Abstract [eng] |
Computer crime is carried out with the help of computers, computer networks, and modern information technologies. Searching for digital evidence of these crimes requires specific expert knowledge and technical means, as the tool or computer technology for gathering information, planning and executing criminal activity, and illicit data exchange becomes a tool of illegal activity. The amount of data stored on computers has been growing rapidly every year, which makes investigation of digital evidence in cybercrime both time-consuming and difficult because of the need to investigate a large amount of data and provide well-grounded detailed proof. This dissertation examines the problem of the emergence of a specialized, appropriate method and tool that helps an expert reduce the sample of the investigated data and deliver digital crime investigation choices. So far, specialized tools and techniques to automate expert research are insufficient. This dissertation consists of an introduction, five main sections, and general conclusions. The first section reviews the problem of searching for digital evidence of crime, and looks at the already existing search tools, models, and methods. The second section proposes a multilayered ontology-based system for selecting the right tool for searching digital evidence. A wireframe, a taxonomy of digital evidence, is proposed to allow the categorization of evidence and the selection of the right tool for digital forensic. The third section proposes a model to reduce the sampling of the digital evidence found by applying user digital profiling to their digital ‘habits’. The fourth chapter proposes the Digital Evidence Object model, a method of expert investigation of cybercrime aimed to search for digital evidence of these crimes. The fifth section describes the proposed DEO model application experiment which compares the results with similar tools available on the market. There was a positive evaluation of the numerical error finding obtained; the developed model was compared to the COCOMO II model, which allows determining the applicability of the model. The work is summarized by general conclusions confirming the need for the newly proposed object model of digital evidence and its suitability for use in experimental investigation of the digital evidence of cybercrime. |