Security measures in WINDOWS, UNIX and MACOS

Криони А.Е.
Author:
Krioni A.E.
Share LI Share FB

Security measures in WINDOWS, UNIX and MACOS

01 July 2022 | 584 views

To obtain evidence of illegal use, the Detective collects electronic documents. The legal basis for the collection of electronic documents is the Law of the Russian Federation «On private detective and security activity in the Russian Federation» of 11 March 1992 2487-1, which in article 3 provides for the collection of information for business negotiations.

Article 5 of the Act lists the methods of private investigation. In the course of private criminal investigation, the study of objects and documents is permitted with the written consent of their owners.

In the collection of electronic documents, the private investigator takes the initiative to act as a counterparty by offering a potential partner a normal commercial transaction. The advantage of this method is that it makes it possible to enter into a legal transaction in such a way that, at the pre-contractual stage, the entire list of the seller’s internal documents is collected with the seller’s consent without arousing suspicion. For this purpose, the detective contacts the audited person by e-mail and creates a business subpoena in which the counterparty voluntarily hands over the electronic documents to the auditee. For the sake of brevity, Figure 1 shows a private investigation template this type of a case.

scrennwin.png
Figure 1. Methodological recommendations for identify counterfeit software to Russian private investigators

These are documents that traditionally accompany business, such as catalogues, printing, etc. The most valuable documents for determining whether a counterparty is using unlicensed software are bills for repayment of services, offer and draft contract. Having such documents created with the help of Microsoft Word and Microsoft Excel programs, it is possible to determine the name of the author and the date of preparation of the document, as well as the name of the operating system installed on the computer of the author of the submitted business correspondence.

To ensure that the counterparty uses licensed software, detectives’ resort to comparative research methods. This is a separate field of private investigations, which presupposes a qualitative comparison of collected documents with «attributes» embedded in a text editor, in order to identify certain patterns.

The author of a document, in one way or another, and sometimes without any consideration being given to establishing his malicious intent, always reveals himself in his own correspondence. You could say he’s leaving some kind of fingerprint in the form of a tag to use on his computer to build an unlicensed operating system. For example, if in the line in the field «Author» and «Organization» you meet a record of Grizli777, OVGorskiy , StartSoft, UralSOFT, Lopatkin, SURA SOFT or KottoSOFT - this says, that the document is most likely produced by a computer program with indications of inconsistency with its licensed analogues (counterfeit) (see Fig. 2). 

win.jpg
Figure 2. Screenshot created on detective’s computer screen: iMac 21.5-inch, mid-2010, serial number W80517G1DAS, ATI Radeon HD 4670 256 MB graphics processor; system version: macOS 10.13.6 (17G11023), kernel version: Darwin 17.7.0, boot volume: Mac HD; on Thursday, 16 November 2020 at 11:54.

When a detective has formed an opinion that the software, the same Windows or Mac OS, is likely unlicensed, the collection of documents can be considered complete.

The detective then moves on to the final stage of identifying the user of the counterfeit software.

<...>

Case Studies

Detective Protocol

The Protocol is a process where two or more detectives interact with analytical tool ... [...]

More