Міжвідомчий Науково-методичний збірник
"Криміналістика і судова експертиза"
ISSN: 2786-7072 (Online); ISSN: 2786-7080 (Print)
PDF A2fc25cb69 344 352 Завантажень: 65, розмiр: 1.5 MB

H. Kutso; S. Yulov


The article deals with the actual problem of expert research of the system of refilling (termination of VoIP traffic), principles of construction and the equipment most often used for such systems. From the legislative point of view, the organization of refiling is a violation of the established procedure for routing long-distance and international telephone connections, which leads to significant damage for telecom operators and, ultimately, to a stateʼs damage in the form of lost tax deductions. The total damage from the use of such systems can be estimated in millions of dollars annually.

Currently, in the expert practice of Ukraine there are no methods for studying this type of systems. In particular, there are not even systematized methodological approaches to their research, which makes the article relevant and useful in expert practice and as a ready-to-use research manual and as a basis for further development of methodological approaches to this type of research objects.

The article covers the most common refiling equipment and it is not a detailed instruction. But, at the same time, the principles stated in the article allow the expert to easily determine the direction of the research in the case when experts receive for the research the equipment different from that described in this article. In spite of the fact that communication operators, for their part, are trying to counteract the work of the refiling systems in order to block their work — the attackers, for their part, use methods to bypass the operatorsʼ counteraction. This article discusses commonly used methods of circumvention and describes the software used and the approaches of the refiling system for this purpose.

The core of the refiling system is a personal computer, in memory of which there are certain tracks as caused by the operation of the system itself, and left by the attacker who served it. The article describes the approaches to the search and identification of these tracks.