Young scientists Novosibirsk State Technical University (NSTU) has developed utilities for the domestic Astra Linux OS for the first time. The programs will automate the collection of digital evidence of cyber attacks as part of cybersecurity.
NSTU-NETI continues to work on improving the ways to protect the information system from cyber attacks. Recently, hackers have been using not only software traps, but also social engineering. Attackers are tricked into downloading malicious files and clicking on dangerous links.
It is possible to detect digital traces of such illegal activities using special programs, but, as a rule, they are presented for Windows systems both in the commercial segment and among open source projects. There were no such utilities for the domestic Linux OS before.
The team of the youth laboratory for the study of the security of the domestic software code and computer forensics of NSTU-NETI undertook to eliminate this gap. Currently, work is underway on a large set of utilities for conducting events within the framework of investigating computer incidents.
"We are registering the first instance of a set of utilities for collecting digital evidence from Astra Linux operating systems, and at the same time we are formalizing an approach to investigating computer attacks and incidents using domestic solutions using international best practices," said Ivan Nikroshkin, head of the youth laboratory.
According to the developer, during the initial collection of digital evidence, experts plan to get as much information as possible from the affected system. "In addition to standard images, dumps, and logs, we pay special attention to built-in protection mechanisms that significantly enrich the data we receive. Our actual task is to go through the process of investigating information security incidents, and the more problems there are, the more utilities there will be," said Ivan Nikroshkin.
He also stressed that the work of the laboratory within the framework of digital security is an ongoing process. Both the developers of domestic software and the attackers do not stand still, therefore, it will be necessary to solve the tasks of protecting information systems, including expanding the set of utilities, as technical challenges arise.
The youth laboratories were established at NSTU-NETI as part of the Priority 2030 academic leadership program and are thematically linked to strategic projects implemented under the program.
Earlier, NSTU-NETI launched its own educational cyberpolygon.