Software and computer expertise is a type of forensic computer-technical examination. With the development of computer technology, a new direction of offenses has arisen, which are called crimes in the field of computer information. In such crimes and not only computer hardware and software are used to achieve the goal.
The main goal of software and computer forensics is to establish the involvement of the software package under investigation in the criminal act under investigation. Also, as a result of the analysis, traces of illegal actions may be detected. Subject of research of this examination are the features of development and application software computer system. The analysis can be carried out in both civil and criminal cases.
Objects software and computer forensics are the following components:
Occasion to order a software and computer examination, there may be a reasonable suspicion of incorrect operation of the software, incompatibility of two or more programs located in the same chain of performing any operations, and so on.
Software and computer forensics are widely used in the investigation of criminal cases, but the need for similar research in other types of legal proceedings is gradually increasing, which is caused by the extensive computerization of all areas of life. Currently, many civil cases arise, including those resolved in arbitration courts. Also a large number of cases are related to the protection of consumer rights, as well as copyright infringement during the distribution of counterfeit products.
PROBLEMS THAT ARE SOLVED WITH THE HELP OF COMPUTER SOFTWARE EXPERTISE
Software and computer expertise solves a wide range of problems related to the specific features of software, its development, implementation, application, and so on. The wide variety of problems solved with the help of this research is due to the fact that computer systems with appropriate software are used in almost all areas of human activity. The main objectives of software and computer expertise are:
Software research methods used in the course of software and computer examination are usually classified based on the type of object under study. The following groups of methods are distinguished:
The examination of boot modules is based on the examination of software using basic methods that monitor all interrupts that are caused by a given program. The method used by the expert must exactly match the type of problem he is solving. Accordingly, to obtain a reliable research result, it is necessary to select an expert with a high level of professional competence and great experience conducting research.
When analyzing malware (viruses, worms, etc.), various monitoring methods are used - analysis of file signatures (disk memory monitoring method), verification of checksums (monitoring method random access memory) and so on.
PROCEDURE FOR CONDUCTING COMPUTER SOFTWARE EXAMINATION
The procedure for conducting software and computer examination is standard for all such studies. At the first stage, an expert is consulted to determine the type of examination, the subject and objectives of the study, as well as the cost and timing of its implementation.
At the next stage, an agreement is concluded with the organization to conduct the examination, after which the initiator of the examination transfers to the specialist the software on the medium on which it is installed, and all available documentation. The contract includes the subject of the study, the existing research tasks, the questions posed to the expert, as well as the expected completion date for the examination. Next, the research production specialist carries out the necessary expert activities and draws up an expert opinion, which is the main result of the research and can be presented as evidence during the trial. The expert report includes a description of the research conducted, copies of the submitted documents and answers to the questions posed to the specialist.
LEGAL FRAMEWORK FOR CONDUCTING COMPUTER SOFTWARE EXAMINATION
Chapter 28 of the Criminal Code of the Russian Federation describes crimes in the field of computer information, as well as penalties imposed for such offenses. The chapter contains three articles. Article 272 regulates penalties for illegal access to classified computer information. Article 273 provides for penalties for the development, use and distribution of so-called malicious programs that lead to the destruction or blocking of information on personal computers and production networks. Article 274 prescribes liability for non-compliance with the technique of use personal computers, computer systems or computer networks. By means of software and computer forensics, a justification is obtained for making decisions on the crimes outlined in this chapter.
QUESTIONS TO BE posed to a specialist in computer software examination
The full list of questions is quite extensive. In each specific case of conducting a software and computer examination, a list of questions is formed depending on the final purpose of the study and the type of software under study. The questions asked to the expert are based on the tasks being solved during the research process. In general, the questions look like this:
Please clarify any questions you are interested in by calling the contact number.
This story happened more than 3 years ago, so I can safely remove the “trade secret” stamp and voice its details on the Internet.
Colleagues from the financial control department of the Ministry of Defense of the Russian Federation contacted our company with a request to conduct an examination of the software - “ Simulation stand emergency situations in flight" It must be said that colleagues from the Ministry of Defense immediately suspected a catch in the software and decided to conduct an independent expert assessment in order to understand what they were dealing with and whether it was worth the money that was announced in the government contract. And the government contract was no joke; the total cost of the project was about 20 million rubles!
Initial data:
For the study, files were received on flash media with a total volume of 2,252,414,699 bytes. The root of the media contained two directories: FltRec02; SM-AS 2006.
Operating system on the computer under study: Microsoft Windows XP Professional.
Analysis of files in a directory FltRec02
File size: 472,899 bytes.
Among all the presented files, only one is bootable - FLTREC02.exe, which cannot be launched.
Analysis of files in a directory SM-AS 2006
Fighter Ace II
Directory size: 2,251,941,800 bytes.
Boot file FIGHTACE.exe
After launching the file, the window shown in Fig. appears on the screen. 2
The presence of an already entered security “key” (see highlight in Fig. 3) indicates the “pirated” origin of the software product!
After installing and launching the program in “play” mode, the user must register on the server of the official manufacturer – Microsoft.
In " training"The “training mode” opens in front of the user, see fig. 5 and 6
Conclusion: The software under study belongs to the “Computer Games - Simulations” class, developed by Microsoft Corp., released in 1999, named Fighter Ace II.
The cost of the software product, taking into account its “pirated” origin, is about 70 rubles.
Boot files FLTSIM98.exe, FS2000.exe, FS2002.exe
These files launch the “Microsoft Flight Simulator 2002” program, which is hidden under the “Flight Emergency Simulation Stand” screensaver. The company ZAO "ХХХХХХ" violated copyright by identifying itself as the developer!
We could not find any information about the legal origin of the software product!
Boot file FSUNINSTALL.exe
Boot file FSEDIT.exe
Conclusion: The software under study belongs to the class “Computer Games - Simulators”, the developer of which is Microsoft Corp., year of release 2002, name – “Microsoft Flight Simulator 2002”.
The cost of the software product, taking into account its “pirated” origin, as well as the cost of designing the splash screen (Fig. 7), is about 200 rubles.
In total, the total cost of software submitted for examination is about 270 rubles.
As a result of the examination, the Ministry of Defense employees were recommended to contact the military prosecutor's office and counterintelligence to conduct an investigation!
If a person is involved in an accident, he can get fair insurance compensation according to OSAGO. Today, a special government methodology called EMRU is used to calculate damage. But what is the structure of this technique? What laws govern EMRU? And what formula is used to determine the amount of damage? Below we will find out the answers to these questions. We will also look at an example of calculating insurance damage according to EMRU.
The Unified Methodology for Calculation of Damage (UMRU) is special method, with which you can calculate the amount of insurance compensation for compulsory motor liability insurance.
In fact, EMRU is a set of formulas.
The unified calculation methodology is regulated by the following documents:
The draft laws were developed by the Ministry of Transport, the Central Bank and the Russian Union of Auto Insurers (RUA). Before the introduction of ERMU, there were more than 5 recommended state methods with which it was possible to determine the amount of damage.
The problem was that these techniques did not fit well with each other, which led to confusion. Another problem was that different methods produced different results, and the amount of recommended payments using different methods could vary. differ by 2-3 times .
Because of this confusion, many dissatisfied car owners sued the insurance company, and in 2013, before the law was adopted, the number of such lawsuits was more than 600 thousand.
The adoption of EMRU allowed us to solve many problems:
EMRU is a document with which you can calculate the cost of insurance compensation. The EMRU contains the following information - definition of basic terms, calculation algorithms, formulas for calculations, reference materials, rules for drawing up expert reports, and so on. Using this information, you can accurately determine the amount of insurance payment for repairs.
The unified method for calculating damage contains information about all the main cars that can be found in Russian Federation(the total number of car brands is more than 67, and the list itself is periodically updated).
It should also be remembered that EMRU can only be used if the client of the insurance company is an individual.
The methodology has the following structure:
Type | Number | Short name | Information |
Head of the Basic Law | 1 | Procedure for determining vehicle damage | Contains general information about EMRU. It is also indicated here that EMRU was created so that with its help it would be possible to calculate the amount of insurance compensation for damage to any vehicle. It also stipulates some basic concepts (evidence, vehicle examination, examination results) that are used to calculate insurance payments. Information is also indicated here that all examinations are divided into primary (carried out by an emergency commissioner or an insurer’s technician) and additional (carried out by forensic and independent experts). |
2 | Investigation of the circumstances of the accident | This chapter discusses the issue of studying the circumstances of an accident. The circumstances of the accident are studied with the help of special examinations, with the help of which it is possible to establish the key details of the accident (based on this information, in the future it is possible to establish the culprit of the accident, the degree of culpability, the type of violations that led to the accident, the amount of damage caused, and so on). Typically, two examinations are carried out to investigate the circumstances of the accident. The first examination is an expert-comparative analysis of the documentation that was drawn up after the accident. The second examination is a scientific expert analysis of an accident, with the help of which it is possible to establish the nature and type of damage caused; based on these data it is possible to compile computer model, with which you can identify the culprit of the accident. If one of the parties does not agree with the conclusions of previous examinations, it can conduct an additional examination to clarify some details that may be important when considering the case. | |
3 | Determining the level of repair costs | Contains a number of algorithms that can be used to calculate the total cost of vehicle repairs. The following expense items are discussed here: the purchase of new auto parts (engine, headlights, bumper, etc.), the purchase of materials (paint, primer, abrasives, and so on) and the services of technicians. | |
4 | Determining wear levels when purchasing new parts | This chapter contains information on which you can calculate the wear of old parts. The fact is that many parts deteriorate over time, so when determining the level of compensation, the residual cost of the old part (taking into account wear and tear) should be subtracted from the full cost of each new part. | |
5 | Determining the cost of surviving parts if the vehicle is destroyed | This chapter describes a methodology with which you can calculate the cost of some spare parts, provided that the vehicle is completely destroyed (and there is the possibility of reusing these undamaged parts). The fact is that the damage caused may be so severe that the car will be almost impossible to repair, but some parts may be serviceable. Based on the data provided in this chapter, the cost of these serviceable spare parts can be calculated. | |
6 | Determining the value of a vehicle before damage | Contains information on how to use a methodology to calculate the pre-accident value of a vehicle. With the help of this information, you can understand whether it makes sense to restore the vehicle at all. The fact is that sometimes the damage can be so severe that repairing the vehicle does not make sense (for example, the value of the car before the accident may be much lower than the cost of repair). This chapter also specifies a method for calculating the average market value of a new car that is similar to a damaged one. If it turns out that a new car costs much less than repairing a damaged car, then the person is simply given money to buy a new vehicle (after all, in most cases it is quite difficult to calculate the cost of a car before an accident). | |
7 | The procedure for approving reference books for calculating the average cost of damaged parts | This chapter contains a list of sources that can help a technician or insurer estimate the cost of new parts. The fact is that when calculating damage, many parameters are used that can change (for example, the market value of parts). Some regulations of the Central Bank, an electronic database of spare parts, price standards and some other documents that do not contradict the EMRU are used as regulatory documents containing the necessary information. | |
Appendix to the law | 1 | Photographing an accident and a damaged car | Contains information on how and in what cases it is necessary to record the consequences of an accident on photographic or video equipment. This information will be useful both in the case of drawing up a standard protocol with the involvement of traffic police officers, and in the case of drawing up a European protocol without the participation of traffic police officers. This information may also be useful in the event of litigation. |
2 | Typical vehicle damage | Contains information that can significantly simplify the procedure for classifying damage caused. This application also states that there are a total of 32 characteristic damages. | |
3 | Costs for restoring the body of some vehicles | This paragraph contains information on the basis of which you can calculate the cost of repairing non-metallic bodies of some vehicles. The fact is that the body of some foreign and domestic cars is made not of metal, but of some other materials (for example, special plastic), so an additional method is needed to calculate the repair of such a body. | |
4 | Commodity markets and boundaries of economic regions | Contains information about which economic regions certain areas belong to (13 regions in total). The fact is that the average market cost of parts is calculated taking into account the economic region (after all, for example, the price of a part in St. Petersburg may differ significantly from the price of the same part in Vladivostok). | |
5 | Size of correction factors for determining the degree of wear | When calculating the degree of wear, 2 special coefficients are used (depending on the type and brand of the vehicle). In this application you can find out the size of these coefficients in order to correctly calculate the degree of wear. | |
6 | Size of correction factors for determining the degree of wear of very old parts | In some cases, the values of the 2 correction factors (used to calculate the degree of wear) can be reduced. This annex provides information about the specific cases in which this may occur; The degree of reduction of these correction factors is also indicated here. | |
7 | List of parts for which wear value is set to zero | For some damaged parts, the wear value is set to zero. This appendix provides a list of these parts (brake discs, steering wheels, tie rod ends, etc.). | |
8 | Directory of average annual vehicle mileage (including regions) | When calculating the cost of repairs, the vehicle's mileage is also taken into account. In this application you can find out the average annual mileage of vehicles (taking into account the type of vehicle and region of residence). | |
9 | Reducing factor K, with which you can take into account the operating time of the vehicle | The cost of insurance payment may be slightly reduced depending on how long the vehicle is in use. This annex specifies the size of this reduction factor (the size of the factor depends on the type of vehicle and age of use). | |
10 | Additional coefficient K, with which you can take into account the nature mechanical damage | The cost of insurance payment may be changed depending on the nature of mechanical damage. This annex indicates the size of the correction factor, and the factor itself depends on the degree of mechanical damage. |
The following persons can use the unified methodology for calculating damage:
After an accident, it is necessary to draw up a vehicle inspection report
(usually this document is compiled by experts with the participation of people who were involved in an accident).
The vehicle inspection report must include the following information:
The unified methodology for calculating damage contains special rules that regulate the conduct of special examinations, with the help of which the amount of monetary compensation can be determined.
EMRU requires experts to meet the following requirements:
The unified methodology for calculating damage contains information on how to correctly calculate the amount of insurance compensation.
The following formula is used for calculations:
It should be understood that the correction factor will always be less than one, so the full market value of the damaged part will not be returned to you.
And this is fair - after all, over time, many parts wear out, and if you are in an accident, the insurance company must only compensate for the market value of the old part.
Let's try to calculate the amount of damage ourselves:
Now you know what EMRU is. Let's summarize. Firstly, EMRU is the main method by which you can accurately determine the amount of insurance compensation in case of an accident. Secondly, EMRU is a document that consists of 7 chapters and 10 annexes, where contains all the basic information about the technique.
Software examination is a study whose ultimate goal is to verify the completeness/completeness of a software product.
The tasks of software examination include:
The software examination process requires clear regulation. The whole process can be divided into several stages:
Software examination within the project team is carried out in accordance with the regulations adopted by the performing company. When conducting an external examination, they are often guided by the following standards:
At the stage of acceptance testing, a document is drawn up: Test Program and Methodology, which determines quantitative indicators of product quality and testing methods. A program is being developed from the perspective of minimizing the amount of testing to verify that all document requirements are met.
The software examination program and methodology must contain the following sections (according to RD 50-34.698-90 AUTOMATED SYSTEMS, REQUIREMENTS FOR DOCUMENT CONTENT):
The software examination program and methodology are agreed upon with the developers and the Customer.
During the software examination process, the following indicators are checked:
The operating instructions for the software package are also checked and adjusted in all specified modes.
Software examination at the time of acceptance tests is carried out at the Customer's stands. The installation of software and debugging of stands is carried out by representatives of the developers.
During software examination, the use of automated testing tools is allowed.
The result of the software examination is recorded in the Test Report. The protocol must contain:
If during the software examination the need to change the requirements is identified, adjustments to the technical specifications are allowed by agreement of both parties. It is also possible to accept a software package with deviations from the original requirements. At the same time, the accepted assumptions are recorded in the software examination protocol.
If deviations from the requirements stated in the technical specifications significantly affect the achievement of the goals of the software, then the program is returned for revision. The examination protocol records the period for the retest.
Given the market situation and the availability of a wide variety of CRM systems and various platforms, software is being created that can be used to automate the professional activities of representatives of different specializations. Such applications are “tailored” to a specific industry and significantly simplify work in it and communication with other structural units. IN We ordered the development of special software to solve your problems, but the contractor, for certain reasons, in violation of the contract or technical specifications, did not complete the work or performed the work poorly. In this case, it is not possible for you to prove your case in court without an expert opinion. Independent examination information systems And software products- this is a whole complex of research. Its goal is to solve problems of the identification level of information and software on appropriate media. Specialists discover patterns in the development and use of software, study the functional meaning and characteristics of the algorithm, structural features and current state, and also determine whether changes have been made to overcome the protection.
The most frequently received requests are for examination of 1C software. This type We carried out the examination separately - “Examination of 1C products (software)”
Examination objectives:
Cost of the study: from 20,000 rubles*.
Our legal department, working closely with the expert department, will ensure high-quality, legally and technically verified preparation of expert opinions, and will ensure an internal logical relationship between the results of the study and a retrospective of the case materials.
Our specialists are ready to advise you on the grounds, procedure for conducting an examination (forensic examination), its main stages, methods of recording and studying significant circumstances.
Based on experience collaboration, we can distinguish several types of interaction with our Clients:
This category will include a full list of legal services, from analysis of the situation to consideration of the case on its merits. Our lawyers, together with the department of experts, will be able to quickly understand controversial situation, will develop...
This service is of a slightly specific nature and belongs to cases of the highest category of complexity, requiring not only joint analysis, but also the joint participation of a lawyer and an expert directly in the court hearing. This service...