 Forensics of the 21st century is developing in the conditions of informatization and digitalization. The patterns included in the subject of criminology are subject to transformation under the influence of factors of objective reality. In accordance with this, the article reflects the search for answers to questions about the admissibility of using the term "digital forensics" in science, its meaning and content. This article provides information on the prospects for the development of digital forensics, a currently developing industry in the prevention and detection of cybercrimes, as well as an analysis of the work carried out in this direction. The article also describes the reforms being carried out in the country to develop the field of digital forensics, the concepts being promoted and an analysis of the work being done in this area.
Digital forensics, forensics in the era of digitalization, digitalization of forensic activities, digital forensics, information security, cyber-attacks, ping testing, data access, access monitoring, information trail, hacking, information income, information security laws, cybersecurity system.
Abstract:
Keywords:
1 INTRODUCTION
The scientific approaches of scientists to the concept of "digital forensics" are analyzed and their classification is carried out. The position of scientists is supported who do not allow the separation of various forensic sciences in the scientific aspect depending on the scope of application or the technologies used, including the separation of "digital forensics" and consideration of its provisions separately from other structural elements. At the same time, by analogy with the legislative terms "digital economy", "information society" and others, criminology can be called digital, but we are not talking about a new science or a separate part of it, but about understanding its provisions in modern conditions and determining development prospects. Conclusions are drawn about the need for the broadest possible understanding of digital forensics and consideration from the perspective of digitalization of the entire subject of forensic science, all forensic teachings, all sections and subsections of science. However, from the perspective of a formal approach, it is more accurate to speak not about digital forensics, but about forensics in the era of digitalization.
The forensic science of the 21st century is certainly different from the forensic science of the 19th century. And the point is not in the number of scientific works written during this time, not in the transformation of methods of criminal attacks, not in the fundamentally
different technical capabilities of the subjects of detection and investigation of crimes, not in the change in the structure of science, although all this and much more, naturally, leaves its mark.
The main difference is due to the environment in which the recommendations developed by science find their practical implementation. It is she who determines which scientific provisions are recognized as valid and modern, and which ones are irretrievably outdated. And this does not always depend on the amount of time that has passed since the creation of a particular scientific proposal, the statement of a fact, the justification of a theoretical structure, etc. From the perspective of today, the provisions set forth in both 1900 and 2000 can be considered equally archaic, although between them there is a whole century full of upheavals, discoveries, world wars and local conflicts, changes in social guidelines, creation and destruction states, changes in legal regulation of social relations. All these factors, of course, influenced both criminal activity and the forensic activities of authorized subjects, and all this was reflected in the theoretical provisions developed by forensic scientists and in practical recommendations created throughout the existence of science.
"¿J PPSUTLSC-2024
. -.(¡.¿if.I PRACTICAL PROBLEMS AND SOLUTIONS TO THE USE OF THEORETICAL LAWS IN THE SCIENCES Of THE 21ST CENTURY
TASHKENT. 0-8 MAY 2024
2 THE ROLE AND IMPORTANCE OF DIGITAL CRIME ANALYSIS IN ENSURING INFORMATION SECURITY
The modern realities of the development of society in the conditions of the fourth stage of the scientific and technological revolution cannot but be taken into account when analyzing the criminological provisions of today, and, even more so, when determining the vectors of development of criminology of the future.
Among the main factors that have a global impact on society as a whole, on the structure of crime and on the activities of law enforcement agencies to combat it, the widespread dissemination of information and digital technologies should be mentioned. They permeate all the most significant spheres of activity of society and the state; they have become an integral part of the life of each of us.
Today everyone hears "digital television", "digital economy",
digitalization of politics, digital technologies in various spheres of public and government life.
Resolution No. PQ-357 of the President of the Republic of Uzbekistan "On measures to bring the sphere of information and communication technologies to a new level in 2022-2023" and "Expert criminological activities of internal affairs bodies should be based on the achievements of modern science In decision PQ-122 dated February 8 2022 "On measures for further improvement with widespread implementation" to accelerate the implementation of digital technologies in the Republic of Uzbekistan, in the conditions of rapid scientific, technical and socioeconomic development, tasks were identified. Also, by Decree of the President of the Republic of Uzbekistan No. 257, on the basis of the Academy of Law Enforcement Agencies of the Republic of Uzbekistan, the activities of the Scientific and Methodological Center for Digital Forensics were established.
"In the coming decades, all industries, markets, and activities will be reoriented in accordance with the requirements of new digital economic models. Technologies of big data, machine learning, distributed registries, robotics, smart things, virtual and augmented reality, wireless communications and many others, including those that visionaries are only talking about, based on the unconditional and large-scale use of digital data sets, determine our immediate and distant future is already today.
The large-scale transition to digital cannot be stopped. Simply because it is valuable for the consumer, beneficial for business, and significant for the regulator. The value of digital solutions is increasing, and the cost of obtaining them is decreasing. Digitization is
www.in-academy.uz
gradually unfolding from the very "bottom" - from individual objects, and to the very "top" - to the digital ecosystem and to the digital twin of a person in the ecosystem" [1].
Digital transformation affects absolutely everything, and, of course, the field of forensic work does not remain unchanged.
The general trend of digitalization is reflected in the topics of scientific conferences, forensic studies and publications.
What is meant by digital forensics? How successful can this term be considered? Is it acceptable to use it in science?
We will express our own opinion on these and other questions related to the designated research topic.
Having analyzed modern approaches to the concept of "digital forensics" (and its synonyms - "cyber forensics", "electronic forensics", "computer forensics"), we can state that scientists consider this concept from different positions.
First, digital forensics is seen as part of science of criminology, and here we can distinguish narrow and broad aspects.
So, S.Y. Skobelin, highlighting the narrow and broad areas of digital forensics, nevertheless, in our opinion, uses in both the first and second cases a narrow approach to understanding the term "digital forensics": "In the narrow direction - this is the prevention, detection and investigation of crimes themselves in the field of computer information. These crimes, the creation, use and distribution of malicious computer programs, are often predicate for committing (or concealing) other crimes: theft, distribution of extremist materials, falsification of voting results, etc. In a broad direction - combating cybercrime (in the field of information technology), that is, not only the crimes mentioned above, but also those committed using computer and telecommunication technologies (usually the Internet)" [3, p. 42-44].
Despite the fact that this, according to S.Y.Skobelin, the main directions of digital forensics, which means others can be distinguished, but among the main ones, we believe, should be named, for example, provisions related to the use of information technologies in forensic activities.
On the contrary, V.G.Grib and O.I. Tunisia refers to digital forensics only as "the use of... means and methods based on the use of information, digital technologies," and speaks of them as part forensic technology[4, p. 9-12].
Here we would call the broadest approach of A.N. Yakovlev, who formulated the following concept of digital forensics (as the scientist himself points out,
PPSUTLSC-2024
PRACTICAL PROBLEMS AND SOLUTIONS TO THE USE OF THEORETICAL LAWS IN THE SCIENCES OF THE 2IST CENTURY
TASHKENT, 0-8 MAY 2004 WW W. ¡П "Э СЭС^ГПу . U Z
based on the classical concept given by O.Ya.Baev): "this is that new knowledge in forensics that is based on understanding the features of the functioning of modern information and communication technologies and is used to identify criminal -relevant patterns:
■ criminal activity aimed at preventing the normal functioning of information systems, their components or activities aimed at using the latter as a tool for committing other crimes;
■ creation, modification, transmission, deletion of information on electronic media, in information and telecommunication networks, virtual space related to the preparation, commission, concealment of crimes;
■ collecting digital information with the implementation of technical procedures to ensure its legal significance;
■ research of digital information stored in individual information objects, as well as in the information environment of an electronic storage medium;
■ assessing the results obtained, correlating them with the actions of the subject and using them to qualify a criminal act;
■ integration of digital evidence into the system of existing evidence in compliance with the procedural form of their receipt"[5, p. 357-362].
3 ANALYSIS OF RESEARCH IN THE FIELD OF DIGITAL FORENSICS
The content of digital forensics "as a relatively independent and specific direction in the development of forensic science", presented by V.A., deserves close attention. Meshcheryakov, who can rightfully be considered one of the "discoverers" of this trend in science. However, we cannot completely agree with the scientist's cited opinion, doubting the advisability of building a digital forensics system in isolation from the system of science as a whole. They highlight sections similar to "traditional" criminology, and outline the structure of each of them:
■ Introduction to Digital Forensics;
■ Equipment and technology of digital forensics;
■ Digital forensics tactics;
■ Methodology for investigating certain types of crimes in the field of information and communication technologies [6, p. 231-241].
It is in this understanding that we believe that the department of "Digital Forensics" (MSTU named after N.E. Bauman) was formed, providing training in the direction 40.05.03 "Forensic computer technology expertise".
As we can see, the part of science that is mainly attributed to digital forensics is associated by authors
who consider it from this position with the investigation of a certain group of crimes and the use of information and digital technologies. This is, of course, true, but we believe that digital forensics is not limited to this.
Secondly, in modern science the phrase "digital forensics" is used when considering the corresponding private forensic theory. Variants of the name of the theory (in the aspect under consideration) are computer forensics (P.S. Pastukhov [7]), electronic digital forensics (A.B. Smushkin [8]), and others.
V.B. Vekhov, defending the use of the term "electronic forensics," defines it "as a system of scientific provisions on the basis of which technical and forensic tools, special techniques, methods and recommendations aimed at detection, recording, preliminary and forensic research, as well as on the use of computer information, means of processing and protecting it for the purpose of disclosing, investigating and preventing crimes. In its structure, it seems possible to identify the following system elements:
■ forensic science of computer information;
■ forensic examination of computer devices, information systems and information and telecommunication networks;
■ forensic use of computer information, means of processing and protecting it" [9, p. 89 - 93].
Differences in teaching do not object to the existence of the proposed V.B. Vekhov teachings, considers it as part of the private forensic theory of information and computer support for forensic activities that she is developing [10, p. 193-202]. In general, an analysis of the system of this theory allows us to note that its provisions apply to all sections of criminology. But at the same time, he speaks negatively regarding the terms "electronic" forensics and others ("linguistic criminology", "economic criminology"), rightfully declaring that "criminology is one! This is a science that has its own subject, system, tasks, objects and patterns. For its development there is no need or reason to change the name" [10, p. 196].
We fully share the point of view on distinguishing different forensic sciences, and we summarize that with a strictly formal approach it is impossible to equate the use of the phrases "future forensics" (or "modern forensics") and "digital forensics".
To be fair, it should be noted that in science there are also opponents of the separation, isolation of digital forensics as its individual structural elements or the creation of an appropriate doctrine (theory). These include V.N. Karagodin, who speaks critically regarding the expansion of the object and subject of criminology, and also does not support "the proposal to develop a forensic doctrine of computer information or "electronic
"¿J PPSUTLSC-2024
. -.(¡.¿if.I PRACTICAL PROBLEMS AND SOLUTIONS TO THE USE OF THEORETICAL LAWS IN THE SCIENCES Of THE 2IST CENTURY
TASHKENT. 0-8 MAY 2024
forensics"" [11, p. 115-119]. We do not completely share this approach, believing that theoretical criminological constructs must be transformed, adjusted to the modern realities of life in order not to lag behind and not to break away from it.
The subject of criminology, despite the unchanged basis of its basis, is exposed to objective factors, and is gradually transformed, including new patterns, covering new concepts, categories, actions, and abandoning the use of outdated recommendations. But the name of the science "forensics" remains unchanged, regardless of the scope of its application or the technologies used in it.
In our opinion, the term "digital forensics" is still acceptable to use in science by analogy with the terms "digital economy", "information society" and others used in regulations.
Similar - the interpretation implies the use of digital and information technologies, but not the emergence of new concepts. At the same time, the concept of digital forensics should be considered as broadly as possible, taking into account the digitalization of all phenomena and processes included in the subject of forensics, and not just the detection and investigation of computer crimes and the use of technical and forensic tools based on digital technologies.
Thus, E.P. considers digital forensics from a broader perspective. Ishchenko, saying that it marks "the transition from an analog representation of information to a discrete - digital one, which allows one to mathematize all processes occurring in reality, as well as reflect the specifics of traditional crimes when they are committed using the latest information and telecommunication technologies" [12, p. .15].
Yu.V. writes about the influence of digital technologies on the development of traditional private forensic theories and teachings in the context of digitalization. Gavrilin. He outlined the trends in the development of the theory of identification, the theory of forensic forecasting, the doctrine of traces, forensic tactics and methods for investigating certain types of crimes in the conditions of the information society [13, p. 65-72].
We propose to approach this concept even more broadly, to consider from the perspective of digitalization, as indicated above, the entire subject of forensic science, all forensic teachings, all sections and subsections of science. Information technologies, building into our everyday reality, affect all components of the subject of forensic science. Criminal activity is also changing, and not only in terms of the emergence of new acts that encroach on the objects of criminal legal protection, but the methods of committing
www.in-academy.uz
"traditional" crimes are changing, including methods of preparing and concealing crimes with the help of information technology. Aspects of the forensic activities of subjects of investigation, using in practice achievements in the field of digitalization, are changing. 4 CONCLUSIONS
Based on the analysis obtained, let's take the forensic study of personality - under the influence of digitalization, personality properties change (in particular, thinking, speech, memory properties, etc.), methods of recording information about a person, capturing appearance, the nature of actions both when committing a crime and when his investigation. Accordingly, forensic recommendations based on forensically significant personal information are changing. At the same time, in none of the approaches to the concept and system of digital forensics did we see a reflection of the designated and other personal data.
Thus, digital forensics, according to the author, reflects the specifics of the current stage and future development of forensics in conditions of digitalization, and manifests itself in the transformation of the subject of criminology under the influence of objective factors. However, from the perspective of a formal approach, it is more accurate to speak not about digital forensics, but about forensics in the era of digitalization
REFERENCES
[1] Resolution of the President of the Republic of Uzbekistan dated February 8, 2022 No. PQ-122 "On measures to further improve the expert criminological activities of internal affairs bodies with the widespread introduction of modern scientific achievements."
[2] Resolution of the President of the Republic of Uzbekistan PQ-357 dated August 22, 2022 "On measures to bring the sphere of information and communication technologies to a new stage in 2022-2023."
[3] Skobelin S.Yu. Digital forensics: object and directions of development // Russian investigator. 2020. No. 4. P. 42 - 44.
[4] Grib V.G., Tyunis I.O. Forensics and digital technologies // Russian investigator. 2019. No. 4. P. 9 - 12.
[5] Yakovlev A.N. Digital forensics and its importance for the investigation of crimes in the modern information society //
[6] Improving investigative activities in the conditions of informatization: collection. materials international scientific-practical conf. (Minsk, April 12-13, 2018) / Investigative Committee of the Republic of Belarus; editor: S.Ya. Azemsha [and others].
[7] Minsk: Editorial office of the journal "Industrial and Trade Law", 2018. pp. 357-362.
[8] Meshcheryakov V.A. Digital forensics // Criminologist Library. 2014. No. 4 (15). pp. 231-241.
PPSUTLSC-2024
PRACTICAL PROBLEMS AND SOLUTIONS TO THE USE OF THEORETICAL LAWS IN THE SCIENCES OF THE 2IST CENTURY
TASHKENT.MM.Y20M WWW.in-aCademy.UZ
[9] Pastukhov P.S. On the need to develop computer forensics // Perm Legal Almanac. Annual scientific journal. 2018. No. 1. P. 479-488.
[10] Smushkin A. B. On the issue of the name of the theory "Electronic digital forensics" // Problems of criminal process, criminology
[11] and forensics. 2019. No. 1 (13). pp. 15-21.
[12] Vekhov V. B. Electronic forensics: main directions of development // I Minsk Forensic Readings: materials of the International Scientific and Practical Conference (Minsk, December 20, 2018): at 2 o'clock. Minsk: Educational Institution "Academy of the Ministry of Internal Affairs of the Republic of Belarus" ", 2018. Part 1. pp. 89 - 93.
[13] Rossinskaya E.R. The theory of information and computer support for forensic activities: concept, system, basic patterns // Bulletin of the East Siberian Institute of the Ministry of Internal Affairs of Russia. 2019. 2(89). P.193-202.
[14] Karagodin V. N. Research of computer information processes in the structure of the science of criminology // Forensics in the conditions of development of the information society (59th annual forensic readings) [Electronic resource]: collection of articles of the International Scientific and Practical Conference. M.: Academy of Management of the Ministry of Internal Affairs of Russia, 2018. P.115-119.
[1] Ishchenko E.P. At the origins of digital forensics // Bulletin of the University named after O.E. Kutafina (MSAL). 2018. No. 3. P. 15-28.
