From Stephen F. Heffner, Heffner@Pennington.com:
I think the most interesting meaning of "forensic software analysis" is the analysis of software itself in support of a civil or criminal case, or of due diligence (e.g. for a merger or acquisition). This falls into a number of possible scenarios:
From http://www.jli.com/fsadefn.html
Definition: Borrowing from a dictionary definition, we define forensic software analysis as the preservation and analysis of computer-based evidence either for discussion by the public or in the Courts.
For commerce, it involves the analysis of existing software products to verify that they are what they are represented to be. This is of interest for example, to those wishing to acquire a software company or products.
For the Courts, this includes examination of computer software, and computer-based evidence (text, audio, and video) involved in litigation. We also specialize in the analysis of failed software development projects; the delivery of an unsatisfactory system, or time/cost overruns.
MichaelFeathers privately asked BillTrost: What is software forensic analysis? I have visions of Quincy cutting open a DLL and talking into a tape recorder... trying to find out who did the dirty deed.
Hmm... what kind of tools does one use to cut open a DLL? OccamsRazor?
Actually, that description is not too far off for a lot of what I have experienced. More often, the question is "was there possibly a dirty deed", but other than than... well, I guess I use a notepad other than a tape recorder.
First and foremost, though, the real deliverable in this work is an explanation (written and ultimately verbal) of technology and technical evidence that can be understood by a judge and jury. If this goal has not been reached, everything else is moot.
Here is a summary of what I have to do to accomplish the above.
-- BillTrost
...we define forensic software analysis as the preservation and analysis of computer-based evidence either for discussion by the public or in the Courts.
Examples:
Interesting term: Forensic Software Analysis. Not one I've heard. Could I suggest it's a little misleading? The more common term is surely Computer Forensic Analysis, or just Computer Forensics.
Am I just nit picking here? I don't think so. There's a big difference between software and computer. The former refers to software, which seems to exclude files, unallocated disk areas... you know... the sort of areas that most likely hold the useful data/information.
There's an interesting introduction and FAQ at: http://www.computerforensicsworld.com. This actually defines it as "The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded"
This sounds a lot more inclusive than simple Forensic Software Analysis.
In this context, I think the term itself is pretty important.
-- Neilz