Tag Archives: forensics

SAFE Corporation Awarded Patent Number Six for its CodeSuite Software Forensics Tool

Leave a comment

The CodeCross function of CodeSuite compares functional source code to commented-out source code

CUPERTINO, CA (February 9, 2015) – Software Analysis & Forensic Engineering Corporation, the leading provider of forensic tools for software copyright and trade secret analysis, had its sixth patent allowed covering its CodeSuite® tool for comparing software code to help detect copyright infringement.

This latest patent is entitled “Detecting Plagiarism in Computer Source Code” and covers the CodeCross functionality that compares functional code to non-functional code. CodeSuite is the only commercially successful tool for comparing computer source code and object code to find infringement that has been accepted by the courts. It has been used successfully in over 70 intellectual property litigations worldwide. CodeSuite has been recognized by the USPTO as a unique invention. Our customers agree.

“Other programs that compare software don’t provide any understanding about the comparison or the results,” according to Gary Stringham of Gary Stringham & Associates, who has used CodeSuite in his expert witness cases. “Things match or they don’t. Only CodeSuite allows me to delve into the reasons for the matches, search the Internet for comparable third-party code, and then systematically filter out false positives. This means I can focus on possible infringement very quickly. Or, if nothing is left after filtering, I have a very strong argument against infringement.”

“CodeSuite has survived every challenge in court that it’s ever faced,” says Bob Zeidman, president of SAFE Corporation and inventor of CodeSuite. “Judges and juries like the quantitative, objective measurements produced by CodeSuite when they’re produced by a qualified expert trained in the tool. We provide online certification courses that give lawyers confidence that the expert knows how to use the tool and produce rock solid results that will stand up to scrutiny in court.”

CodeSuite 4.7 is available now and can be purchased on a term license or project basis. Project pricing is based on the size of code analyzed and the specific function used for the analysis. Pricing varies from $10 per megabyte for CodeCross® to $400 per megabyte for CodeMatch®. A six-month unlimited use license for CodeSuite is $50,000. A limited feature version of the program, CodeSuite-LT, is available for a six-month unlimited license for $3,000. Free trial licenses can be requested by contacting sales@SAFE-corp.biz.

Was the Microsoft Empire Built on Stolen Goods?

The history of the computer industry is filled with fascinating tales of sudden riches and lost opportunities. Take that of Ronald Wayne, who cofounded Apple Computer with Steve Wozniak and Steve Jobs but sold his shares for just US $2,300. And John Atanasoff, who proudly showed his digital computer design to John Mauchly who later codesigned the Eniac, typically recognized as the first electronic computer, without credit to Atanasoff. Perhaps the most famous story of missed fame and fortune is that of Gary Kildall. A pioneer in computer operating systems, Kildall started the company Digital Research and wrote Control Program for Microcomputers (CP/M), the operating system used on many of the early hobbyist personal computers, such as the MITS Altair 8800, the IMSAI 8080, and the Osborne 1, before IBM introduced its own PC. Kildall could have been the king of personal computer software, but instead that title went to his small-time rival Bill Gates. For years, rumors have circulated that the code for the original DOS operating system sold by Microsoft is actually copied from the CP/M operating system developed by Digital Research.

A couple years ago we took it upon ourselves to search out the original code and use CodeSuite to determine the truth once and for all. Our research was summarized in a popular (and not-so-popular) article in IEEE Spectrum entitled Did Bill Gates Steal the Heart of DOS? If you haven’t read it, you should. It’s a fun read but it only summarizes our exhaustive results using our tools and procedures for finding copied code. The article generated a lot of controversy and we always intended to publish the full technical details of our analysis, but it’s surprising how many people don’t like our conclusion and wouldn’t publish my paper. But now the full academic paper entitled A Code Correlation Comparison of the DOS and CP/M Operating Systems is available online in the Journal of Software Engineering and Applications. If you want to know the details, and you want to know the truth, it’s in the article and the details are in the paper.

Job Opening: Software Forensic Engineer

1 Comment

Zeidman Consulting, a leading research and development company (and sister  company to SAFE Corporation), is looking to hire a full-time software forensic engineer. Acting as a high-tech sleuth, this person will analyze and reverse-engineer software using CodeSuite® and other state-of-the-art software tools, helping to resolve lawsuits involving hundreds of millions or billions of dollars. The employee will also work on one of several ongoing cutting edge research projects. These projects often lead to publication in academic journals, presentations at conferences, patents, and new product spinoffs. Past and ongoing projects include:

  • CodeMatch®, a program for comparing and measuring the similarity of different programs.
  • CodeGrid®, a computer grid-enabled version of CodeMatch®.
  • HTML Preprocessor™, a tool for breaking complex HTML pages into components consisting of text, pure HTML, JavaScript, images, etc.
  • RPG, a tool for automatically generating expert reports for copyright, trade secret, and patent litigation.

A successful candidate will need the following attributes:

  • At least a bachelor’s degree in computer science or equivalent. Advanced degree is preferred.
  • Excellent programming skills in one or more programming languages.
  • Ability to work independently on projects that are not well-defined.
  • Excellent verbal and writing skills for creating detailed specifications and reports.
  • Ability to work on multiple projects simultaneously and to switch projects suddenly as the need arises.
  • Enjoys working long hours on interesting projects, including weekends when projects hit critical periods.
  • Enjoys free time when projects are not in critical periods.

Zeidman Consulting pays above average salaries with profit-sharing and provides health insurance and paid time off for holidays, vacation, and illness. To apply, please email a resume to Info@ZeidmanConsulting.com.

Be a Pioneer in the Field of Software Forensics

I hope you’re all aware of my book The Software IP Detective’s Handbook: Measurement, Comparison, and Infringement Detection. It’s the first book on Software Forensics, a field that I pioneered at Software Analysis and Forensic Engineering and Zeidman Consulting. Whereas Digital Forensics deals with bits and files, without any detailed knowledge of the meaning of the data, Software Forensics deals with analysis of software using detailed knowledge of its syntax and functionality to perform analysis to find stolen code and stolen trade secrets. The algorithms described in the book have been used in many court cases. The book also describes algorithms for measuring software evolution, particularly as it relates to IP changes.

If you are a teacher, this is a great time to incorporate the materials in the book into your courses on software development, intellectual property law, business management, and computer science. There’s something for everyone in the various chapters of the book. Your students and you will be at the forefront of an important and very new field of study.

If you’re interested, please contact me.

HTML Preprocessor Released

S.A.F.E. recently released the HTML Preprocessor. The HTML Preprocessor is designed to transform web pages into files that are amenable to analysis by CodeSuite, DocMate, and other source code analysis tools. The HTML Preprocessor examines HTML files and other markup language files and extracts all embedded code into separate files. These files each contain only one kind of code that can be easily analyzed and compared using CodeSuite and DocMate. The code contained in these generated files are:

  • Scripts such as JavaScript and VBScript
  • Cascading style sheets (CSS)
  • Comment text containing HTML comments
  • Message text containing HTML user messages
  • HTML tags
  • Pure HTML
  • Pseudocode representation of the HTML

The Software IP Detective’s Handbook

Leave a comment

My book on software intellectual property, a labor of love (and hate) for the last two years, has just been published by Prentice-Hall. The book is intended for several different audiences including computer scientists, computer programmers, business managers, lawyers, engineering consultants, expert witnesses, and high-tech entrepreneurs. Some chapters give easy-to-understand explanations of intellectual property concepts including copyrights, patents, and trade secrets. Other chapters are highly mathematical treatments describing quantitative ways of comparing and measuring software and software IP. The first chapter of the book outlines which chapters are most important for the different audiences.

Overall the book covers the following topics:

  • Key concepts of software intellectual property
  • Comparing and correlating source code for signs of theft or infringement
  • Uncovering signs of copying in object code when source code is inaccessible
  • Tracking malware and third-party code in applications
  • Using software clean rooms to avoid IP infringement
  • Understanding IP issues associated with patents, open source, and DMCA

You can purchase your copy from Amazon.com here.

ADFSL 2011 Conference on Digital Forensics, Security and Law

Leave a comment

Last year my consulting company presented a paper entitled Measuring Whitespace Patterns As An Indication of Plagiarism that examined and tested the concept that patterns of whitespace in two source code files can be used to determine whether one program was copied from the other. The conference was an enjoyable three days in St. Paul, Minnesota. We even got a tour of the Forensic Science Laboratory of the Bureau of Criminal Apprehension where we learned the real forensic science used to catch criminals (the CSI TV shows are a “little bit” exaggerated, but the reality is just as interesting).

This year the conference will be at Longwood University in Richmond, Virginia from May 25 through 27. I’m serving on the conference committee. We’re looking for paper, presentation, and panel submissions in the following areas:

Curriculum

1. Digital Forensics Curriculum
2. Cyber Law Curriculum
3. Information Assurance Curriculum
4. Accounting Digital Forensics Curriculum

Teaching Methods

5. Digital Forensics Teaching Methods
6. Cyber Law Teaching Methods
7. Information Assurance Teaching Methods
8. Accounting Digital Forensics Teaching Methods

Cases

9. Digital Forensics Case Studies
10. Cyber Law Case Studies
11. Information Assurance Case Studies
12. Accounting Digital Forensics Case Studies

Information Technology

13. Digital Forensics And Information Technology
14. Cyber Law And Information Technology
15. Information Assurance And Information Technology
16. Accounting Digital Forensics Information Technology

Networks And The Internet

17. Digital Forensics And The Internet
18. Cyber Law And The Internet
19. Information Assurance And Internet
20. Digital Forensics Accounting And The Internet

Anti-Forensics And Counter Anti-Forensics

21. Steganography
22. Stylometrics And Author Attribution
23. Anonymity And Proxies
24. Encryption And Decryption

International Issues

25. International Issues In Digital Forensics
26. International Issues In Cyber Law
27. International Issues In Information Assurance
28. International Issues In Accounting Digital Forensics

Theory

29. Theory Development In Digital Forensics
30. Theory Development In Information Assurance
31. Methodologies For Digital Forensic Research
32. Analysis Techniques For Digital Forensic And Information Assurance Research

Digital Rights Management (DRM)

33. DRM Issues In Digital Forensics
34. DRM Issues In Information Technology
35. DRM Issues In Information Assurance
36. DRM Issues In Cyber Law

Privacy Issues

37. Privacy Issues In Digital Forensics
38. Privacy Issues In Information Assurance
39. Privacy Issues In Cyber Law
40. Privacy Issues In Digital Rights Management

Software Forensics

41. Software Piracy Investigation
42. Software Quality Forensics

Other Topics

43. Cyber Culture And Cyber Terrorism

The deadline for submissions is February 19. The website for the conference is at http://www.digitalforensics-conference.org where you’ll find more information about the conference, the venue, and submission guidelines.