RU2764396C1 - Device for conducting computer forensic examinations of smart television receivers - Google Patents

Abstract

FIELD: computer technology.SUBSTANCE: device for the creation of an information copy of a smart television receiver consists of a personal computer (hereinafter – PC), wherein it additionally contains a pulse generator, a controlled key, an infrared emitter, a control device, a digital camera, a sensor screen, while to PC, the control device is connected, to which the digital photo camera, the sensor screen and the controlled key, through which an output of the pulse generator is connected to an input of the infrared emitter, are connected.EFFECT: providing the possibility of creation of an information copy of the smart television receiver in the form of a large binary object.1 cl, 4 dwg

Description

The proposed device relates to the field of forensic science and forensic science, namely, the use of technology for controlled photofixation of a trace pattern to increase the efficiency and economic efficiency of examinations and expert studies of electronic information carriers (ENI) in the form of intelligent television receivers (smart TV) by automating a number of operations.

The proposed device allows you to quickly create a large binary object as an information copy of an intelligent television receiver (ITR) with high reliability, while the quantitative and qualitative characteristics of the ITP do not change, which is crucial for ensuring the validity of the results of the forensic examination procedure.

One of the types of forensic science is computer forensics (CE). At this stage of development, CE is an independent kind of forensic forensic examination, belonging to the class of engineering and technical examinations and carried out in order to: determine the status of an object as a computer tool, identify and study its trace pattern in the crime under investigation, and also gain access to computer information on information media, followed by a comprehensive study of it. These goals appear to be generic tasks of CE [1]. At the same time, ENI act as information carriers for this type of examination, which can be: electronic (flash cards, smart cards, sim cards, built-in memory devices of mobile communication devices, computers and gadgets, hard disk drives) information carriers, as well as magnetic (magnetic tape and disk drives) and optical (CD, DVD) information carriers in conjunction with electronic-mechanical devices that ensure the pairing of these information carriers with a computer.

The process of collecting evidence for crimes involving the use of computer tools includes, first of all, the detection, recording and seizure of computer information. The tactics of investigative actions for the disclosure and investigation of crimes in the case under discussion is inextricably and directly dependent on the special means and tools used. These technical means should be designed for the search and preliminary study of ENI, which may subsequently acquire the status of physical evidence. Devices, apparatus, equipment, tools, accessories used for collecting and examining evidence in the course of legal proceedings are commonly referred to as "forensic technology".

The primary basis of the considered class of forensic technology is hardware and software tools, techniques and methods borrowed from such areas of science and technology as: computer technology and programming, radio engineering and electronics, computer networks and telecommunications, cryptology and information security.

Gradually, forensic technology is replenished with tools, techniques and methods specially developed for the purpose of researching and solving crimes in the field of computer information.

At the stage of formation of CE, the following tools were the typical technical and forensic equipment for collecting computer information [2]:

- a personal computer (PC), with sufficient speed and RAM capacity, which has the ability to preliminary complete physical copying of the studied data carriers (including hard drives) to a working hard drive of the appropriate capacity (often in a removable version);

- operating system of the Windows family installed on the specified PC with a set of system and application utilities (for example, Norton System Work);

- file managers (including those with support for MS DOS sessions), extended application software (MS Office, graphics packages (PhotoShop, CorelDraw), etc.);

- a set of blank CDs and/or CD-Rs;

- CD-RW device for recording on CDs;

- necessary interface cables (including null-modem cable);

- a set of CDs and flash drives (bootable and with service utilities) to determine the configuration of the personal computer under study, its characteristics;

- a set of CDs and flash drives with virus diagnostic programs;

- packaging material: rigid boxes for packaging seized system units and data carriers; antistatic bags for data carriers, plastic bags and canvas bags; paper for sealing connectors, glue, adhesive tape;

- auxiliary tools - an electronic tester, screwdrivers, pliers, etc. (for example, to disconnect connectors, open casings of system units, remove hard drives).

The means of researching information stored in digital form should provide [3]:

- technical ability to access information contained in the object of study (hard disk drives, magnetic disks and tapes, magneto-optical disks, streamer cassettes, optical disks, flash memory and other information storage media);

- fixation of information without destroying or changing the object of study (for example, on hard drives of laboratory computers, recordable optical discs);

- transformation of information into a form accessible to the perception of an expert (software for searching and visualizing information).

These tasks are solved jointly by modern technical and software tools for research support.

Thus, we can conclude that the methodology for solving any problem in computer forensics should be refined when a new generation of hardware or new versions of software appears [4, 5].

Thanks to the presence of highly qualified specialists in a number of leading expert organizations, technologies for conducting practical work on conducting forensic examinations of ENI are being developed. To do this, a whole range of specific non-standard work is being carried out, and appropriate tools are being developed and mastered.

The result of the relevant work are automated workstations (AWP) (software or software and hardware systems) for all specific types of work.

Methodological developments and automation tools, accumulating the knowledge and experience of unique highly qualified specialists, make it possible to increase the level of solving CE issues by small forces on the ground, by entrusting these tasks to small groups or individual full-time experts.

The PROPLAN system became the first domestic workstation for conducting CE.

Automated workplace PROPLAN for conducting computer expertise is a specialized software and hardware complex that provides automation of the activities of the expert and his workplace during CE.

The technical part of the complex is:

- stand for the study of information carriers,

- a personal electronic computer (PC) for processing research data and preparing an expert opinion.

The software part of the complex consists of a set of general and special software (OMO and SMO).

The “PRO-professional system for solving search problems and logical analysis of computer media” (“PROPLAN”) is used as a QS.

The main disadvantage of this workstation is the impossibility of connecting ENI of new types that appeared after its creation and the impossibility of upgrading it to eliminate this drawback due to the limited number of system interrupt codes corresponding to the maximum number of connected external devices.

This shortcoming has been eliminated in the automated workplace for conducting forensic examinations of electronic information carriers [6], which at the present stage is a typical software and hardware equipment of CE units in most regions of Russia.

AWS for conducting forensic examinations ENI consists of a stand for ENI research and a PC for processing research data and preparing an expert opinion. The ENI research stand consists of a controlled switching device that provides the ability to interface an electronic information carrier and a PC via information buses and control buses, and a regulated voltage source.

The ENI examination method implemented with the help of this workstation is as follows:

- read data from ENI;

- form in the memory of the automated workplace for conducting forensic examinations of electronic storage media a binary large object as an information copy of ENI;

- carry out the processing of a large binary object by the AWS hardware using special software to obtain answers to the questions posed to the expert. If necessary, use the capabilities of hardware and software tools of other forensic departments, for example, when conducting examinations and studies of cards with a magnetic stripe [7];

- form the final expert opinion.

This workstation allows you to perform a full range of operations for processing information stored on ENI. At the same time, a significant drawback of this workstation is the impossibility of studying ENIs that do not have a standard computer interface.

This workstation was chosen as a prototype.

A fairly new object of expert research is an intelligent television receiver, often referred to as a TV with a smart TV function or simply smart TV, the essential feature of which is the combination of the qualities of both a television receiver and a computer, which makes it possible to attribute this class of devices to the objects of computer expertise [ eight].

Such devices appeared in everyday life less than twenty years ago as televisions with the function of controlled recording of television programs on a built-in digital data storage device with the possibility of subsequent viewing of recorded television programs.

In the future, the smart TV expanded its capabilities to a full-fledged computer, which, if connected to the Internet, allows you to implement a home media center that, in addition to watching television programs, provides the opportunity to spend time playing a personal or network game, surf the Internet, communicate with remote subscribers and distributed groups of subscribers in the formats of telegraph, videotelegraph (fax), telephone, videotelephone or television communication, as well as to transmit and receive signals and data to perform legally significant actions and other purposes, depending on the pre-installed and specially installed software [9, 10]. These devices do not have output connectors, with the exception of USB, for connecting external computer devices. User information is stored in the device memory and in the cloud storage in encrypted form.

A forensic expert study of smart television receivers (smart TV) is carried out in order to identify and analyze the list of installed user applications and their settings, the list of connected devices, the content of accounts and logs of browsers, instant messengers and social networks, as well as data located in cloud storages.

Access to the listed information can be carried out using the screen of the studied television receiver, while the control is carried out using the control panel or keyboard, if available. Fixing information for drawing up an expert opinion is carried out using a camera.

Due to the large number of manufacturers and the lack of unification of operating systems and smart TV control protocols, the procedure for examining each instance is a complex expert task, which is further complicated in the absence (malfunction) of the control panel and description of this smart TV model.

The aim of the invention is to automate the examination of smart TV by using hardware and software, which will increase the efficiency of computer forensic examination.

The essence of the invention

The device, consisting of a personal electronic computer (PC), is characterized in that it contains a pulse generator, a controlled key, an infrared emitter (IR emitter), a control unit, a digital camera and a touch screen.

List of figures

Fig. 1 - Diagram of the Device. The main elements of the system and the links between them are shown.

Fig. 2 - Appearance of the Device prototype screen. The main elements of the interface are shown.

DEVICE ELEMENTS

This goal is achieved by the fact that the device consists of (see figure 1):

- pulse generator 1,

- managed key 2,

- infrared emitter 3,

- personal electronic computer (PC) 4,

- control unit 5,

- digital camera 6,

- touch screen 7.

PURPOSE OF EACH ELEMENT OF THE DEVICE

The pulse generator 1 is a device that generates a sequence of short pulses (the duration of the pulses is significantly shorter than the duration of the pulse used to control the ITP in accordance with the protocol used by the manufacturer).

Managed key 2 is a device that passes the input signal to the output if there is an enabling signal at the control input.

The IR emitter 3 is a device that emits in the infrared range when there is a signal at the input. Provides control of the television receiver.

PC 4 is a device that provides the ability to input / output, storage and processing of data through the use of general and special software.

The control unit 5 provides for receiving and storing control commands from the PC 4 and their transmission to the inputs of the blocks 2, 6, 7 controlled by it, as well as receiving and storing data from the digital camera 6 and the touch screen 7, as well as transmitting data to the PC 4.

Digital camera 6 is a device that provides controlled photographic fixation of the screen of the TV receiver under study.

Touch screen 7 is a device that provides information display, as well as the formation of control signals using a virtual keyboard.

DESCRIPTION OF THE DEVICE IN STATIC

The output of the pulse generator 1 is connected to the input of the IR emitter 3 through a controlled key 2, the control input of which is connected to the output of the control unit 5, the first input/output of which is connected to the PC 4, the second input/output of which is connected to the digital camera 6, and the third input / whose output is connected to the touch screen 7.

DEVICE DESCRIPTION IN DYNAMICS

The operating principle of the Device for conducting computer forensic examinations of intelligent television receivers is as follows. Using PC 4, the formation and transmission to the control unit 5 of the chain of commands for controlling the television receiver is carried out.

The control unit 5 generates at the input of the controlled key 2 a sequence of video pulses, the duration of which corresponds to the format of the control signals of the television receiver of the type under study; this sequence of video pulses acts as a binary modulating function for the amplitude of the sequence of pulses supplied to the input of the IR emitter from the pulse generator 1. The signals emitted by the IR emitter 3 control the intelligent television receiver under study, as a result of which its screen displays the settings, the contents of folders, accounting records, etc.

After the completion of the transmission of the next command and the end of the waiting period specified by the software for the studied model of an intelligent television receiver, the control unit 5 sends a command to the input of the digital camera 6 to photograph the image of the screen of the studied intelligent television receiver. The sequence of photocopies of the screen of the studied intelligent television receiver is stored in the memory of the digital camera 6 and, on command from the control unit 5, is transmitted through the control unit 5 to the PC 4, where the final expert opinion is formed.

The interaction of the operator with the control unit 5 is carried out using the touch screen 7, which displays the current settings, duplicates the field visible by the digital camera 6, and also displays a virtual keyboard, using which the operator can control the studied intelligent television receiver (as a television remote control), select from the list of models of intelligent television receivers available for research, a specific model, control a digital camera 6, etc.

An experimental sample of the Device for conducting computer forensic examinations of intelligent television receivers is shown in Fig. 2. The control unit 5 is made on the basis of the Raspberry Pi Model 3 V module, the Raspberry touchscreen is used as a touch screen 7, and the Raspicam modular camera integrated into the device case or an externally connected digital camera is used as a digital camera 6.

The proposed device allows you to automatically generate in the memory of the PC 4 an information copy of the studied intelligent television receiver in the form of a binary large object, represented by a sequence of photographs of the screen of the studied intelligent television receiver.

Thus, the purpose of the invention is achieved.

BIBLIOGRAPHY

1. Zubakha B.C., Usov A.I., Saenko G.V., Volkov G.A., Belyi S.L., Semikalenova A.I. General provisions for the appointment and production of computer-technical expertise: Guidelines. - M.: GU ECC of the Ministry of Internal Affairs of Russia, 2000. - 65 p., 6 illustrations, bibliography, app.

2. Sheludchenko V.I. Technical and forensic means and methods of collecting computer information // Proceedings of the All-Russian Interdepartmental Seminar. - Belgorod: Ministry of Internal Affairs of the Russian Federation, 2002. - S. 205-207.

3. Kopytin A.V., Marshalko B.G., Fedotov E.T. Forensic examination of PC // Proceedings of the All-Russian Interdepartmental Seminar. - Kazan: Ministry of Internal Affairs of the Republic of Tatarstan, 2004. - P. 115

4. Aikov D., Seiger K., Fopstorkh U. Computer crimes. Guide to Combating Computer Crimes. Per. from English. IN AND. Voropaeva and G.G. Trekhalin. - M.: Mir, 1999.

5. Semenov N.V., Motuz O.V. Forensic cybernetic expertise - a tool to combat crime in the XXI century//Information security, confidant, 1999, 1-2.

6. Automated workplace for conducting forensic examinations of electronic media. Patent for the invention of the Russian Federation No. 2297664 dated 04/20/2007.

7. Cloud service and system for conducting computer forensic examinations of magnetic stripe cards. Application for invention No. 2012109413/08 dated March 12, 2012.

8. Meshcheryakov V.A. Crimes in the field of computer information: legal and forensic analysis. - Voronezh, 2001.

9. GOST 19.101-77. ESPD.

10. GOST R 51904-2002.

Claims (1)

A device for creating an information copy of an intelligent television receiver, consisting of a personal electronic computer (PC) 4, characterized in that it additionally includes a pulse generator 1, a controlled key 2, an infrared emitter 3, a control device 5, a digital camera 6, a sensor screen 7, while a control device 5 is connected to the PC 4, to which a digital camera 6, a touch screen 7 and a controlled key 2 are connected, through which the output of the pulse generator 1 is connected to the input of the infrared emitter 3; using a PC 4, they form and transmit to the control unit 5 a chain of commands to control the television receiver, after which the control unit 5 generates a sequence of video pulses at the input of the controlled key 2, the duration of which corresponds to the format of the control signals of the television receiver of the type under study, and this sequence of video pulses acts as binary modulating function for the amplitude of the sequence of pulses supplied to the input of the IR emitter from the pulse generator 1; the signals emitted by the IR emitter 3 control the intelligent television receiver under investigation, as a result of which settings, the contents of folders, accounts, etc. are displayed on its screen; after the completion of the transmission of the next command and the end of the waiting period set programmatically for the studied model of an intelligent television receiver, the control unit 5 sends a command to the input of the digital camera 6 to photograph the image of the screen of the studied intelligent television receiver, while the sequence of photocopies of the screen of the studied intelligent television receiver is stored in memory digital camera 6 and on command from the control unit 5 is transmitted from the digital camera 6 through the control unit 5 to the PC 4, where the final expert opinion is formed.

Images