DIGITAL FORENSICS: PROBLEMS OF THEORY AND PRACTICE

Abstract

Abstract. Every year, innovative technologies are increasingly being introduced into various spheres of public life. No exception in this sense is forensics, which the newest technologies have allowed to bring to a new stage of development. In particular, thanks to the latest technologies, a new field of forensics has emerged, which is digital forensics. Therefore, digital forensics (forensics, computer forensics, cybercrime investigations) is the applied science of computer-related crime disclosure, the study of digital evidence, the methods of finding, obtaining and securing of such evidence. Digital forensics is "one of the forensic fields that focuses on criminal procedure law and evidence regarding computers and related devices", such as mobile devices (phones, smartphones, etc.), game consoles, and other devices that function over the Internet (health and fitness devices and medical devices, etc.). Digital forensics, in particular, refers to the process of collecting, obtaining, storing, analyzing and presenting electronic evidence (also known as digital evidence) for the purpose of obtaining investigative information and investigating and prosecuting various types of crime, including cybercrime. Digital forensics originated approximately in the 1980s. The first stage in the development of digital forensics covers 1985-1995. This phase involved the use of program codes to view data on internal operating systems and computer hardware. The second stage of the development of digital forensics is 1995-2005. It was marked by the emergence of cybercrime and the need to combat it. The third stage of the development of digital forensics took place in 2005-2010. During this period, complex digital models of crime investigation emerged. One such model, which is widely used in the world, is the "Generic Computer Forensic Investigation Model" (GCFIM). The current stage of the development of digital forensics begins around 2010 and continues to this day. Digital forensics involves the processes of identifying, receiving, storing, analyzing and presenting of digital evidence. The digital evidence must be authenticated to ensure that it is admissible in court. Ultimately, forensic artifacts and forensic techniques (such as static or real-time data collection) depend on the device, its operating system, and its security features. Patented operating systems (which investigators may be unfamiliar with) and security features (such as encryption) are barriers to digital forensics. For example, encryption that blocks thirdparty access to user information and messages may prevent law enforcement agencies from accessing data contained on digital devices such as smartphones. However, digital forensics in developed countries is developing at a rapid pace and is worth resisting the spread of cybercrime. Our country is no exception. In particular, a special unit for combating cybercrime was created within the national police a few years ago. However, in order for the domestic law enforcement agencies to really be able to use the full range of capabilities that modern technologies provide, it is necessary to complete the process of integrating of domestic law enforcement structures into the European space as soon as possible.