Page 6 - Cyber Warnings
P. 6
Security vulnerabilities: Severe security breaches often lead to an investigation into
the source of the problem. Vulnerabilities could be either intentional malicious code or
accidental bugs in the software. Root cause and remediation are critical for security
vulnerabilities. NIST provides a security incident guide which provides details on
investigation and documentation techniques.
• Software fault analysis: In a more generic case, any software fault may be the subject
of investigation. For example, a monitoring device may provide inaccurate results that
has led to overcharging a customer (household “smart meters”, for example). As such,
techniques used to detect and determine the root cause remain the same.
The Role of Static Analysis
The key aspect of current software forensics techniques is painstaking manual investigation of
source and binary code. Detecting errors or traces of manipulation manually is difficult and time
consuming and automated tools and techniques save time and money.
Static analysis tools have an important role to play in software forensics by automating and
speeding up the error detection process.
Conclusion
Software forensics includes the investigation of source and binary code for the detection of not
just criminal activity but also malicious code, safety software failures, and security incidents. In
most cases, the techniques and tools are similar even if the motivation for the investigation may
not be.
Most important is leveraging tools and best practices in order to establish strong software
forensics techniques.
About The Author
Bill Graham is a seasoned embedded software development manager
with years of development, technical product marketing and product
management experience.
Bill can be reached online at @Bill_Graham and at
http://iot.williamgraham.ca.
6 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide