Page 5 - Cyber Warnings
P. 5
Software Forensics: Beyond the Law
by Bill Graham, Technical Marketing Consultant, GrammaTech
Introduction:
Traditionally, the term "forensics" is the use of science to discover evidence of criminal activity.
Extending this to software broadens the use case to consider all of the purposes of software
investigation techniques. Many of these fall outside criminal investigation into civil cases (e.g.
safety failures) or commercial (product failures), or investigation into security breaches.
Beyond the Law
Investigating software mishaps is important in many industries.
Although the required results may not be associated with crime, they
are similar to desired evidence gathered during a criminal
investigation of software.
A prime example would be the investigation of a software failure that
has led to an accident resulting in injury, loss of life, or property.
Investigators would use similar approaches even if criminal activity or
negligence wasn’t suspected.
Investigation is bound to require analyzing source code and binary
code to detect errors as well as the cause and effect of these errors to the failure.
Software forensics is about the techniques, tools, and required results -- not necessarily the
intent of the investigation. In all cases, evidence collection is the goal.
Broadening Software Forensics
When we broaden the definition of software forensics, the term encompasses any activity that
requires analysis of source and binary code for the purposes of investigation, post mortem
analysis, or preventive measures. Some examples of use cases for software forensics include
the following (but not limited by this list):
• Malicious code: Detecting malicious code and tracking down its author is a common
software forensics scenario. This code is often written on purpose but with hidden
intentions. Detection can be difficult with manual techniques, especially beforehand,
meaning manual inspections and regular software testing often fail to reveal malicious
code.
• Safety incidents: Software failures in safety-critical systems have potentially high
impact on persons and property, and manufacturers are obliged to track down and
investigate the root cause of these problems. Investigations may be initiated to settle
civil suits or to investigate and prevent future incidents.
5 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
