SOFTWARE LAUNCH ARTIFACTS IDENTIFICATION PROCESS MODEL ON WINDOWS OPERATING SYSTEMS USED IN INFORMATION SECURITY INCIDENTS INVESTIGATION

The article presents a software launch facts detecting process model used in an information
security incidents investigation. The model is based on the mathematical apparatus of Petri
nets, which have proven themselves in the description of complex systems in which synchronous and asynchronous, serial and parallel processes can be performed. The input data of the
proposed model are tuples containing features related to the fact of launching the program: the
name and full path to the file, the launch time and the source of information about the launch.
The article briefly describes the main data arrays that contain the necessary information about
starting the program. The proposed model can be expanded when new data arrays appear, and
can also be used as the basis for creating a tool for automating information collection and
analysis, which will allow a specialist conducting an information security incident investigation
to speed up the process of identifying and eliminating the consequences of an incident.