Software contains source codes and object codes. Source code is in textual form, written by a computer programmer in a computer programming language. Object code is also in textual form, but automatically produced from the source code. Both these textual forms comprise several formal elements, most of which are forensically important in establishing software-related culpability. This chapter discusses first the forensically important formal elements in software and then the forensic importance of various measures based on these formal elements.
Formal elements in the forensics of software can be looked at from two different perspectives: those that are technically and digitally an integral part of the software and those that are part of the ancillary aspects like the program manual, which can be non-technical. While both have forensic significance, this chapter focuses on the forensic importance of the former. To make it clearer, the basic and forensically important software elements found in the source code, object code, databases, watermarks, library routines, plug-in files etc. (which, in a court case, are all various parts of the plaintiff’s and the defendant’s software) are the focus areas of this chapter.
The most basic elements of any software program include its data structures, algorithms, expressions, loops, system calls, function routines, macros, data bases and other similar components. Most of them are sub-parts of software while a few are allied documents. In addition to these basic elements, there are other important elements in any software and they are errors, use of language features, formatting, comment styles, spelling, grammar, execution paths, bugs, metrics etc., all of which are not literally part of the software but are naturally formed out of functional or programming requirements or design patterns or implementation choices. Generally, all these basic and other elements can be considered as the outcome of engineering implementations of a variety of design and programming entities, patterns, practices, and traditions. They include the nomenclature tradition of the software developer for naming various entities in the program, the logic of the program, the errors, and the comments.
All the elements mentioned above are formal and technical by nature. Just as all these elements are important in the development, implementation and maintenance of software, they are important in software forensics too. Software forensics is usually carried out focusing on these elements in order to establish culpability.
Role of Software Elements in General Software Forensics
Software forensics often operates along two dimensions: software copyright infringement and software authorship identification (See Figure 1 and also Appendix 1). The objective of software copyright infringement forensics is to establish a copyright infringement claim of ideas and expressions used in the software while that of software authorship identification is to identify the author of software (say, of a malicious software package like a virus or a malware). As the objectives are different, these two are often treated as different forensic tasks. However, both require analysis of all the above mentioned software elements and all these elements can provide adequate evidence to establish culpability in both these forensic situations. In both software copyright infringement forensics and software authorship analysis, the code level analysis needs to be performed along some or all these elements of the program. Additionally, in order to establish copyright infringement claims, both the plaintiff’s program and the defendant’s program need to be compared with each other along all the software elements in order to find out the similarities and commonalities and to dig out the pieces of potential evidence of infringement.
Figure 1. Software forensics operates along two dimensions