RU2454032C2 - Device for examination of mobile terminals in cellular networks - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: invention relates to the field of criminalistics and forensic analysis, namely, to a device for holding examinations and expert examinations of electronic information carriers. A device for carrying out examinations of mobile terminals in cellular networks consists of an Automated Workstation for forensic examinations of electronic information carriers, and in its composition additionally comprises a code generation unit, a control unit, a display unit, an interface unit, a data register, a counter, a comparison device, a controlled key, a resistor, an operational amplifier, an analog-digital converter, a memory unit and a processing unit. Taken together, the listed elements enable transmitting all possible authorisation code combinations to the SIM card input with interruption of the authorisation process up to the moment of recording a new value of the number of attempts at authorisation in non-volatile memory of the SIM card. The PIN code is determined by comparing the type of time dependency of the SIM card power current for all alternatives of the authorisation code and picking up therefrom the time dependency which corresponds to the authorisation procedure when entering the PIN code.

EFFECT: providing ability of automation of the process of selecting a code combination which is the PIN code of a cellular telephone undergoing criminalistic examination, with high reliability and operability.

4 dwg

Description

The proposed device relates to the field of forensics and forensics, and in particular to the use of electronic means to increase the efficiency and objectivity of conducting examinations and expert studies of electronic storage media by automating a number of operations.

The proposed device allows with high reliability to quickly access information stored in the memory received at the forensic examination of a mobile cellular communication terminal (which is one of the types of electronic information carriers (ENI)), while the quantitative and qualitative characteristics of a mobile cellular terminal like ENI do not change , which is crucial to ensure the validity of the results of the forensic procedure.

One of the types of forensic examination is computer-technical examination (CTE). At this stage of development, KHPP is an independent type of forensic examination, belonging to the class of engineering and technical examinations and conducted in order to: determine the status of an object as a computer tool, identify and study its trace in the crime under investigation, and also gain access to computer information on ENI with subsequent comprehensive study of it. These goals are represented by the generic tasks of the CHP [1].

The process of collecting evidence for crimes involving the use of computer tools includes, first of all, the detection, recording and removal of computer information. The tactics of investigative actions for the disclosure and investigation of crimes in the case under discussion are inextricably and directly dependent on the special tools and instruments used. These technical means should be designed for the search and preliminary investigation of ENI, which can subsequently acquire the status of material evidence. Instruments, apparatus, equipment, tools, accessories used to collect and investigate evidence in the course of legal proceedings are commonly referred to as “forensic technology”.

The primary basis of the class of forensic technology under consideration is hardware and software, techniques and methods, borrowed from such fields of science and technology as: computer engineering and programming, radio engineering and electronics, computer networks and telecommunications, cryptography and information security.

Gradually, the forensic technique is replenished with means, techniques and methods specially developed for the purpose of investigation and disclosure of crimes in the field of computer information.

To date, the following technical means are the typical technical and forensic equipment for collecting computer information [2]:

- a personal portable computer (IBM-compatible), with sufficient and speed and RAM, with the ability to pre-complete physical copy of the studied storage media (including hard drives) to a working hard drive of the appropriate capacity (often in a removable version);

- Windows operating system installed on the specified PC with a set of system and application utilities (for example, Norton SystemWork); file managers (including those with support for MS DOS sessions), advanced application software (MS Office, graphic packages (PhotoShop, Corel-Draw), etc.);

- a set of empty 3.5 "floppy disks;

- CD-RW device for recording on compact discs;

- a set of empty CD-R;

- necessary interface cables (including null modem cable);

- a set of floppy disks and CDs (bootable and with service utilities) for determining the configuration of the personal computer under study and its characteristics;

- A set of floppy disks and CDs with virus diagnostic programs;

- packaging material: rigid boxes for packaging seized system units and data carriers; antistatic bags for data carriers, plastic bags and canvas bags; paper for sealing connectors, adhesive, adhesive tape;

- auxiliary tools - an electronic tester, screwdrivers, pliers, etc. (for example, to disconnect connectors, open the covers of system units, remove hard drives).

The stated positions relate to only one type of computer facilities - IBM-compatible computers and typical ENI to them. At the same time, the variety of hardware and software of modern information technologies requires the development of similar approaches to other possible research objects (computer networks, telecommunications and communications, personal use tools (mobile cellular terminals (cell phones, communicators, cellular modems, etc.) ), electronic organizers, pagers), etc.) of interest to the investigation.

Means of researching information stored in electronic form should provide [3]:

- the technical ability to access the information contained in the object of study (computer hard drives, flexible magnetic disks, magneto-optical disks, tape drives, optical disks, flash memory and other means of information storage);

- fixing information without destroying or changing the object of study (for example, on hard disks of laboratory computers, recordable optical discs);

- converting information into a form that is accessible to the expert (software for searching and visualizing information).

These tasks are solved jointly by hardware and software research support.

Thus, we can conclude that the methodology for solving any problem during computer-technical examination should be refined when a new generation of hardware or new software versions appears [4, 5].

Thanks to the presence of highly qualified specialists, a number of leading expert organizations are developing technologies for conducting practical work on conducting forensic examinations of ENI. For this, a whole range of specific non-standard work is carried out, the corresponding tools are developed and mastered.

The result of the relevant work are devices and workstations (AWS) (software or hardware-software systems) for all specific types of work.

Methodological developments and automation tools, accumulating the knowledge and experience of unique, highly qualified specialists, make it possible to increase the level of solving CHP issues by small local forces by assigning these tasks to small groups or individual full-time experts.

One such AWP is the PROPLAN system.

The PROPLAN workstation for computer-technical expertise is a specialized software and hardware complex that automates the activities of the expert and his workplace at CHP.

The technical part of the complex is:

- a stand for the study of information media,

- a personal computer (PC) for processing research data and preparing an expert opinion.

The software part of the complex consists of a set of general and special mathematical (software) software (OMO and SMO).

As a QS, the “Professional system for solving Search problems and Logical ANALYSIS of machine data carriers” (“PROPLAN”) is used.

The main disadvantage of this AWP is the impossibility of connecting ENI of new types that appeared after its creation, and the impossibility of upgrading it to eliminate this drawback due to the limited number of system interrupt codes corresponding to the maximum number of connected external devices.

The indicated drawback was eliminated in the AWS for conducting forensic examinations of ENI [6].

Workstation for conducting forensic examinations of ENI consists of a stand for research of ENI and PCs for processing research data and preparing an expert opinion. The ENI research bench consists of a controlled switching device (UCF), which provides the possibility of interfacing an electronic information carrier and a personal computer via information buses and control buses, and an adjustable voltage source (IRN), while the controlled switching device has m + n inputs / outputs and represents is a set of m · n controlled gates forming a switching matrix of dimension m × n connecting 1 ÷ m and (m + 1) ÷ (m + n) inputs / outputs in such a way that each i-th input / output (i∈ {1, m}) is connected to the j-th input / output m (j∈ {m + 1, m + n}) by controlled ij-th gate, wherein m = k + 1, the number k and n values correspond to the maximum numbers of computers and electronic contact data carrier connectors, respectively; in turn, the controlled valve consists of two controlled amplifiers (UE), as well as two uncontrolled gates (NUV), the outputs of the controlled amplifiers are connected to the inputs of the uncontrolled gates, and the outputs of the uncontrolled gates are connected to the inputs of the controlled amplifiers in such a way that a closed ring of four elements; connection points of inputs of controlled amplifiers and outputs of uncontrolled gates serve as inputs / outputs of controlled gates; the output of the regulated voltage source is connected to the m-th input of the managed switching device, 1 ÷ k inputs / outputs of the controlled switching device are connected to the terminals of the PC connector, (m + 1) ÷ (m + n) the inputs / outputs of the managed switching device are connected to the contacts of the connector electronic information carrier.

An essential feature of a mobile cellular communication terminal, as a variation of ENI, is the presence of a user authorization procedure, without which it is impossible to gain full access to all information stored in the memory of the studied mobile cellular communication terminal, primarily information stored in the SIM card memory ( SIM - Subscriber identification module). To complete the authorization procedure, you need to know the four-digit PIN code (personal identification number).

There are 4 options for the status of a mobile cellular terminal for examination:

1) the mobile cellular terminal is in a state where the authorization procedure has already been completed (for example, by the owner);

2) the mobile cellular communication terminal is off and the PIN code is known (for example, it was communicated by the owner or received promptly);

3) the mobile cellular communication terminal is off and its subscriber number is known;

4) the mobile cellular communication terminal is in the off state with complete a priori uncertainty of its affiliation.

In the third embodiment, the access code can be obtained from the mobile operator by court order. Therefore, the first three options allow you to carry out the examination in a standard way using the automated workplace to conduct forensic examinations of ENI.

The main drawback of this AWP is the impossibility of conducting a full forensic examination of a mobile cellular communication terminal that is off with a complete a priori uncertainty of its ownership due to the impossibility of carrying out an authorization procedure.

This device is selected as a prototype.

Known technical solutions that allow access to information that is password protected. So, there is a device for the examination of electronic notebooks (EZK) [7].

A device for the examination of electronic notebooks consists of:

- code generation unit,

- interface unit,

- visual inspection unit,

- control unit

- indication unit.

The code generation unit is designed to generate a sequence of code combinations that claim to be a password for accessing information stored in the EZK. It is a device that has a control input, a service output and n information outputs, where n is the number of buttons on the EZK keyboard. Based on the control signal supplied to the control input, the code generation unit generates a code combination, which is a sequence of non-overlapping time pulses at m (m≤n) information outputs. The sequence of control signals applied to the control input leads to the formation of a sequence of different code combinations, the sequence of which is determined by the algorithm for generating code combinations or a dictionary of code combinations.

The interface unit is designed to provide a physical connection of the information outputs of the code generation unit with the outputs of the EZK keyboard and the coordination of voltage levels. In the simplest case, the interface unit is a set of conductors connecting the information outputs of the code generation unit to the contact pads of the EZK keyboard without violating their integrity or to the contacts of the keyboard connector available on many EZK models.

The control unit is intended for generating control signals for the code generation unit. It is a device with two inputs and two outputs, performing the function of a pulse shaper, triggered by the input signals.

The visual control unit is designed to monitor the status of the EZK indicator and is a sensitive element that distinguishes the intensity of the glow or color. He must distinguish between the states of the EZK indicator corresponding to the indication of messages about correct and incorrect password entry.

The display unit is designed to generate a signal (audio and / or light) about the end of the password selection process and is a device that generates an audio and / or light signal from a trigger signal received at its input from the output of the control unit.

However, the number of authorization attempts is limited. Therefore, the methodology for enumerating access code options cannot be applied due to the low (≈0,0003) probability of accidentally selecting the correct access code value in three attempts.

Therefore, the main disadvantage of this device is the impossibility of guaranteed determination of the correct access code (PIN code).

An object of the invention is to enable automation of the process of selecting a code combination, which is the PIN code received for the forensic examination of a mobile cellular communication terminal.

The inventive device consists of an automated workplace for conducting forensic examinations of ENI, characterized in that it additionally includes: a code generation unit, a control unit, an indication unit, a pairing unit, a data register, counter, a comparison device, a controlled key, an operational amplifier , analog-to-digital converter (ADC), resistor, memory unit and processing device. Taken together, the listed elements allow to submit to the SIM card input all possible combinations of the authorization code with interruption of the authorization procedure until the time of writing a new value for the number of authorization attempts to the non-volatile memory of the SIM card. The PIN code is determined by comparing the type of time dependence of the supply current of the SIM card for all authorization code options and extracting a unique time dependence from them that corresponds to the authorization procedure when entering the PIN code.

The problem is solved in that the Device for the examination of mobile cellular communication terminals consists of:

- AWP for forensic examinations ENI 1 [6];

- Devices for providing access to a closed code for authorization of information 2.

Workstation for conducting forensic examinations ENI 1 is intended for pairing a mobile cellular communication terminal and a personal computer 1.1 (Figure 1) on information buses and control buses (the term “pairing” means providing an electrical connection and matching signal levels).

A device for providing access to a closed information authorization code 2 is intended for detecting a PIN code value of a mobile cellular communication terminal.

A device for providing access to a closed information authorization code 2 consists of:

- Counter 3;

- Comparison devices 4;

- Data Register 5;

- Managed key 6;

- operational amplifier 8;

- ADC 9;

- Resistor 7;

- Visual inspection unit 10;

- memory register 11;

- Interface unit 12;

- Processing devices 13;

- Block generating codes 14;

- control unit 15;

- Display unit 16.

Counter 3 is a device with two inputs and one output, designed to count the clock pulses arriving at the first input, the second input is the control one - when the signal is applied to it, the counter is reset.

Comparison device 4 is a device with two inputs and one output, designed to compare the numerical values arriving at its inputs, when they coincide, an output signal is generated.

The data register 5 is a device with one output, designed to store a constant numerical value.

Managed key 6 is a device with one control input, two signal inputs and two signal outputs, while the first signal input and the first signal output are interconnected, designed to open the second signal input that is constantly closed to the second signal input from the second signal input to the second signal output and the simultaneous closure of the signal outputs to each other (Figure 2).

Operational amplifier 8 is designed to provide the required signal level at the input of the ADC 9, designed to convert the input analog signal to digital.

The resistor 7 is designed to act as a passive load in the feedback circuit of the operational amplifier 8, which provides a voltage drop.

The visual control unit 10 is designed to monitor the status of the indicator of a mobile cellular communication terminal and is a sensitive element that distinguishes between the intensity (brightness) of the glow or color (for example, a photodiode with a lens). He must distinguish between the status of the indicator of a mobile cellular communication terminal corresponding to the indication of a message about the need to enter a PIN code.

The memory block 11 is a device with one information and one control inputs and one output, designed for temporary storage of a set of numerical values received at its input.

The interface unit 12 is designed to physically connect the information outputs of the Code Generation Unit 14 with the keyboard outputs of the mobile cellular communication terminal and match voltage levels. In the simplest case, the Interface Unit 12 is a set of conductors connecting the information outputs of the Code Generation Unit 14 to the keypad pads of a mobile cellular communication terminal without violating their integrity or to the keyboard connector pins available on most models of mobile cellular communication terminals.

The processing device 13 is designed to select from a variety of signals presented in digital form, the most different.

The code generation unit 14 is designed to generate a sequence of code combinations that pretend to be a PIN code for accessing information stored in a mobile cellular communication terminal. It is a device that has a control input and eleven information outputs (by the number of buttons on the keyboard of a mobile cellular communication terminal that can be used when entering a PIN code: buttons from "0" to "9" and "Enter"). Based on the control signal received at the control input, the Code Generation Unit 14 generates a code combination, which is a sequence of five non-overlapping pulses at the information outputs (by the number of keystrokes on the keys of the mobile cellular communication terminal when entering the PIN code). The sequence of control signals applied to the control input leads to the formation of a sequence of different code combinations, the sequence of which is determined by the algorithm for generating code combinations or a dictionary of code combinations. In the absence of a priori data, the Code Generation Unit 14 sequentially generates all possible combinations from “0000” to “9999”.

The control unit 15 is designed to generate control signals for the Code generation block 14 and the Processing device 13. It is a device with one input and two outputs, which performs the function of a pulse shaper triggered by the input signals.

The display unit 16 is intended to display the results of the PIN code selection process.

Moreover, the first (counting) input of Counter 3 is the counting input of the Device for providing access to the closed information authorization code 2; the outputs of Counter 3 and Data Register 5 are connected to the first and second inputs of Comparison Device 4, respectively, the output of which is connected to the control input of the Managed key 6; the output of the Operational amplifier 8 is connected through an ADC 9 to the input of the Memory Unit 11, the output of which is connected to the input of the Processing Unit 13, the output of which is connected to the input of the Display Unit 16; the output of the visual control unit 10 is connected to the input of the control unit 15, the first output of which is connected to the input of the code generation unit 14, and the second to the control input of the processing device 13; the first to eleventh outputs of the Code Generation Unit 14 are connected to the first to eleventh inputs of the Interface Unit 12, respectively, the eleventh output of the Code Generation Unit 14 is also connected in parallel to the control inputs of the Counter 3 and the Memory Unit 11; the first to eleventh outputs of the Interface unit 12 are the information outputs of the Device for providing access to a closed code for authorization of information 2; the first and second outputs of the Managed key 6 are the first and second outputs of the Device for providing access to the closed information authorization code 2, respectively, the second signal input of the Managed key 6 is the second signal input of the Device for providing access to the closed information authorization code 2, the first signal input of the Managed key 6 is connected with the inverse input of the operational amplifier 8 and through a resistor 7 connected to the output of the operational amplifier 8, the direct input of the operational amplifier 8 is the first signal nym input devices provide access to sensitive information, authorization code 2.

The principle of operation of the Device for the examination of mobile cellular terminals is as follows. The contacts of the connector of the mobile cellular terminal are connected to the workstation for forensic examinations of ENI 1. The SIM card is removed from the standard socket of the mobile cellular terminal. The SIM card is standardly connected to the mobile cellular terminal via five lines: two power lines (plus and minus), a transmission line from the mobile cellular terminal to the SIM card of clock pulses, a transmission line from the mobile cellular terminal to the SIM signal card Reset ”and the line through which information is exchanged between a mobile cellular communication terminal and a SIM card (I / O). For convenience of description, we will use the numbering of the outputs of the mobile cellular terminal and the inputs of the SIM card in accordance with the table.

room Line assignment one Power minus (-) 2 Nutrition Plus (+) 3 Clock Transmission (TI) four Reset Signal Transmission (Reset) 5 Information Exchange (I / O)

The removed SIM card is connected to the mobile cellular terminal using an extension cord or separate conductors as follows: the outputs 1 and 2 of the mobile cellular terminal are connected to the first and second signal inputs of the Device for providing access to the closed information authorization code 2, respectively, SIM inputs 1 and 2 -cards are connected to the first and second outputs of the Device for providing access to the closed information authorization code 2, respectively, the outputs 3, 4 and 5 of the mobile cellular communication terminal are connected to 3, 4 and 5 inputs of the SIM card, respectively, the counting input of the Device for providing access to the closed information authorization code 2 (the first input of the Counter 3) is connected to the output 3 of the mobile cellular communication terminal (MTCC) (Figure 3).

The first to eleventh outputs of the Interface unit 12 are connected to the keypad pads of the mobile cellular communication terminal without violating their integrity or with the contacts of the keyboard connector available on most models of mobile cellular communication terminals. In this case, the first output is connected to the keyboard “0” button, the second - to the “1” button, the third - to the “2” button, the fourth - to the “3” button, the fifth - to the “4” button, the sixth - to the “5” button ”, The seventh - to the button“ 6 ”, the eighth - to the button“ 7 ”, the ninth - to the button“ 8 ”, the tenth - to the button“ 9 ”, the eleventh - to the button“ Enter ”.

In the Data Register 5, the number N of clock pulses is recorded, for which part of the algorithm (Fig. 4) of the mobile cellular terminal operation is executed from the moment of requesting the SIM card PIN code to the moment of recording the number of attempts to enter the authorization code in non-volatile memory.

When the power of the mobile cellular terminal is turned on, it is loaded, and information on the need to enter a PIN code appears on the screen of the mobile cellular terminal, responding to which the Visual Control Unit 10 issues a command to the Control Unit 15, which generates a start signal and sends it to the input The code generation unit 14, which generates five time-sequential pulses, which through the Interface unit 12 are supplied to the mobile cellular communication terminal. In this case, the first four pulses provide a simulation of four keystrokes of the keyboard buttons of a mobile cellular communication terminal, corresponding to the numbers from "0" to "9", the fifth pulse provides a simulation of a keystroke of a keyboard button of a mobile cellular communication terminal, corresponding to the Input function. For example, to transfer the code “0000” to the SIM card, the Code Generation Unit 14 will sequentially generate at the first output a sequence of four pulses and a fifth pulse at the eleventh output; for transmitting the “1234” code to the SIM card, the code generation unit 14 will sequentially generate one pulse at the second, third, fourth, fifth and eleventh outputs, etc.

The pulse from the eleventh output of the Code generation block 14 provides the beginning of the procedure for checking the correspondence of the entered code combination to the PIN code in the SIM card and at the same time resets and starts Counter 3 (via control input 2), and also, upon entering the memory block 11, it starts a new records.

The clock pulses from the third output of the mobile cellular terminal, arriving at the input of the SIM card, which is necessary to perform the authentication code verification procedure, are simultaneously sent to the input of Counter 3 and change the state at its output. If the values of the calculated clock pulses at the output of the Counter 3 coincide with the number N stored in the Data Register 5, the Comparison Device 4 issues a command to the input of the Managed Key 6, by which the latter ensures the opening of the second signal input with the second output and the closure of the outputs to each other, which ensures de-energizing the SIN card and interrupting the running algorithm before executing the procedure for recording the number of attempts to enter the PIN code in non-volatile memory.

During the execution of the SIM card operation algorithm, the strength of the current supplying it changes depending on the operations performed. This is due to the fact that during the execution of the algorithm when changing the operations performed in the processor of the SIM card, the number of open and closed valves changes. The current flowing through the Resistor 7 and the output stage of the Operational amplifier 8 provides a voltage drop across the Resistor 7, which is fed to the input of the ADC 9. Thus, the signal S (t), the level of which is proportional to the current supplying the SIM card, is fed to the input of the ADC 9. The sequence of discrete values of the signal level S (t) in digital form from the input of the ADC 9 is sent to the Memory Unit 11, where it is stored for subsequent processing as separate entries for each entered version of the authorization code (the beginning of a new entry is initiated by a pulse from the eleventh output of the Code generation block 14 entering the control input of the memory block 11).

When the Control Unit 15 receives a signal from the output of the Visual Control Unit 10 after the Control Unit 15 issues a command to the Code Generation Unit 14 to generate the last code combination from the second output of the Control Unit 15, a pulse is sent to the control input of the Processing Unit 13, by which the Processing Unit 13 reads the contents The memory block 11 and searches for the record that has the greatest difference from the others (for example, by calculating the cross-correlation coefficients of all the records and selecting the record with the smallest the sum of the values of the cross correlation coefficients with all other entries).

The number of the found record is sent from the output of the Processing Unit 13 to the input of the Display Unit 16. When sequentially entering all possible combinations of the authorization code, the number of the record (when starting from scratch) will be equal to the number that indicates the PIN code of the SIM card of the mobile cellular communication terminal to be examined . The display unit 16 displays the results of the PIN code search procedure.

The device can be used in two modes:

1 research mode;

2 The regime of forensic examination of a mobile cellular terminal.

In the research mode, the implementation of all connections and the establishment of the necessary voltage levels is carried out by a highly qualified specialist based on a study of the technical characteristics and features of the mobile cellular communication terminal. The results are recorded in the form of guidelines. The plugged-in SIM card must be of the same type as the SIM card of the mobile cellular communication terminal that has arrived for examination and have a known PIN code.

The number N of clock pulses is determined experimentally, during which part of the algorithm of the mobile cellular communication terminal is executed from the moment of requesting the PIN code of the SIM card to the moment of the start of recording the number of attempts to enter the authorization code in non-volatile memory.

In the forensic examination mode of the mobile cellular communication terminal, after all connections are made and the necessary voltage levels are established (in accordance with the methodological instructions), the number N is recorded in Data Register 5 and the PIN code is automatically selected. Further, information is read from the memory of the mobile cellular communication terminal and SIM-card and their image is formed in the memory of the personal computer 1.1 (operational or long-term, for example, on a hard magnetic disk).

After forming the image, further comprehensive study of the information is carried out when working with this image.

The proposed device can be used for all types of mobile cellular terminals having a user authorization procedure, however, due to the fact that the problem of access to information is most difficult to solve for mobile cellular terminals that are turned off with complete a priori uncertainty of its ownership, special significance has a practical solution precisely in relation to such devices (for example, if it is necessary to identify the identity of the victim).

When conducting an experimental check of the operability of the claimed device, a Tektronix TDS5104B digital oscilloscope was used as series-connected elements of the circuit: ADC 9 and Memory block 11.

As an operational amplifier 8, an operational amplifier AD8055 was used, as a resistor 7, a resistor of nominal value 330 Ohms.

The functions of the Processing Unit 13 and Display Unit 16 were implemented on a PC. Comparison of the realizations of the signal S (t) recorded in the memory of the oscilloscope corresponding to all entered code combinations from “0000” to “9999” was carried out by calculating the cross-correlation coefficient of the implementation of the signal S (t). The choice of the implementation of the signal S (t), which has the minimum value of the total cross-correlation coefficient with the other implementations, made it possible to correctly obtain the value of the PIN code.

Thus, the technical problem of the invention is solved. The proposed device will provide a radical increase in the potential for examination:

- due to the automation of the search process increases the efficiency of the process;

- the expert’s search using a technical device ensures the interconnected operation of the elements of the technological chain and the possibility of documenting actions.

BIBLIOGRAPHY

1. Zubakha B.C., Usov A.I., Saenko G.V., Volkov G.A., Bely S.L., Semikalenova A.I. General provisions on the designation and production of computer-technical expertise: Methodological recommendations. - M .: GU EKTS Ministry of Internal Affairs of Russia, 2000. - 65 p., 6 ill., Bibliographer., Adj.

2. Sheludchenko V.I. Technical and forensic tools and methods for collecting computer information // Materials of the All-Russian Interdepartmental Seminar. - Belgorod: Ministry of Internal Affairs of the Russian Federation, 2002. - S.205-207.

3. Kopytin A.V., Marshalko B.G., Fedotov E.T. Forensic examination of a personal computer // Materials of the All-Russian Interdepartmental Seminar. - Kazan: Ministry of Internal Affairs of the Republic of Tatarstan, 2004. - C.115.

4. Aikov D., Seiger K., Fopstorh U. Computer crimes. Guide to the fight against computer crime / Per. from English V.I. Voropaev and G.G. Trekhalin. - M .: Mir, 1999.

5. Semenov N.V., Motuz O.V. Forensic-cybernetic examination - a tool to combat crime of the XXI century // Information Protection, Confident, 1999, 1-2.

6. Golubev V.A., Zaitsev I.E., Saibel A.G. An automated workstation for conducting forensic examinations of electronic information carriers. RF patent No. 2297664 dated 04/20/2007

7. Golubev V.A., Saibel L.V. A device for the examination of electronic notebooks. RF patent №2320010 dated March 20, 2008

Claims (1)

A device for conducting examinations of mobile cellular communication terminals, consisting of an automated workstation for conducting forensic examinations of electronic information carriers 1, characterized in that an additional device for providing access to a closed information authorization code 2, including a counter 3, a comparison device 4, a register, is also introduced 5, controlled key 6, resistor 7, operational amplifier 8, analog-to-digital converter (ADC) 9, visual control unit 10, memory unit 11, interface unit tions 12, processing unit 13, code generation unit 14, the control unit 15, display unit 16, the first input of the counter 3 is counting input device providing access to sensitive information authorization code 2; the outputs of the counter 3 and data register 5 are connected to the first and second inputs of the comparison device 4, respectively, the output of which is connected to the control input of the managed key 6; the output of the operational amplifier 8 is connected through an ADC 9 to the input of the memory unit 11, the output of which is connected to the input of the processing device 13, the output of which is connected to the input of the display unit 16; the output of the visual control unit 10 is connected to the input of the control unit 15, the first output of which is connected to the input of the code generation unit 14, and the second to the control input of the processing device 13; the first to eleventh outputs of the code generation unit 14 are connected to the first to eleventh inputs of the interface unit 12, respectively, the eleventh output of the code generation unit 14 is also connected in parallel to the control inputs of the counter 3 and the memory unit 11; the first to eleventh outputs of the interface unit 12 are the information outputs of the device for providing access to the closed authorization code information 2; the first and second outputs of the managed key 6 are the first and second outputs of the device for providing access to the closed information authorization code 2, the second signal input of the managed key 6 is the second signal input of the device for providing access to the closed information authorization code 2, the first signal input of the managed key 6 is connected with the inverse input of the operational amplifier 8 and through a resistor 7 connected to the output of the operational amplifier 8, the direct input of the operational amplifier 8 is the first signal nym input devices for access to classified information authorization code 2.

Images