Automated workplace for performing criminalistic reviews of electronic information carriers

FIELD: criminalistics and forensic examination.

SUBSTANCE: automated workplace consists of stand for researching electronic information carriers and personal computer. Stand featured in invention consists of controllable commutation device, ensuring possible mating of electronic information carrier and personal computer, and a source of controllable voltage. Controllable commutation device has m+n inputs/outputs and is represented by a set of m·n controlled rectifying cells, forming a commutation matrix of m×n dimensions, connecting 1÷m and (m+1)÷(m+n) inputs/outputs, while m=k+1, numbers k and n corresponding to maximal values of numbers of contacts of sockets of personal computer and electronic information carrier, respectively. Controllable rectifying cell is in turn represented by device, providing controllable capability of one-direction commutation with controllable transfer coefficient.

EFFECT: no limitations on types of electronic information carriers being connected, increased quality and speed of reviews of electronic information carriers, in other words, suggested automated workplace allows highly reliable fast access to information, stored in memory of electronic information carrier received for review, while quantitative and qualitative characteristics of electronic information carriers are not changed.

3 dwg

 

The proposed automated station (AWS) relates to the field of criminalistics and forensic expertise, namely the use of electronic means to improve the efficiency and objectivity of expertise and expert studies electronic media by automating a number of operations.

The proposed APM allows with high reliability to quickly access information stored in the memory admitted to a forensic examination of electronic media (ENI), with quantitative and qualitative characteristics of ENI does not change, which is crucial to ensure the validity of the results of forensic examination.

One of the genera of forensic examination is computer-technical expertise (CED). At this stage of development, CED - separate genus forensic examinations related to class engineering expertise and conducted in order to: determine the status of the object as computer tools, identifying and examining its trace pattern in the investigated crime, as well as access to computer information on ENI followed its comprehensive study. These goals are represented by generic tasks CED [1].

The process of gathering evidence of crimes involving computer use, the situations funds includes, first of all, detection, capture and seizure of computer data. Tactics of investigative actions on the disclosure and investigation of crimes in the present case are inextricably and directly depends on special tools and instruments. These technical tools should be used for searching and preliminary studies ENI, which may subsequently acquire the status of the evidence. Devices, apparatus, equipment, tools, facilities, used for the collection and examination of evidence in proceedings, usually denoted as "forensic engineering".

The primary basis of the considered class forensic technology consists of hardware and software tools, tricks and techniques from such fields of science and technology, as computer technology and programming, radio engineering and electronics, computing, and telecommunications, cryptography and information security.

Gradually forensic technique is replenished tools, techniques and methods specifically designed for research purposes and solving crimes in the sphere of computer information.

At the moment the typical technical and forensic equipment collecting computer information are the trail of the existing tools [2]:

- portable personal computer (IBM-compatible), with sufficient speed and memory, capable preliminary full physical copy of the investigated media (including hard drives) pin Winchester suitable container (often removable variant);

- installed on the specified PC operating system Windows 98 (2000) with a set of system and application utilities (such as Norton System Work); the file managers (including support for MS DOS sessions), advanced application software (MS Office, graphics (PhotoShop, Corel-Draw), etc.;

- set of blank 3.5" floppy;

- the CD-RW for CD-ROMs;

- set a blank CD-R;

- the necessary cables mates (including the null-modem cable);

- a set of floppy disks (boot and service utilities) to determine the configuration of the studied personal computer, its characteristics;

- a set of floppy disks with the programs of viral diagnostics;

packing material rigid boxes for packing seized system blocks and data carriers; anti-static bags for the data carriers, plastic bags and canvas bags; paper for sealing connectors, glue, sticky tape;

- tools - electronic tester, screwdrivers, pliers, etc. (for example, to stop the s connectors, opening the casings system units, removal of the hard disk).

The stated positions relate to only one type of objects computer tools - IBM-compatible computers and typical ENI to them. At the same time, the diversity of hardware and software of modern information technologies requires the development of similar approaches to other possible objects of research (computer network, telecommunications and communications, personal use (electronic organizers, pagers) etc)of interest to the investigation.

Funds research information stored in electronic form must provide [3]:

- technical ability to access the information contained in the object of study (computer hard disks, floppy disks, magneto-optical disks, tapes of streamers, optical disks, flash memory or other data storage media);

- fixing information, without destroying it and without changing the object of study (for example, on the hard drives of the lab computers, recordable optical disks);

- convert the information into a form comprehensible by the expert (software for search and information visualization).

These tasks are solved together technical and software security research.

the thus, the we can conclude that the method of solving any problem in computer-technical expertise will need to be updated when a new generation of hardware or new versions of the software [4, 5].

Due to the presence of highly skilled professionals in a number of the leading expert organizations practiced technology in practical operation for conducting forensic examinations ENI. For this, we apply a set of specific non-standard work, designed and developed the appropriate tools.

The result of these works are workstation (software or hardware-software systems) for all specific types of work.

Methodological developments and automation, accumulating knowledge and experience unique highly skilled professionals help to improve the level of decision issues KTE small forces on the ground by assigning these tasks, small group or individual staff experts.

One such workstation is a system SCAN.

Workstation SCAN for conducting forensics is a specialized software and hardware complex for automation of activity of the expert and his workplace at CED.

The technical part to the Plex represents:

- stand for research of the information carriers,

- PC for processing survey data and preparation of expert reports.

Software part of the system consists of a set of General and special software (OMO and SMO).

As SMO is used "Professional system for solving Search tasks and Logical Analysis of computer media" ("SCAN").

Arm "SCAN" is selected as a prototype.

The main disadvantage of the prototype is the inability to connect ANY new types introduced after its creation, and the impossibility of its modernization to eliminate this drawback due to the limited number of codes of the trap corresponding to the maximum number of connected external devices.

An object of the invention is the removal of restrictions on the types of connected ANE.

Because modern ENI different standards used interfaces and systems teams to create a workstation that allows examination of any ANE on the basis of the standard access devices and pairing required a large set of such devices, in addition, the use of standard equipment makes no warranty that the quantitative and qualitative characteristics of ENI will not change, which is crucial to ensure lawful si is s the results of forensic examination.

Thus:

- preparing the workstation to the examination of specific ENI may require changes its configuration (which can lead to significant consumption of time);

- the creation of a complete set of standard access devices and pairing is associated with significant financial costs;

- the need to adopt measures to modernize the standard access devices and pairing to exclude the possibility of modification of the quantitative and qualitative characteristics of ENI requires appropriate qualification of the expert.

Therefore, the second objective of the invention is to improve the quality and efficiency of examination ENI.

The problem is solved in that arm for conducting forensic examinations ENI consists of:

- universal stand for research ENI;

- PC 1 for the preparation and storage guidelines, processing of survey data and preparation of expert opinions (see figure 1).

Universal stand for research of ENI represents a set of managed switching devices (UCF) 2, providing the possibility of pairing ENI and PC 1 information on tyres and tyre management (the term "pair" means providing electrical connections and coordination of signal levels), and source reguliruemoj the voltage (IRN) 3, to ensure food UCF and ENI (through UCF), (see figure 1).

UCF has 2 m+n inputs/outputs (BB) and is a set of m·n controllable valves (HC) 4, forming a switch matrix of dimension m×n, connecting 1÷m and (m+1)÷(m+n) BB (see figure 2) so that each i-th CENTURIES (i∈{1, m}) is connected with the j-th CENTURIES (j∈{m+1, m+n}) by HC 4.ij. Thus m=k+1, k and n correspond to the maximum values of the number of connector pins PC and ENI, respectively.

HC 4 is designed to allow pairing ENI and PC 1 information on tyres and tyre management, and enable supply of electric power from IRN to ENI.

HC 4 consists of two controllable amplifiers (SU) 5 and 8, and two unmanaged valves (NUV) 6 and 7, and outputs the SU 5 and 8 are connected to the inputs NUV 6 and 7, respectively, and outputs NUV 6 and 7 are connected to the inputs of the SU 8 and 5, respectively. The point of connection of the inputs CU and outputs NUV serve as inputs/outputs HC 4 (see figure 3).

IRN 3 is the power supply that enables the formation voltage, the value of which is not less than required to supply ANY.

The principle of the workstation consists of the following. Each contact of the connector of the PC 1 is connected with the i-th CENTURIES (i∈{1, k}) UCF 2. Each contact of the connector ENI is connected with the j-th CENTURIES (j∈{m+1, m+n}) UCF 2. Output IRN 3 is otkluchaetsia to m-th CENTURIES UCF 2. All SU 8 m-th channel UCF 2, channels connected to the connector of the PC 1, which is the output, and channels that are connected to the contacts of the connector ENI, which inputs are set to zero gain (output SU 8 constant zero potential). All SU 5 m-th channel UCF 2, channels connected to the connector of the PC 1, which is the input channels connected to the contacts of the connector ENI, which outputs are set to the specified gain level (ensuring the coordination of input and output signal levels of the PC and ENI).

Arm can be used in two modes:

1) research mode;

2) the mode of conducting forensics ENI.

In research mode, making all connections and establish the necessary levels of stress is a highly qualified professional based on the study of the technical characteristics and features of ENI. The results are recorded in the form of guidelines posted in the PC 1.

In the mode of conducting forensics ENI after making all connections and establish the necessary levels of stress (in accordance with the methodological guidelines) is reading information from the memory of the ANE shape the image of ENI in the PC 1 (operational or long-term, for example, W is the harsh conditions of the magnetic disk).

After the formation of the image ENI UCF 2 is turned off and is disconnected from ENI UCF 2.

Further comprehensive research is carried out when working with image ENI.

The proposed workstation can be used for all kinds of ENI, however, that the problem of access to information the most difficult to resolve for ENI, which is not directly intended for use as an external device PC, of particular importance is the practical solution for such devices (e.g., electronic organizers and notebooks, pocket translators, speed controllers, GPS receivers, and other).

References

1 Subaha B.C., Usov A.I., Saenko, GV, wolf GA, S.L., White, Semikolenova A.I. General provisions on the appointment and the production of computer-technical expertise: Methodical recommendations. - M.: state forensic science center of the Russian interior Ministry, 2000. - 65 C., 6 ill., the bibliography., ADJ.

2 Sheludchenko VI Technical-forensic tools and methods of collecting computer information systems // Materials of all-Russian interdepartmental seminar. - Belgorod: the Ministry of internal Affairs of the Russian Federation, 2002. - P.205-207.

3 ALEXANDER Kopytin, Marshall astray freight, Fedotov ET forensics PC // Materials of all-Russian interdepartmental seminar. - Kazan: the Ministry of internal Affairs of the Republic of Tatarstan, 2004. - S

4 Icov D., Seeger K., Popstar U. Computer crimes. Install the rotary to combat computer crime. TRANS. from English. Vigorovea and Hon. - M.: Mir, 1999.

5 Semenov, N.V., Motus O.V. Forensic cyber examination instrument in the fight against crime XXI century // data Protection, fiduciary, 1999, 1-2.

Automated workplace for conducting forensic examinations of electronic media, consisting of a test facility for the investigation of electronic media and the PC 1 for the processing of survey data and preparation of expert opinions, characterized in that the test facility for the investigation of electronic media is universal, consisting of a controlled switching device 2 that enables the coupling of electronic media and PC (1) information on tyres and tyre management, and variable voltage source (3), the managed communication device (2) has m+n inputs/outputs and is a set of m·n controllable valves (4)forming a switch matrix of dimension m·n, connecting 1÷m and (m+1)÷(m+n) inputs/outputs so that each i-th input/output (i∈{1,m}) is connected to the j-th input/output (j∈{m+1, m+n}) by means of a controlled valve (4.ij), when this m=k+1, k and n correspond to the maximum values of the number of pins of the PC (1) and electronic media according to the public; in turn, controlled by valve (4) consists of two controllable amplifiers (SU) (5, 8)and two uncontrolled valves (NUV) (6, 7), and outputs controlled amplifiers (5, 8) are connected to the inputs unmanaged valves (6, 7) respectively, the outputs unmanaged valves (6, 7) are connected with the inputs of the controllable amplifiers (8, 5), respectively, and the point of connection of the inputs of the controllable amplifiers and outputs unmanaged gates are the inputs/outputs controllable valves (4); output source the regulated voltage is connected to the m-th input of the control switching device (2), 1÷k inputs/outputs controlled switching device (2) connected to contacts of the connector of the PC (1), (m+1)÷(m+n) inputs/outputs controlled switching device (2) connected to contacts of the connector of the electronic media.



 

Same patents:

FIELD: informatics; computer technology.

SUBSTANCE: device can be used for soling tasks of composing dictionaries, manual as well as for creation of new databases. Device has entrance memory unit, processed words memory unit, unit for analyzing search, substitution memory unit, substitution unit, result storage unit, control unit.

EFFECT: widened functional abilities; improved reliability of operation; simplified algorithm of operation.

16 dwg

FIELD: electric communications, possible use for finding and quickly identifying information in multi-service digital data transfer networks with commutation of packets.

SUBSTANCE: device contains N generators of time intervals, N selection blocks, frequency divider, N temporary storage registers, N two-input AND elements, solving three-input element AND, N-input OR-NOT element, electronic key, mask storage register, n-input AND-NOT element, control block.

EFFECT: expanded area of possible use of device, increased speed of operation.

5 cl, 6 dwg

FIELD: syntactic analysis of bit stream, containing data having structure and content, matching certain format, possible use for generation of tree-like representation of said stream.

SUBSTANCE: proposed scheme is produced from XML, making it possible to describe encoding format in generalized form. Such scheme is used for performing syntactic analysis of stream of bits for production of document, which represents a stream of bits, which acts as a sample of aforementioned scheme, or for generation of stream of bits from document, representing the stream of bits.

EFFECT: increased resistance to interference.

7 cl, 3 dwg, 4 app

FIELD: statistical language models, used in speech recognition systems.

SUBSTANCE: word indexes of bigrams are stored in form of common base with characteristic shifting. In one variant of realization, memory volume required for serial storage of bigram word indexes is compared to volume of memory, required for storage of indexes of bigram words in form of common base with characteristic shifting. Then indexes of bigram words are stored for minimization of size of data file of language model.

EFFECT: decreased memory volume needed for storing data structure of language model.

7 cl, 4 dwg

FIELD: communication systems; method for storing geographical information in communications center.

SUBSTANCE: geographical data is received, authentication query is sent to geographical data authentication database, which communicated with communications center. Answer for authentication query is received, and geographical data is stored in informational storage, which is a database, which communicates with communications center.

EFFECT: increased accuracy of service rendering corresponding to location in communication network on the basis of previously stored location information.

10 cl, 5 dwg

FIELD: information search means, database structures.

SUBSTANCE: two data areas are created. At least one of them is resident area, and at least one other area is non-resident for searched data object query source. Control data objects array is created in resident area, and/or control data objects array with corresponding to each object initial hyperlinks as linked data. In nonresident area control associated information data objects array is created and/or control associated information data objects array with corresponding to each object associated data and/or at least one secondary hyperlink.

EFFECT: simplified logical and physical database organization with permanent renewal of control associated information data objects, and increased performance of system due to simplified functioning of informational network communication nodes.

37 cl, 1 tbl

FIELD: computer engineering, automated system for collecting and processing electronic polls data.

SUBSTANCE: system consists of input messages receiving unit, data from server database receiving unit, election committee identification unit, first and second units for candidates base addresses identification, polls results disclosure time cycles selection unit, polls results recording time cycles selection unit, input messages receiving time cycles selection unit, database read and write signals forming unit, final polls results data forming unit.

EFFECT: increased system performance due to database entries address localization using receiving messages identifiers and forming of progressive total of polls results in real-time.

9 dwg

FIELD: computer engineering, systems for supporting informational identity of geographically distributed databases of airline companies.

SUBSTANCE: systems consists of address identifiers unit, memory area identification unit, input message target selection unit, database entries base address selection unit, adder, read signal forming unit, six registers, database entries identification unit, entries quantity identification unit, counter, control signal forming unit, OR elements.

EFFECT: increased system performance due to database entries addresses localization using data sources and flights identifiers.

9 dwg

FIELD: computer engineering; system for data distribution control in information analytical center network of air company commerce unit.

SUBSTANCE: system contains three registers, renewed data entries address identification device, client query data address identification device, decoder, data read control signal forming unit, and data output channels commutation unit.

EFFECT: simplified system, increased performance by excluding memory buffer blocks and time interval selector, and asynchronous mode of server-client interaction implementation.

5 dwg

FIELD: computer engineering; structure-statistical analysis of informational arrays.

SUBSTANCE: device contains current evaluation signal former, evaluation zones discriminator, pulse distributor, time intervals counter, commutator, search variable former, adding counters, storage units, division units, classifier, search strategy register, reset signals former, data representation and write unit, threshold signals change unit, current day timer, cutoff threshold former unit, structural analyzer.

EFFECT: increased informativity of traffic values, which define informational arrays structure due to structural analysis of determinate combinations.

2 cl, 3 dwg, 1 apl

FIELD: data access technologies.

SUBSTANCE: method includes assignment of simplified network address, recording URL and converting numbers into storage system with net access, inputting assigned number into computer, transferring inputted number to storage system, converting number to URL, receiving page matching URL, and displaying it. Method for use in operation systems for message transfer include intercepting system level messages to certain objects and forming pseudonym messages during that. Systems realize said methods.

EFFECT: broader functional capabilities.

12 cl, 30 dwg

FIELD: computers.

SUBSTANCE: system has entries memory block, words memory block, control block, substitutions block, n blocks for searching and replacing.

EFFECT: broader functional capabilities.

17 dwg

FIELD: computers.

SUBSTANCE: system has nine registers, four address selectors, triggers, AND elements, OR elements and delay elements.

EFFECT: higher speed.

8 dwg

FIELD: computers.

SUBSTANCE: system has operation mode setting block, first and second blocks for selecting records addresses, block for forming addresses for reading records, data output block, first and second record codes comparison blocks, records quality comparison block, year intervals comparison block, records selection control block, register, adder and OR elements.

EFFECT: higher speed of operation.

10 dwg

FIELD: computers.

SUBSTANCE: system has memory for programs, including browser, display block, database for storing documents, addressing control block, while each document of base has at least one link with indicator of its unique number and indicator with address of program for control stored in addressing control block, system contains also, connected by data buses and control of other blocks of system, memory for links of couples of unique numbers of links and forming means for lists of unique numbers of documents links, which are interconnected.

EFFECT: higher efficiency.

2 cl, 1 dwg

FIELD: telecommunication networks.

SUBSTANCE: messages, sent by cell phones, are formed by means of printed and public-distributed classifier, wherein at least one category is made with possible detection of at least one identifier of individual mark of object, identifier is sent by sender via at least one message to computer server with software, which transfers such message into database record at server for its transfer to at least one receiver, or searches for such record in database at server in accordance to received message and transfers to sender of such message at least one found database record.

EFFECT: broader functional capabilities.

2 dwg

FIELD: web technologies.

SUBSTANCE: method for integration of printed business documents, requiring original signature, with electronic data concerning these documents and later extraction of data, inputted for forming documents, is characterized by steps for forcing end user or agent to input all necessary data for forming of required document, saving collected data in database, linking saved data to unique ID code and printing unique ID code on printed document during printing. Printed documents is signed by end user and sent together with supporting documentation. When document is received by business-client, business-client inputs ID code, which is then used for access to saved data, and updates private database of business-client with all data, used for creation of original documents.

EFFECT: higher efficiency.

2 cl, 7 dwg

FIELD: computer science.

SUBSTANCE: device has string memory block, comparator, memory block for words and substitutes, block for analysis and forming of displacement results, block for storing string address, control block.

EFFECT: broader functional capabilities, higher reliability.

10 dwg

FIELD: data bases.

SUBSTANCE: method includes presenting operations at all levels of company in form typical product life cycle tree, wherein existing objective functional-technological connections of each manufacture stage are decomposed, and forming information system in form of pertinent-relevant complex information system and search, for which typical structure-information modules of information system are formed, system objective information requirements of data consumers, being a result of decompositions by levels of operations and problems, are determined as precisely as possible, data base of found documents in form of files is formed of key nodes with set of elementary data block for each system information requirement and files of information system modules, starting from lower levels of current stage and then upwards, while each data block has a list of pertinent documents ordered by determined information requirements.

EFFECT: higher search efficiency.

13 cl, 11 dwg

FIELD: computer science.

SUBSTANCE: system has first, second, third, fourth and fifth registers, first and second memory blocks, first, second and third decoders, triggers, elements AND, OR and delay elements.

EFFECT: higher speed of operation.

1 dwg

Up!