Problems with the use of forensic techniques in the judicial investigation of the authenticity of an electronic digital signature.

This article aims to study the tactical foundations of conducting a forensic study of the authenticity of an electronic digital signature and documents that raise doubts about their reliability. The methodological foundations of identification, classification and search studies of “electronic traces” and signatures of the transformation made on the basis of algorithms with imitation and use of the latest methods are given. To identify “electronic traces” the functions of using hardware and technical means for counterfeiting an electronic signature are specified and methods of establishing to determine the kind and type of a particular device on which the documented information was manipulated. There are considered sets of features that allow identifying parts and details of documents subjected to an unsanctioned modification, as well as a specific list of correctly formulated questions, which should be put to the expert in the decision on the appointment of an examination to determine signs of forgery.


Introduction
Currently, cases of illegal alienation of property by means of forging an electronic digital signature have become more frequent. Transactions made using an electronic digital signature (EDS), which is analogous to this signature, as specified in the Federal law Federal Law of 06.04.2011 N 63-FL (red. From 08.06.2020) "On Electronic Signature", according to which an Electronic signature is equal to this signature of an individual and is applied by a specified group of users, and is implemented when registering transactions [1]. Among the works assigned to this group, it is impossible not to mention the article of RM Allalyev, VV Belyay. On the issue of digital rights in the Legislation of the Russian Federation, containing a comprehensive study of the problems of legal regulation of information technologies, based on recent Russian legal sources and their comparative analysis with foreign analogues. The authors considered the legal aspects of building an information society, the use of electronic documents and electronic signatures. analyzing this article, it should be noted that you can get a certificate of this signature in the name of each subject, provided that you have passport data and the insurance certificate of the pension Fund number [2]. It should be noted that the algorithm by which you can ensure your security in the information space does not currently exist, this is stated in the article Yadova N. E., Rusyaeva D. O. "Effective communication in e-commerce" [3]. drawing conclusions from which, it becomes clear that accredited certification centers issue qualified signatures in huge IOP Publishing doi: 10.1088/1757-899X/1069/1/012005 2 quantities. When applying to the Certification Center, a citizen is required to provide a passport and personally sign the documents required for issuance [3]. However, those employees who are authorized to check this person, their passport, and signature for authenticity dos'n always distinguish a fictitious passport from a real one. In addition, attackers can inject malware into a computer system that can output one type of document for visualization, and the user electronically signs another document that will be sent to the recipient. As a result of such implementation, a payment order generated by a malicious program will sent to a Bank or other institution. Ideally, there is a need to develop a digital signature that represents additional information attributed to the protected data. In order to understand the mechanism of conducting a forensic examination, you need to understand the essence and algorithm of forming this signature. Authors Jue-Ming, Chen-Hao, Zhang-Shan, Mei-Zhang, Qian-Wang. The article "Practical decoy-state quantum digital signature with optimized parameters" defines the legal status of computer information, which is divided into two types: documented information that has the form of a document and information that does not have a documented form. In order for information to have the status of a document as a type of information, it must have details that allow you to determine the authorship and authenticity of the data available in the document [4]. In electronic document management, according to the legislation, the confirming requirement is an electronic signature, both simple and enhanced, despite the fact that codes and passwords are used as analogues of a handwritten signature.An electronic digital signature is a block of electronic information attached to a certified document. This data allows you to identify the subject who certified the document and the encryption algorithm. As indicated in the work of R. J. Barceló, T. Vinje "Towards a european framework for digital signatures and encryption": The European commission takes a step forward for confidential and secure electronic communications. "the encryption Algorithm provides functions that determine: 1. the Integrity of an electronic document. 2. Authenticity of the transmitted data. 3. No changes in the document and no modified elements in it 4. Identification of authorship in the document (at the same time, it is unacceptable for the subject of the signatory to deny the fact of signing the document) [5].
The concepts and main provisions of the use of an electronic digital signature, as well as the procedure for its application, are discussed in international regulations, such as the UNCITRAL Model Law on Electronic Signatures with Guide to Enactment 2001. New York: UNITED NATIONS, 2002. In particular, the British act defines an electronic signature as "information in electronic form that is attached or logically associated with other electronic information and can be used as an identification method". the problem of its authenticity corresponds to the complexity of the digital signature key and is the only unique string of characters intended for creating an electronic digital signature, that is, for converting a document [6]. As noted in the work of Finnish researchers Pascale-L. Blyth Of Cyberliberation and Forbidden Fornication: Hidden Transcripts of Autonomous Mobility in Finland, where it is noted that the signature verification element is a certain string with characters corresponding to the digital signature key. The key allows you to decrypt and verify the authenticity of the signature. An accredited organization that registers EDS is issued a special document on paper or electronic media called a key certificate for identifying an electronic signature [7]. the key certificate certifies that the encryption key belongs to its owners. An electronic digital signature is generated using encryption algorithms, the same cryptographic tools allow you to verify the authenticity of the key, which is noted in the research given in the article Diffie W., Hellman M. E. New Directions in Cryptography the authors indicate the following types of electronic digital signatures: -simple, unskilled and qualified [8].
The use of a simple digital signature is well reflected in the article Rivest R., Shamir A., Adleman L. A method for obtaining digital signatures and public-key cryptosystems, in accordance with the proposed method, such a signature is formed using encryption, as well as passwords and other means and confirms the creation of an electronic digital signature by a specific subject. An unqualified digital signature must meet the following requirements: it is performed in the process of data conversion based IOP Publishing doi:10.1088/1757-899X/1069/1/012005 3 on the key of an electronic digital signature and confirms the authentication of the subject certifying this document [9]. This aspect is also mentioned in Baum M. S. Secure electronic commerce -II: the ABA digital signature guidelines, where the requirement to use a non-qualified signature serves as a definition of authenticity in electronic document management used in electronic Commerce [10]. The scientific article Rivest R., Shamir A., Adleman L. " A method for obtaining digital signatures and public-key cryptosystems specifies a method that allows you to detect document modification or if an attacker made unauthorized changes to the document after signing. A qualified digital signature, in addition to having the features inherent in an unqualified digital signature, has additional features. It is fixed in a qualified certificate with an element confirming the key for verifying an electronic digital signature. These two types of unqualified and qualified signatures are also referred to as enhanced, despite the fact that the functions used to create an electronic digital signature must meet the requirements for the formation of an electronic digital signature [11]. A scientific and up-to-date approach to compliance with authentication rules based on cryptographic algorithms is given in the Tanmay study. Choudhury Postquantum digital signature scheme based on multivariate cubic problem NibeditaKundu, where the proposed method determines the dependence of the digital signature on the data contained in the signed document and the existence of a key available only to the person signing it, is a mandatory requirement for the implementation of secure document flow [12]. It is also necessary to note the works of other foreign authors who offer methods for determining the legality of electronic document management, such as S. Aggarwal, N. Kumar. "Digital signatures", which provides General concepts of the use of signatures in the implementation of transactions using information technologies [13], as well as A. S. Kittur, A. R. Pais "Batch verification of Digital Signatures: Approaches and challenges" dedicated to the method of batch verification of digital signatures [14]. In addition, the Protection of e-Commerce using digital signatures is analyzed in the article "Securing electronic commerce with digital signatures" by A. Bequai, which offers a new approach to determining the requirements that documents of this type should have. Thus, Russian and foreign authors devote a huge array of research on the issue of personal identification when making transactions using information technology and determining the authenticity of the signature of the final document and making it legally sound. without the involvement of these sources, it would be impossible to write individual paragraphs of this scientific article.

Relevance and problem statement
The digital signature key is the only unique character string for creating a digital signature, that is, for converting a document. The signature verification element is a specific string with characters corresponding to the digital signature key. The key allows you to decrypt and authenticate the signature. An accredited organization that registers an electronic digital signature is issued a special document on paper or electronic media called a key certificate to identify the electronic signature. This key certificate verifies that the encryption key belongs to its owners. A digital signature is generated using encryption algorithms; the same cryptographic tools allow you to authenticate the key [2].
The Federal Law "On Electronic Signature" specifies the following types of electronic digital signatures: 1. Simple 2. Unqualified 3. Qualified A simple digital signature is formed using encryption, as well as passwords and other means and confirms the creation of an electronic digital signature by a particular subject. An unqualified digital signature must meet the following requirements: it is carried out during the data conversion process based on the digital signature key and confirms the authentication of the entity certifying this document. [3]. Allows you to detect a modification of a document or if an attacker made unauthorized changes to the document after signing. A qualified digital signature, in addition to possessing features inherent in an unskilled digital signature, has additional features. It is fixed in a qualified certificate with an element confirming the key for verifying the electronic digital signature. These two types of unskilled and qualified signature are also called enhanced, while the functions used to create an electronic digital IOP Publishing doi:10.1088/1757-899X/1069/1/012005 4 signature must comply with the requirements of the Federal Law. The dependence of a digital signature on the data contained in the document to be signed and the existence of a key available only to the person signing it is a mandatory requirement for the implementation of a secure document flow [4].

Рroblems formalizing the authentication of digital signatures
The essence of the identification mechanism is that the digital signature confirms that the signing entity intends to sign the electronic document and it was he who did this not by chance. The presence of a digital signature binds the fact of signing and allows you to record the time of such signing. As a result of these requirements, the person who signed the electronic signature is deprived of the opportunity to refuse to sign. The subject of research in undocumented electronic information is both the content of information and the material medium on which this information is contained, in addition, during the study of electronic documents, the main object of the study is the details, hardware and software used in their creation [5].
As with any forensic study, when implementing the authentication of an electronic digital signature, it is necessary to identify traces left by the attacker, and when studying documents created by the use of information technologies -electronic traces that allows the expert to conclude that unauthorized access occurred as an intrusion. In forensic science, there are several terms that denote these traces: virtual, computer, machine, digital, electronic and some other terms. The relevant terms have a relationship with an aspect of the study of such traces. The main means of information processing is an information system, therefore, this terminology conveys a special role as the main type of data transfer and, accordingly, the type of data processing, therefore, in the term "computer trace" the main role of the computer system as the dominant information processing function is transmitted [6]. The presence of "electronic traces" depicts the course of the scenario of actions of a technician functioning on the interaction of an array of electronic microcircuits, «digital traces»are able to display the form of presentation of information created and processed by transmission through digital channels. Used as synonyms "computer," "electronic," "digital traces," combine an important factor consisting of two elements of the information itself as a phenomenon of objective reality and the material medium on which this information is fixed. The filling of computer information is presented in the information system in digital form, adapted for storage and processing of the electronically calcined machine, and the electromagnetic field is its material carrier. The properties of the electromagnetic field, on which a certain amount of computer information is recorded, allows it to be located in a certain technical device (in a computer system or its external devices, in a removable medium, etc.), can be contained and transmitted by wireless communication or can exchange data via wired channels. The technical tool on which the information of interest is available in the expert study is studied as a secondary material medium of information. Such types of technical devices with precise spatial boundaries have a certain shape, for example, a computer, a removable storage medium. In the case of data exchange over a wired network, it is theoretically possible to allocate and establish such boundaries, but it is not possible to practically set and record the time of presence of certain information on a particular section of the network. A feature when computer information exists outside the technical device is that it does not have a real (object) form. Thus, the computer information medium can be both material and fixed on a hard disk or removable electronic media, and without having an object form when transmitting information via wireless channels in computer networks or via WI-FI, will nevertheless be subject to investigation [7].
The subject area of forensic research on the technical and software tools that create data digital signatures, as well as electronic and digital tools, includes the development of mechanisms, methods and recommendations for the recording, detection, seizure, storage and research of electronic traces, as well as the forensic study of these traces, as one of the complex and difficult methods of forensic examination, which is justified by the specific features of such objects. Information processed and transmitted by technical devices is not available for human perception because it is represented in the form of zeros and ones, while a certain amount of the presented information is not uniquely assigned to a specific material medium, and an electromagnetic field acting as a computer information medium IOP Publishing doi:10.1088/1757-899X/1069/1/012005 5 cannot be individualized. A feature is such a fact that without mutual changes in the content of computer information, it can be segmentally separated, or the content of information can be separated from its material medium without mutual changes, which does not cause a change in its medium, or vice versa. It complicates the expertise and technical capabilities associated with the speed of processing and the ability of an attacker to modify and distort information by remote access, which is not controlled by persons who legally own information, which entails the possibility of restoring the original content of deleted and modified data. These factors are supplemented by technological advances aimed at improving computer technology, implementing new technologies for processing data related to the speed of processing information on the network and the inability to overcome protective equipment when investigating intrusion into a computer system. The tasks of the forensic research are divided into types that allow you to identify, diagnose, classify, reconstruct and search for these traces of modification. The tasks of identification and classification are combined due to the lack of tools among criminologists that allow the identification of a single material object within the framework of issues related to the use of these objects for individualization of the identification of other objects, therefore, when implementing the classification task, it is necessary to strive to reach a narrower classification group, which allows you to distinguish a separate individualizing feature [8].
All standard problems of identification and classification orientation are implemented for definition of type, a type, models and brands of the concrete hardware and software system applied to change of the digital signature. Solving such problems leads to the definition of the type of system or application software, and also allows you to narrow classification characteristics before determining the version of the program or the revision of the test file when inserting a signature into a modified document. In the same way, the types of computer equipment presented are determined up to the identification of types, brands and models, the determination of the sources of information presented on different material media, including the ability to determine the purpose of the equipment, the definition of users and providers of provider services, the time and place of non-authorized changes [9].

Conclusion
In order to carry out a forensic examination of the authenticity of an electronic digital signature, the following materials must be provided for examination: root certificates of an electronic digital signature issued by an authorized organization, electronic documents, the authenticity of which is questionable and the value of the key for verifying an electronic digital signature. The expert is asked the following questions to authenticate a digital signature: • Determine whether the digital signature belongs to the owner of the signature key certificate.
• Have any changes been made to the signature key certificate that cast doubt on the legality of this key?
• Is the signature key certificate valid, is it invalid at the time the document is signed?
• Whether a certificate has been issued in a special authorized organization issuing digital signature key certificates.
• Can the issued key certificate be suspended or revoked at the time the document is certified?
• Are there any unauthorized changes to the digitally signed document?
• Is a genuine digital signature?
• Which type of digital signature was used to certify a specific document?
• Was the authority of the person who certified the document a given digital signature? Thus: The certificate validity study is carried out by standard methods of document examination both in electronic form and on paper. This examination is a new type of research carried out within the framework of technical and computer expertise; however, taking into account the growth of electronic document management, it becomes one level of importance with handwriting and other expertise. In order for the findings of the examination to serve as evidence in the courts, it is necessary to combine qualitative and quantitative assessment methods in order to avoid reducing the level of expert error, to this end it is necessary to expand the fields of integrated research and continue further improvement of research methods. There is a need to revise the relationship between the establishment of the equality of IOP Publishing doi:10.1088/1757-899X/1069/1/012005 6 the signature in the electronic digital version and the direct authorship in the document of doubtful authenticity, which should be taken into account in judicial practice.
In addition, the question related to the limits of the competence of experts involved in establishing the identity of the signature or changes in the document, the expert does not establish the fact of forgery itself -this is a problem within the competence of law enforcement officers, the expert indicates the identity or its absence, accordingly, if the authenticity does not correspond on paper, then the modifications can be established, but the signature made in electronic format sharply reduces the possibility of identification, because attackers can be entered into the program of a fake model, therefore it is necessary to distinguish the concepts of identity, authorship and ownership of the signature to the legitimate owner.